Jump to content

x99thomas

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral
  1. It scanned for 5 hours, but no threats found. I can't thank you enough for your help.
  2. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4146 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/26/2010 3:17:57 PM mbam-log-2010-05-26 (15-17-57).txt Scan type: Full scan (C:\|) Objects scanned: 363763 Time elapsed: 1 hour(s), 43 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{42532E66-F56A-4D6A-B1CD-7CCDE0CB0A37}\RP0\A0002046.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
  3. I think I am running good now. I just want to confirm that its fine for me to run defogger again to reinstate the cd emulating software before I forget its disabled.
  4. ComboFix 10-05-25.02 - Blake 05/26/2010 1:57.9.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1390 [GMT -7:00] Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Blake\Desktop\CFScript.txt AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\netbt.sys --> c:\windows\system32\drivers\netbt.sys . ((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 ))))))))))))))))))))))))))))))) . 2010-05-23 19:05 . 2006-08-17 15:55 44544 ----a-r- c:\windows\system32\drivers\bcm4sbxp.sys 2010-05-23 19:05 . 2010-05-23 19:05 -------- d-----w- c:\program files\Broadcom 2010-05-23 08:47 . 2010-05-23 08:47 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\PCHealth 2010-05-23 08:47 . 2010-05-23 08:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-05-23 04:39 . 2010-05-23 04:39 -------- d-----w- c:\program files\Trend Micro 2010-05-23 02:17 . 2010-05-23 02:17 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-05-23 01:46 . 2010-05-23 01:46 -------- d-sh--w- c:\documents and settings\Administrator.BDL\IETldCache 2010-05-23 01:22 . 2010-05-23 02:54 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\qxrxjddne 2010-05-12 03:58 . 2010-05-12 03:58 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-12 03:55 . 2010-05-12 03:55 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-05-12 03:55 . 2010-05-12 03:55 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-05-12 03:52 . 2010-05-12 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-05-12 01:13 . 2010-05-12 01:13 45 ----a-w- c:\documents and settings\Blake\Local Settings\Application Data\machpro.dat 2010-05-12 01:13 . 2010-05-12 01:13 13094 ----a-r- c:\documents and settings\Blake\Application Data\Microsoft\Installer\{10289533-8C81-454C-9F61-B7E85436FBF4}\_D4D83B804B6DAFCEC78109.exe 2010-05-12 01:13 . 2010-05-12 01:13 13094 ----a-r- c:\documents and settings\Blake\Application Data\Microsoft\Installer\{10289533-8C81-454C-9F61-B7E85436FBF4}\_569B488E6E5958FADB5C1A.exe 2010-05-10 22:59 . 2010-05-10 22:59 -------- d-----w- c:\windows\system32\XPSViewer 2010-05-10 22:59 . 2010-05-10 22:59 -------- d-----w- c:\program files\Reference Assemblies 2010-05-10 22:58 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-05-10 22:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-05-10 22:58 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-05-10 22:58 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-05-10 22:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-05-10 22:58 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-05-10 22:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-05-10 22:58 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-05-10 22:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-05-10 22:58 . 2010-05-10 22:59 -------- d-----w- C:\0e5bad5a42b855a025e80a8717cc8b 2010-05-10 22:40 . 2010-05-10 22:40 -------- d-sh--w- c:\documents and settings\Blake\IECompatCache 2010-05-10 22:40 . 2010-05-10 22:40 -------- d-sh--w- c:\documents and settings\Blake\PrivacIE 2010-05-10 22:24 . 2010-05-10 22:24 -------- d-sh--w- c:\documents and settings\Blake\IETldCache 2010-05-10 17:40 . 2010-05-10 17:41 -------- d-----w- c:\windows\ie8updates 2010-05-10 17:28 . 2010-05-10 17:35 -------- dc-h--w- c:\windows\ie8 2010-05-10 17:21 . 2010-05-12 18:21 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-10 17:20 . 2010-05-10 17:20 -------- d-----w- c:\windows\system32\MpEngineStore 2010-05-10 17:16 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-05-10 17:16 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-05-10 17:15 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-05-10 17:15 . 2010-05-10 17:15 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-05-10 17:14 . 2010-05-10 17:14 -------- d-----w- C:\d5d6b62b0017efcf097861df48cf 2010-05-09 00:51 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll 2010-05-09 00:50 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-05-09 00:49 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-05-09 00:49 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-05-09 00:49 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-05-09 00:45 . 2008-04-14 12:42 4274816 ------w- c:\windows\system32\nv4_disp.dll 2010-05-09 00:42 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-05-09 00:42 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-05-09 00:42 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2010-05-09 00:42 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-05-09 00:42 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-05-09 00:42 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2010-05-09 00:42 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-05-09 00:42 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-05-09 00:41 . 2010-05-09 00:46 -------- d-----w- c:\windows\ServicePackFiles 2010-05-09 00:40 . 2010-01-29 15:01 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2010-05-09 00:35 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2010-05-09 00:35 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-05-02 20:57 . 2010-05-02 20:57 -------- d-----w- c:\documents and settings\Blake\Application Data\Webroot 2010-05-02 20:55 . 2010-05-02 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Geek Squad 2010-04-28 19:54 . 2010-04-28 19:54 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2010-04-28 19:53 . 2008-04-14 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-04-28 19:49 . 2004-09-29 19:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll 2010-04-28 19:49 . 2004-09-29 19:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe 2010-04-28 19:49 . 2004-09-29 19:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll 2010-04-28 19:49 . 2004-09-29 19:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll 2010-04-28 19:49 . 2004-09-29 19:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll 2010-04-28 19:49 . 2004-09-29 19:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe 2010-04-28 19:49 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe 2010-04-28 19:49 . 2010-04-28 19:49 -------- d-----w- c:\program files\HP 2010-04-28 19:48 . 2010-04-28 19:54 102262 ----a-w- c:\windows\hpoins05.dat 2010-04-28 19:48 . 2005-06-22 14:03 17505 ------w- c:\windows\hpomdl07.dat 2010-04-28 19:48 . 2005-03-08 19:43 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys 2010-04-28 19:48 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys 2010-04-28 19:48 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys 2010-04-28 19:48 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll 2010-04-28 19:48 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll 2010-04-28 19:48 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll 2010-04-28 19:48 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll 2010-04-28 19:48 . 2005-03-08 19:39 274432 ----a-w- c:\windows\system32\HPZc3212.dll 2010-04-28 19:48 . 2005-03-18 18:32 180315 ----a-w- c:\windows\system32\hpzsnt12.dll 2010-04-28 19:47 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll 2010-04-28 19:47 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll 2010-04-27 02:24 . 2010-04-27 02:24 -------- d-----w- c:\documents and settings\Blake\Bluetooth Software 2010-04-27 02:22 . 2009-06-19 04:48 45984 ----a-w- c:\windows\system32\drivers\btwusb.sys 2010-04-27 02:22 . 2008-09-26 16:30 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys 2010-04-27 02:22 . 2007-09-20 19:59 106557 ----a-w- c:\windows\system32\btw_ci.dll 2010-04-27 02:22 . 2009-05-11 22:45 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys 2010-04-27 02:22 . 2008-07-25 01:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys 2010-04-27 02:22 . 2008-02-05 01:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys 2010-04-27 02:22 . 2009-04-16 02:13 991136 ----a-w- c:\windows\system32\drivers\btkrnl.sys 2010-04-27 02:22 . 2009-06-19 04:48 533024 ----a-w- c:\windows\system32\drivers\btaudio.sys 2010-04-27 02:21 . 2010-04-27 02:21 -------- d-----w- c:\program files\WIDCOMM 2010-04-26 23:20 . 2006-06-07 00:05 139264 ----a-w- c:\windows\system32\igfxres.dll 2010-04-26 22:45 . 2010-04-26 22:47 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\Deployment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-26 07:16 . 2007-11-15 22:23 -------- d-----w- c:\program files\RSSoft 2010-05-26 07:15 . 2009-02-25 00:46 -------- d-----w- c:\documents and settings\Blake\Application Data\Orbit 2010-05-25 21:15 . 2007-11-15 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-05-24 01:53 . 2008-02-01 02:44 -------- d-----w- c:\program files\Full Tilt Poker 2010-05-23 04:56 . 2008-05-30 19:31 -------- d-----w- c:\documents and settings\Blake\Application Data\U3 2010-05-23 03:41 . 2007-11-15 20:00 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-05-23 01:55 . 2008-09-21 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-22 23:31 . 2008-07-01 23:21 -------- d-----w- c:\documents and settings\Blake\Application Data\uTorrent 2010-05-22 19:07 . 2007-11-15 21:18 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-22 18:13 . 2007-11-15 20:07 72344 ----a-w- c:\documents and settings\Blake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-12 01:13 . 2010-01-06 01:41 -------- d-----w- c:\program files\TableNinjaFT 2010-05-11 20:36 . 2007-11-26 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-05-11 02:08 . 2008-07-18 23:28 -------- d-----w- c:\program files\Common Files\Stardock 2010-05-11 01:57 . 2008-07-18 23:28 -------- d-----w- c:\program files\AlienGUIse 2010-05-10 22:59 . 2007-11-26 23:49 -------- d-----w- c:\program files\MSBuild 2010-05-10 22:11 . 2008-05-30 22:41 -------- d-----w- c:\program files\Unlocker 2010-05-09 10:43 . 2009-11-01 20:27 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-09 10:15 . 2007-11-26 23:49 -------- d-----w- c:\program files\Microsoft Works 2010-05-09 00:51 . 2007-11-15 08:03 87747 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-04-29 22:39 . 2008-09-21 03:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39 . 2008-09-21 03:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 21:33 . 2007-11-15 08:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-03-19 07:04 . 2010-03-24 01:00 163840 ----a-w- c:\windows\system32\svcmsdebug.exe 2010-03-10 21:05 . 2009-11-23 22:39 79488 ----a-w- c:\documents and settings\Blake\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-10 06:15 . 2004-08-10 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2008-10-22 19:31 . 2008-10-22 19:31 0 ----a-w- c:\program files\Common Files\dht342126 2008-09-21 03:18 . 2008-09-21 03:18 822 ----a-w- c:\program files\imghz.txt 2008-04-17 17:04 . 2007-12-14 17:29 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2008-04-17 17:04 . 2007-12-14 17:29 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2008-04-17 17:04 . 2008-04-17 17:04 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2008-04-17 17:04 . 2008-04-17 17:04 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2006-05-03 09:06 . 2008-05-23 22:45 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2008-05-23 22:45 31232 --sha-r- c:\windows\system32\msfDX.dll 2007-12-17 12:43 . 2008-05-23 22:52 27648 --sha-w- c:\windows\system32\Smab0.dll . ((((((((((((((((((((((((((((( SnapShot_2010-05-25_19.46.56 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-26 07:14 . 2010-05-26 07:14 16384 c:\windows\Temp\Perflib_Perfdata_5a4.dat + 2004-08-10 11:00 . 2008-04-14 07:51 162816 c:\windows\system32\dllcache\netbt.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Red Swoosh"="c:\program files\RSSoft\RedSwoosh.exe" [2007-02-27 62436] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-15 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 393944] "DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2007-02-22 140184] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 136600] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704] "MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 53248] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-07 118784] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\Blake\Start Menu\Programs\Startup\ Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-7-18 2074360] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-20 607584] Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-2-24 1719568] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2007-11-15 19:39 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2007-04-27 20:10 18744 ----a-w- c:\windows\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 06:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-09-01 23:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-11-15 21:11 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B179023B-6238-4499-8F26-CD73E9D90E0A}] 2007-07-12 18:57 179288 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDrive.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [9/5/2007 4:01 PM 277888] R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2/28/2007 12:15 PM 19072] R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2/28/2008 1:24 PM 140184] R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [5/1/2007 3:55 PM 143360] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 1:33 AM 135664] S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [11/18/2007 12:25 PM 375424] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 1:22 PM 34064] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/17/2008 11:53 AM 717296] . Contents of the 'Scheduled Tasks' folder 2010-05-26 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-15 08:40] 2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 08:33] 2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 08:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\uysb827j.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\Blake\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Blake\Application Data\Move Networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\Blake\Application Data\Mozilla\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-26 02:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(768) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll c:\windows\system32\PCANotify.dll c:\program files\AlienGUIse\fastload.dll - - - - - - - > 'explorer.exe'(4080) c:\windows\system32\WININET.dll c:\program files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-05-26 02:04:45 ComboFix-quarantined-files.txt 2010-05-26 09:04 ComboFix2.txt 2010-05-26 08:42 ComboFix3.txt 2010-05-26 07:32 ComboFix4.txt 2010-05-26 06:49 ComboFix5.txt 2010-05-26 08:56 Pre-Run: 15,190,134,784 bytes free Post-Run: 15,137,370,112 bytes free - - End Of File - - 4ED9D7BF995526FB47E8CA9A913E6F52
  5. ComboFix 10-05-25.02 - Blake 05/26/2010 1:34.8.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1465 [GMT -7:00] Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Blake\Desktop\CFScript.txt AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 ))))))))))))))))))))))))))))))) . 2010-05-23 19:05 . 2006-08-17 15:55 44544 ----a-r- c:\windows\system32\drivers\bcm4sbxp.sys 2010-05-23 19:05 . 2010-05-23 19:05 -------- d-----w- c:\program files\Broadcom 2010-05-23 08:47 . 2010-05-23 08:47 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\PCHealth 2010-05-23 08:47 . 2010-05-23 08:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-05-23 04:39 . 2010-05-23 04:39 -------- d-----w- c:\program files\Trend Micro 2010-05-23 02:17 . 2010-05-23 02:17 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-05-23 01:46 . 2010-05-23 01:46 -------- d-sh--w- c:\documents and settings\Administrator.BDL\IETldCache 2010-05-23 01:22 . 2010-05-23 02:54 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\qxrxjddne 2010-05-12 03:58 . 2010-05-12 03:58 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-12 03:55 . 2010-05-12 03:55 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-05-12 03:55 . 2010-05-12 03:55 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-05-12 03:52 . 2010-05-12 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-05-12 01:13 . 2010-05-12 01:13 45 ----a-w- c:\documents and settings\Blake\Local Settings\Application Data\machpro.dat 2010-05-12 01:13 . 2010-05-12 01:13 13094 ----a-r- c:\documents and settings\Blake\Application Data\Microsoft\Installer\{10289533-8C81-454C-9F61-B7E85436FBF4}\_D4D83B804B6DAFCEC78109.exe 2010-05-12 01:13 . 2010-05-12 01:13 13094 ----a-r- c:\documents and settings\Blake\Application Data\Microsoft\Installer\{10289533-8C81-454C-9F61-B7E85436FBF4}\_569B488E6E5958FADB5C1A.exe 2010-05-10 22:59 . 2010-05-10 22:59 -------- d-----w- c:\windows\system32\XPSViewer 2010-05-10 22:59 . 2010-05-10 22:59 -------- d-----w- c:\program files\Reference Assemblies 2010-05-10 22:58 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-05-10 22:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-05-10 22:58 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-05-10 22:58 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-05-10 22:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-05-10 22:58 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-05-10 22:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-05-10 22:58 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-05-10 22:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-05-10 22:58 . 2010-05-10 22:59 -------- d-----w- C:\0e5bad5a42b855a025e80a8717cc8b 2010-05-10 22:40 . 2010-05-10 22:40 -------- d-sh--w- c:\documents and settings\Blake\IECompatCache 2010-05-10 22:40 . 2010-05-10 22:40 -------- d-sh--w- c:\documents and settings\Blake\PrivacIE 2010-05-10 22:24 . 2010-05-10 22:24 -------- d-sh--w- c:\documents and settings\Blake\IETldCache 2010-05-10 17:40 . 2010-05-10 17:41 -------- d-----w- c:\windows\ie8updates 2010-05-10 17:28 . 2010-05-10 17:35 -------- dc-h--w- c:\windows\ie8 2010-05-10 17:21 . 2010-05-12 18:21 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-10 17:20 . 2010-05-10 17:20 -------- d-----w- c:\windows\system32\MpEngineStore 2010-05-10 17:16 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-05-10 17:16 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-05-10 17:15 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-05-10 17:15 . 2010-05-10 17:15 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-05-10 17:14 . 2010-05-10 17:14 -------- d-----w- C:\d5d6b62b0017efcf097861df48cf 2010-05-09 00:51 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll 2010-05-09 00:50 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-05-09 00:49 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-05-09 00:49 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-05-09 00:49 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-05-09 00:45 . 2008-04-14 12:42 4274816 ------w- c:\windows\system32\nv4_disp.dll 2010-05-09 00:42 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-05-09 00:42 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-05-09 00:42 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2010-05-09 00:42 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-05-09 00:42 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-05-09 00:42 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2010-05-09 00:42 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-05-09 00:42 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-05-09 00:41 . 2010-05-09 00:46 -------- d-----w- c:\windows\ServicePackFiles 2010-05-09 00:40 . 2010-01-29 15:01 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2010-05-09 00:35 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2010-05-09 00:35 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-05-02 20:57 . 2010-05-02 20:57 -------- d-----w- c:\documents and settings\Blake\Application Data\Webroot 2010-05-02 20:55 . 2010-05-02 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Geek Squad 2010-04-28 19:54 . 2010-04-28 19:54 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2010-04-28 19:53 . 2008-04-14 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-04-28 19:49 . 2004-09-29 19:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll 2010-04-28 19:49 . 2004-09-29 19:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe 2010-04-28 19:49 . 2004-09-29 19:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll 2010-04-28 19:49 . 2004-09-29 19:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll 2010-04-28 19:49 . 2004-09-29 19:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll 2010-04-28 19:49 . 2004-09-29 19:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe 2010-04-28 19:49 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe 2010-04-28 19:49 . 2010-04-28 19:49 -------- d-----w- c:\program files\HP 2010-04-28 19:48 . 2010-04-28 19:54 102262 ----a-w- c:\windows\hpoins05.dat 2010-04-28 19:48 . 2005-06-22 14:03 17505 ------w- c:\windows\hpomdl07.dat 2010-04-28 19:48 . 2005-03-08 19:43 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys 2010-04-28 19:48 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys 2010-04-28 19:48 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys 2010-04-28 19:48 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll 2010-04-28 19:48 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll 2010-04-28 19:48 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll 2010-04-28 19:48 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll 2010-04-28 19:48 . 2005-03-08 19:39 274432 ----a-w- c:\windows\system32\HPZc3212.dll 2010-04-28 19:48 . 2005-03-18 18:32 180315 ----a-w- c:\windows\system32\hpzsnt12.dll 2010-04-28 19:47 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll 2010-04-28 19:47 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll 2010-04-27 02:24 . 2010-04-27 02:24 -------- d-----w- c:\documents and settings\Blake\Bluetooth Software 2010-04-27 02:22 . 2009-06-19 04:48 45984 ----a-w- c:\windows\system32\drivers\btwusb.sys 2010-04-27 02:22 . 2008-09-26 16:30 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys 2010-04-27 02:22 . 2007-09-20 19:59 106557 ----a-w- c:\windows\system32\btw_ci.dll 2010-04-27 02:22 . 2009-05-11 22:45 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys 2010-04-27 02:22 . 2008-07-25 01:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys 2010-04-27 02:22 . 2008-02-05 01:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys 2010-04-27 02:22 . 2009-04-16 02:13 991136 ----a-w- c:\windows\system32\drivers\btkrnl.sys 2010-04-27 02:22 . 2009-06-19 04:48 533024 ----a-w- c:\windows\system32\drivers\btaudio.sys 2010-04-27 02:21 . 2010-04-27 02:21 -------- d-----w- c:\program files\WIDCOMM 2010-04-26 23:20 . 2006-06-07 00:05 139264 ----a-w- c:\windows\system32\igfxres.dll 2010-04-26 22:45 . 2010-04-26 22:47 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\Deployment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-26 07:16 . 2007-11-15 22:23 -------- d-----w- c:\program files\RSSoft 2010-05-26 07:15 . 2009-02-25 00:46 -------- d-----w- c:\documents and settings\Blake\Application Data\Orbit 2010-05-25 21:15 . 2007-11-15 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-05-24 01:53 . 2008-02-01 02:44 -------- d-----w- c:\program files\Full Tilt Poker 2010-05-23 04:56 . 2008-05-30 19:31 -------- d-----w- c:\documents and settings\Blake\Application Data\U3 2010-05-23 03:41 . 2007-11-15 20:00 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-05-23 01:55 . 2008-09-21 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-22 23:31 . 2008-07-01 23:21 -------- d-----w- c:\documents and settings\Blake\Application Data\uTorrent 2010-05-22 19:07 . 2007-11-15 21:18 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-22 18:13 . 2007-11-15 20:07 72344 ----a-w- c:\documents and settings\Blake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-12 01:13 . 2010-01-06 01:41 -------- d-----w- c:\program files\TableNinjaFT 2010-05-11 20:36 . 2007-11-26 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-05-11 02:08 . 2008-07-18 23:28 -------- d-----w- c:\program files\Common Files\Stardock 2010-05-11 01:57 . 2008-07-18 23:28 -------- d-----w- c:\program files\AlienGUIse 2010-05-10 22:59 . 2007-11-26 23:49 -------- d-----w- c:\program files\MSBuild 2010-05-10 22:11 . 2008-05-30 22:41 -------- d-----w- c:\program files\Unlocker 2010-05-09 10:43 . 2009-11-01 20:27 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-09 10:15 . 2007-11-26 23:49 -------- d-----w- c:\program files\Microsoft Works 2010-05-09 00:51 . 2007-11-15 08:03 87747 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-04-29 22:39 . 2008-09-21 03:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39 . 2008-09-21 03:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 21:33 . 2007-11-15 08:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-03-19 07:04 . 2010-03-24 01:00 163840 ----a-w- c:\windows\system32\svcmsdebug.exe 2010-03-10 21:05 . 2009-11-23 22:39 79488 ----a-w- c:\documents and settings\Blake\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-10 06:15 . 2004-08-10 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2008-10-22 19:31 . 2008-10-22 19:31 0 ----a-w- c:\program files\Common Files\dht342126 2008-09-21 03:18 . 2008-09-21 03:18 822 ----a-w- c:\program files\imghz.txt 2008-04-17 17:04 . 2007-12-14 17:29 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2008-04-17 17:04 . 2007-12-14 17:29 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2008-04-17 17:04 . 2008-04-17 17:04 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2008-04-17 17:04 . 2008-04-17 17:04 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2006-05-03 09:06 . 2008-05-23 22:45 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2008-05-23 22:45 31232 --sha-r- c:\windows\system32\msfDX.dll 2007-12-17 12:43 . 2008-05-23 22:52 27648 --sha-w- c:\windows\system32\Smab0.dll . ((((((((((((((((((((((((((((( SnapShot_2010-05-25_19.46.56 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-26 07:14 . 2010-05-26 07:14 16384 c:\windows\Temp\Perflib_Perfdata_5a4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-05 00:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Red Swoosh"="c:\program files\RSSoft\RedSwoosh.exe" [2007-02-27 62436] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-15 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 393944] "DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2007-02-22 140184] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 136600] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704] "MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 53248] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-07 118784] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\Blake\Start Menu\Programs\Startup\ Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-7-18 2074360] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-20 607584] Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-2-24 1719568] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2007-11-15 19:39 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2007-04-27 20:10 18744 ----a-w- c:\windows\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 06:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-09-01 23:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-11-15 21:11 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B179023B-6238-4499-8F26-CD73E9D90E0A}] 2007-07-12 18:57 179288 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDrive.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [9/5/2007 4:01 PM 277888] R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2/28/2007 12:15 PM 19072] R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2/28/2008 1:24 PM 140184] R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [5/1/2007 3:55 PM 143360] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 1:33 AM 135664] S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [11/18/2007 12:25 PM 375424] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 1:22 PM 34064] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/17/2008 11:53 AM 717296] . Contents of the 'Scheduled Tasks' folder 2010-05-26 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-15 08:40] 2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 08:33] 2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 08:33] 2010-05-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-02-05 00:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\uysb827j.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\Blake\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Blake\Application Data\Move Networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\Blake\Application Data\Mozilla\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-26 01:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(768) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll c:\windows\system32\PCANotify.dll c:\program files\AlienGUIse\fastload.dll - - - - - - - > 'explorer.exe'(4536) c:\windows\system32\WININET.dll c:\program files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-05-26 01:42:50 ComboFix-quarantined-files.txt 2010-05-26 08:42 ComboFix2.txt 2010-05-26 07:32 ComboFix3.txt 2010-05-26 06:49 ComboFix4.txt 2010-05-25 19:50 ComboFix5.txt 2010-05-26 08:33 Pre-Run: 15,237,586,944 bytes free Post-Run: 15,210,270,720 bytes free - - End Of File - - D2B39D0810334B7145B2E01A0BDA2981
  6. OTL logfile created on: 5/26/2010 1:09:16 AM - Run 5 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Blake\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 14.21 Gb Free Space | 19.06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 6.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 3.74 Gb Total Space | 0.77 Gb Free Space | 20.61% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BDL Current User Name: Blake Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Custom Scans ========== < MD5 for: NETBT.SYS > [2004/08/10 04:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys [2008/04/14 00:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=403FDBC00023C1980684D8AC90C5B114 -- C:\WINDOWS\system32\drivers\netbt.sys [2008/04/14 00:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys [2008/04/13 12:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netbt.sys < End of report >
  7. OTL logfile created on: 5/26/2010 12:53:22 AM - Run 4 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Blake\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 14.21 Gb Free Space | 19.06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BDL Current User Name: Blake Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Driver Services (All) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (UIUSys) DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx) DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810) DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3) DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080) DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib) DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (OMCI) DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u) DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn) DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o) DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray) DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt) DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc) DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint) DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx) DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x) DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m) DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk) DRV - [2010/05/22 20:41:20 | 000,021,425 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x) DRV - [2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb) DRV - [2009/12/31 09:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv) DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter) DRV - [2009/10/20 09:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP) DRV - [2009/06/24 04:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD) DRV - [2009/06/18 21:48:12 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2009/06/18 21:48:06 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2009/06/08 10:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DefragFs.sys -- (DefragFS) DRV - [2009/05/11 15:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2009/04/15 19:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008/08/14 03:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD) DRV - [2008/07/24 18:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008/06/20 04:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip) DRV - [2008/06/16 03:00:00 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008/06/13 04:05:51 | 000,272,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT) DRV - [2008/04/14 05:43:24 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD) DRV - [2008/04/14 05:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD) DRV - [2008/04/14 05:43:22 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP) DRV - [2008/04/14 05:43:22 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE) DRV - [2008/04/14 00:58:40 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss) DRV - [2008/04/14 00:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT) DRV - [2008/04/14 00:50:44 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan) DRV - [2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS) DRV - [2008/04/14 00:49:50 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP) DRV - [2008/04/14 00:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec) DRV - [2008/04/14 00:49:44 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP) DRV - [2008/04/14 00:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt) DRV - [2008/04/14 00:47:20 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud) DRV - [2008/04/14 00:47:06 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup) DRV - [2008/04/14 00:45:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio) DRV - [2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs) DRV - [2008/04/14 00:45:46 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial) DRV - [2008/04/14 00:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat) DRV - [2008/04/14 00:44:22 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs) DRV - [2008/04/14 00:30:20 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem) DRV - [2008/04/14 00:27:34 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe) DRV - [2008/04/14 00:27:30 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy) DRV - [2008/04/14 00:27:28 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac) DRV - [2008/04/14 00:27:28 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi) DRV - [2008/04/14 00:27:22 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp) DRV - [2008/04/14 00:27:16 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat) DRV - [2008/04/14 00:27:08 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp) DRV - [2008/04/14 00:26:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched) DRV - [2008/04/14 00:26:34 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc) DRV - [2008/04/14 00:26:04 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS) DRV - [2008/04/14 00:26:00 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio) DRV - [2008/04/14 00:24:30 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM) DRV - [2008/04/14 00:23:36 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw) DRV - [2008/04/14 00:23:24 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bridge.sys -- (BridgeMP) DRV - [2008/04/14 00:23:24 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bridge.sys -- (Bridge) DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008/04/14 00:21:36 | 000,101,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network) DRV - [2008/04/14 00:21:26 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394) DRV - [2008/04/14 00:21:26 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394) DRV - [2008/04/14 00:21:26 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc) DRV - [2008/04/14 00:17:38 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint) DRV - [2008/04/14 00:16:34 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) DRV - [2008/04/14 00:16:34 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum) DRV - [2008/04/14 00:16:30 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB) DRV - [2008/04/14 00:16:26 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC) DRV - [2008/04/14 00:16:26 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC) DRV - [2008/04/14 00:16:24 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE) DRV - [2008/04/14 00:16:24 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP) DRV - [2008/04/14 00:16:24 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP) DRV - [2008/04/14 00:16:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip) DRV - [2008/04/14 00:16:20 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394) DRV - [2008/04/14 00:15:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp) DRV - [2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR) DRV - [2008/04/14 00:15:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub) DRV - [2008/04/14 00:15:36 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus) DRV - [2008/04/14 00:15:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci) DRV - [2008/04/14 00:15:36 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci) DRV - [2008/04/14 00:15:36 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan) DRV - [2008/04/14 00:15:28 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidir.sys -- (HidIr) DRV - [2008/04/14 00:15:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb) DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/04/14 00:15:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud) DRV - [2008/04/14 00:15:10 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer) DRV - [2008/04/14 00:15:10 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi) DRV - [2008/04/14 00:15:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter) DRV - [2008/04/14 00:15:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic) DRV - [2008/04/14 00:14:50 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2008/04/14 00:14:48 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio) DRV - [2008/04/14 00:14:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave) DRV - [2008/04/14 00:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap) DRV - [2008/04/14 00:11:00 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi) DRV - [2008/04/14 00:10:50 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr) DRV - [2008/04/14 00:10:50 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy) DRV - [2008/04/14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom) DRV - [2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk) DRV - [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi) DRV - [2008/04/14 00:10:30 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde) DRV - [2008/04/14 00:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook) DRV - [2008/04/14 00:10:26 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc) DRV - [2008/04/14 00:10:26 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk) DRV - [2008/04/14 00:10:12 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport) DRV - [2008/04/14 00:09:54 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV) DRV - [2008/04/14 00:09:54 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum) DRV - [2008/04/14 00:09:52 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE) DRV - [2008/04/14 00:09:52 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK) DRV - [2008/04/14 00:09:52 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM) DRV - [2008/04/14 00:09:50 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid) DRV - [2008/04/14 00:09:48 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update) DRV - [2008/04/14 00:09:48 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr) DRV - [2008/04/14 00:09:48 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass) DRV - [2008/04/14 00:09:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass) DRV - [2008/04/14 00:06:54 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr) DRV - [2008/04/14 00:06:48 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios) DRV - [2008/04/14 00:06:46 | 000,079,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus) DRV - [2008/04/14 00:06:46 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI) DRV - [2008/04/14 00:06:44 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pcmcia.sys -- (Pcmcia) DRV - [2008/04/14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp) DRV - [2008/04/14 00:06:38 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt) DRV - [2008/04/14 00:06:38 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt) DRV - [2008/04/14 00:06:36 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI) DRV - [2008/04/14 00:03:30 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips) DRV - [2008/04/14 00:03:00 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr) DRV - [2008/04/14 00:02:52 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr) DRV - [2008/04/14 00:02:46 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV) DRV - [2008/04/14 00:02:40 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs) DRV - [2008/04/14 00:02:40 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs) DRV - [2008/04/14 00:02:38 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs) DRV - [2008/04/14 00:01:34 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm) DRV - [2008/04/13 22:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) DRV - [2008/03/17 11:53:16 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008/02/04 18:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2007/11/13 03:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2007/09/05 16:01:10 | 000,277,888 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\MDFSYSNT.SYS -- (MDFSYSNT) DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM) DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM) DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM) DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM) DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2007/07/23 14:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2007/07/23 14:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2007/06/20 03:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2007/06/20 03:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2007/03/30 21:48:02 | 000,018,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST) DRV - [2007/03/30 21:47:22 | 000,017,848 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy) DRV - [2007/03/30 21:46:50 | 000,013,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho) DRV - [2007/03/30 21:44:22 | 000,020,536 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GERNUWA.sys -- (Gernuwa) DRV - [2007/02/28 12:15:08 | 000,019,072 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MDPMGRNT.sys -- (MDPMGRNT) DRV - [2007/02/21 12:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007/02/08 14:51:16 | 002,209,408 | ---- | M] (Intel
  8. OTL logfile created on: 5/26/2010 12:36:17 AM - Run 3 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Blake\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 14.21 Gb Free Space | 19.06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 6.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 3.74 Gb Total Space | 0.77 Gb Free Space | 20.60% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BDL Current User Name: Blake Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Win32 Services (All) ========== SRV - [2009/12/27 00:46:29 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA) SRV - [2009/12/22 01:33:37 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate) SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009/07/17 11:10:18 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine) SRV - [2009/07/17 11:10:16 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent) SRV - [2009/06/20 10:16:06 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2009/06/09 23:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation) SRV - [2009/03/24 18:18:59 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/03/21 01:40:16 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/02/09 05:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi) SRV - [2009/02/09 05:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC) SRV - [2009/02/09 05:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch) SRV - [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay) SRV - [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog) SRV - [2009/01/24 19:17:22 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3) SRV - [2008/07/29 21:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/07/29 19:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/25 11:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008/07/07 13:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem) SRV - [2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA) SRV - [2008/04/14 05:42:42 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv) SRV - [2008/04/14 05:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS) SRV - [2008/04/14 05:42:40 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr) SRV - [2008/04/14 05:42:40 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS) SRV - [2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler) SRV - [2008/04/14 05:42:36 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr) SRV - [2008/04/14 05:42:36 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog) SRV - [2008/04/14 05:42:34 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr) SRV - [2008/04/14 05:42:30 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm) SRV - [2008/04/14 05:42:30 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE) SRV - [2008/04/14 05:42:30 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer) SRV - [2008/04/14 05:42:28 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC) SRV - [2008/04/14 05:42:26 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC) SRV - [2008/04/14 05:42:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc) SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs) SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage) SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent) SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp) SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon) SRV - [2008/04/14 05:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService) SRV - [2008/04/14 05:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin) SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv) SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp) SRV - [2008/04/14 05:42:16 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv) SRV - [2008/04/14 05:42:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc) SRV - [2008/04/14 05:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG) SRV - [2008/04/14 05:42:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC) SRV - [2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov) SRV - [2008/04/14 05:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc) SRV - [2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - [2008/04/14 05:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA) SRV - [2008/04/14 05:42:10 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost) SRV - [2008/04/14 05:42:10 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time) SRV - [2008/04/14 05:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt) SRV - [2008/04/14 05:42:10 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient) SRV - [2008/04/14 05:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter) SRV - [2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService) SRV - [2008/04/14 05:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv) SRV - [2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice) SRV - [2008/04/14 05:42:08 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver) SRV - [2008/04/14 05:42:08 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks) SRV - [2008/04/14 05:42:08 | 000,071,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV) SRV - [2008/04/14 05:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule) SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes) SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection) SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility) SRV - [2008/04/14 05:42:06 | 000,059,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry) SRV - [2008/04/14 05:42:06 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS) SRV - [2008/04/14 05:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon) SRV - [2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc) SRV - [2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS) SRV - [2008/04/14 05:42:04 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent) SRV - [2008/04/14 05:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan) SRV - [2008/04/14 05:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto) SRV - [2008/04/14 05:42:04 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman) SRV - [2008/04/14 05:42:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger) SRV - [2008/04/14 05:41:58 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc) SRV - [2008/04/14 05:41:58 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess) SRV - [2008/04/14 05:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts) SRV - [2008/04/14 05:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) SRV - [2008/04/14 05:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ) SRV - [2008/04/14 05:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc) SRV - [2008/04/14 05:41:54 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache) SRV - [2008/04/14 05:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost) SRV - [2008/04/14 05:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver) SRV - [2008/04/14 05:41:54 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc) SRV - [2008/04/14 05:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp) SRV - [2008/04/14 05:41:52 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser) SRV - [2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc) SRV - [2008/04/14 05:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv) SRV - [2008/04/14 05:41:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\bthserv.dll -- (BthServ) SRV - [2008/04/14 05:41:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt) SRV - [2008/04/14 05:41:50 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter) SRV - [2007/11/29 15:00:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007/11/15 12:39:52 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist) SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2007/07/11 09:33:28 | 000,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2007/05/11 13:10:00 | 000,132,728 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32) SRV - [2007/05/01 15:55:36 | 000,143,360 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe -- (MacDriveService) SRV - [2007/02/21 12:28:36 | 000,643,072 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel® SRV - [2007/02/21 12:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel® SRV - [2007/02/21 12:16:48 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel® SRV - [2007/02/21 12:10:00 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel® SRV - [2007/01/05 15:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2006/12/07 17:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB) SRV - [2006/12/07 17:52:10 | 000,095,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD) SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/18 21:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN) SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2006/10/09 16:16:56 | 000,237,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2006/09/28 18:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc) SRV - [2006/06/29 13:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC) SRV - [2006/02/28 13:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2005/08/30 18:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service) SRV - [2005/08/05 14:56:32 | 000,102,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched) SRV - [2005/08/05 14:27:08 | 000,099,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc) SRV - [2005/08/04 00:02:58 | 000,380,928 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller) SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2004/08/10 05:11:50 | 000,085,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mhn.dll -- (MHN) SRV - [2004/08/10 04:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP) < End of report >
  9. ComboFix 10-05-25.02 - Blake 05/26/2010 0:17.7.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1411 [GMT -7:00] Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 ))))))))))))))))))))))))))))))) . 2010-05-23 19:05 . 2006-08-17 15:55 44544 ----a-r- c:\windows\system32\drivers\bcm4sbxp.sys 2010-05-23 19:05 . 2010-05-23 19:05 -------- d-----w- c:\program files\Broadcom 2010-05-23 08:47 . 2010-05-23 08:47 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\PCHealth 2010-05-23 08:47 . 2010-05-23 08:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-05-23 04:39 . 2010-05-23 04:39 -------- d-----w- c:\program files\Trend Micro 2010-05-23 02:17 . 2010-05-23 02:17 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-05-23 01:46 . 2010-05-23 01:46 -------- d-sh--w- c:\documents and settings\Administrator.BDL\IETldCache 2010-05-23 01:22 . 2010-05-23 02:54 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\qxrxjddne 2010-05-12 03:58 . 2010-05-12 03:58 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-12 03:55 . 2010-05-12 03:55 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-05-12 03:55 . 2010-05-12 03:55 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-05-12 03:52 . 2010-05-12 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-05-12 01:13 . 2010-05-12 01:13 45 ----a-w- c:\documents and settings\Blake\Local Settings\Application Data\machpro.dat 2010-05-12 01:13 . 2010-05-12 01:13 13094 ----a-r- c:\documents and settings\Blake\Application Data\Microsoft\Installer\{10289533-8C81-454C-9F61-B7E85436FBF4}\_D4D83B804B6DAFCEC78109.exe 2010-05-12 01:13 . 2010-05-12 01:13 13094 ----a-r- c:\documents and settings\Blake\Application Data\Microsoft\Installer\{10289533-8C81-454C-9F61-B7E85436FBF4}\_569B488E6E5958FADB5C1A.exe 2010-05-10 22:59 . 2010-05-10 22:59 -------- d-----w- c:\windows\system32\XPSViewer 2010-05-10 22:59 . 2010-05-10 22:59 -------- d-----w- c:\program files\Reference Assemblies 2010-05-10 22:58 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-05-10 22:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-05-10 22:58 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-05-10 22:58 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-05-10 22:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-05-10 22:58 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-05-10 22:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-05-10 22:58 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-05-10 22:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-05-10 22:58 . 2010-05-10 22:59 -------- d-----w- C:\0e5bad5a42b855a025e80a8717cc8b 2010-05-10 22:40 . 2010-05-10 22:40 -------- d-sh--w- c:\documents and settings\Blake\IECompatCache 2010-05-10 22:40 . 2010-05-10 22:40 -------- d-sh--w- c:\documents and settings\Blake\PrivacIE 2010-05-10 22:24 . 2010-05-10 22:24 -------- d-sh--w- c:\documents and settings\Blake\IETldCache 2010-05-10 17:40 . 2010-05-10 17:41 -------- d-----w- c:\windows\ie8updates 2010-05-10 17:28 . 2010-05-10 17:35 -------- dc-h--w- c:\windows\ie8 2010-05-10 17:21 . 2010-05-12 18:21 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-10 17:20 . 2010-05-10 17:20 -------- d-----w- c:\windows\system32\MpEngineStore 2010-05-10 17:16 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-05-10 17:16 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-05-10 17:15 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-05-10 17:15 . 2010-05-10 17:15 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-05-10 17:14 . 2010-05-10 17:14 -------- d-----w- C:\d5d6b62b0017efcf097861df48cf 2010-05-09 00:51 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll 2010-05-09 00:50 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-05-09 00:49 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-05-09 00:49 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-05-09 00:49 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-05-09 00:45 . 2008-04-14 12:42 4274816 ------w- c:\windows\system32\nv4_disp.dll 2010-05-09 00:42 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-05-09 00:42 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-05-09 00:42 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2010-05-09 00:42 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-05-09 00:42 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-05-09 00:42 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2010-05-09 00:42 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-05-09 00:42 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-05-09 00:41 . 2010-05-09 00:46 -------- d-----w- c:\windows\ServicePackFiles 2010-05-09 00:40 . 2010-01-29 15:01 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2010-05-09 00:35 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2010-05-09 00:35 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-05-02 20:57 . 2010-05-02 20:57 -------- d-----w- c:\documents and settings\Blake\Application Data\Webroot 2010-05-02 20:55 . 2010-05-02 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Geek Squad 2010-04-28 19:54 . 2010-04-28 19:54 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2010-04-28 19:53 . 2008-04-14 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-04-28 19:49 . 2004-09-29 19:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll 2010-04-28 19:49 . 2004-09-29 19:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe 2010-04-28 19:49 . 2004-09-29 19:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll 2010-04-28 19:49 . 2004-09-29 19:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll 2010-04-28 19:49 . 2004-09-29 19:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll 2010-04-28 19:49 . 2004-09-29 19:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe 2010-04-28 19:49 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe 2010-04-28 19:49 . 2010-04-28 19:49 -------- d-----w- c:\program files\HP 2010-04-28 19:48 . 2010-04-28 19:54 102262 ----a-w- c:\windows\hpoins05.dat 2010-04-28 19:48 . 2005-06-22 14:03 17505 ------w- c:\windows\hpomdl07.dat 2010-04-28 19:48 . 2005-03-08 19:43 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys 2010-04-28 19:48 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys 2010-04-28 19:48 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys 2010-04-28 19:48 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll 2010-04-28 19:48 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll 2010-04-28 19:48 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll 2010-04-28 19:48 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll 2010-04-28 19:48 . 2005-03-08 19:39 274432 ----a-w- c:\windows\system32\HPZc3212.dll 2010-04-28 19:48 . 2005-03-18 18:32 180315 ----a-w- c:\windows\system32\hpzsnt12.dll 2010-04-28 19:47 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll 2010-04-28 19:47 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll 2010-04-27 02:24 . 2010-04-27 02:24 -------- d-----w- c:\documents and settings\Blake\Bluetooth Software 2010-04-27 02:22 . 2009-06-19 04:48 45984 ----a-w- c:\windows\system32\drivers\btwusb.sys 2010-04-27 02:22 . 2008-09-26 16:30 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys 2010-04-27 02:22 . 2007-09-20 19:59 106557 ----a-w- c:\windows\system32\btw_ci.dll 2010-04-27 02:22 . 2009-05-11 22:45 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys 2010-04-27 02:22 . 2008-07-25 01:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys 2010-04-27 02:22 . 2008-02-05 01:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys 2010-04-27 02:22 . 2009-04-16 02:13 991136 ----a-w- c:\windows\system32\drivers\btkrnl.sys 2010-04-27 02:22 . 2009-06-19 04:48 533024 ----a-w- c:\windows\system32\drivers\btaudio.sys 2010-04-27 02:21 . 2010-04-27 02:21 -------- d-----w- c:\program files\WIDCOMM 2010-04-26 23:20 . 2006-06-07 00:05 139264 ----a-w- c:\windows\system32\igfxres.dll 2010-04-26 22:45 . 2010-04-26 22:47 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\Deployment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-26 07:16 . 2007-11-15 22:23 -------- d-----w- c:\program files\RSSoft 2010-05-26 07:15 . 2009-02-25 00:46 -------- d-----w- c:\documents and settings\Blake\Application Data\Orbit 2010-05-25 21:15 . 2007-11-15 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-05-24 01:53 . 2008-02-01 02:44 -------- d-----w- c:\program files\Full Tilt Poker 2010-05-23 04:56 . 2008-05-30 19:31 -------- d-----w- c:\documents and settings\Blake\Application Data\U3 2010-05-23 03:41 . 2007-11-15 20:00 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-05-23 01:55 . 2008-09-21 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-22 23:31 . 2008-07-01 23:21 -------- d-----w- c:\documents and settings\Blake\Application Data\uTorrent 2010-05-22 19:07 . 2007-11-15 21:18 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-22 18:13 . 2007-11-15 20:07 72344 ----a-w- c:\documents and settings\Blake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-12 01:13 . 2010-01-06 01:41 -------- d-----w- c:\program files\TableNinjaFT 2010-05-11 20:36 . 2007-11-26 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-05-11 02:08 . 2008-07-18 23:28 -------- d-----w- c:\program files\Common Files\Stardock 2010-05-11 01:57 . 2008-07-18 23:28 -------- d-----w- c:\program files\AlienGUIse 2010-05-10 22:59 . 2007-11-26 23:49 -------- d-----w- c:\program files\MSBuild 2010-05-10 22:11 . 2008-05-30 22:41 -------- d-----w- c:\program files\Unlocker 2010-05-09 10:43 . 2009-11-01 20:27 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-09 10:15 . 2007-11-26 23:49 -------- d-----w- c:\program files\Microsoft Works 2010-05-09 00:51 . 2007-11-15 08:03 87747 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-04-29 22:39 . 2008-09-21 03:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39 . 2008-09-21 03:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 21:33 . 2007-11-15 08:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-03-19 07:04 . 2010-03-24 01:00 163840 ----a-w- c:\windows\system32\svcmsdebug.exe 2010-03-10 21:05 . 2009-11-23 22:39 79488 ----a-w- c:\documents and settings\Blake\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-10 06:15 . 2004-08-10 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2008-10-22 19:31 . 2008-10-22 19:31 0 ----a-w- c:\program files\Common Files\dht342126 2008-09-21 03:18 . 2008-09-21 03:18 822 ----a-w- c:\program files\imghz.txt 2008-04-17 17:04 . 2007-12-14 17:29 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2008-04-17 17:04 . 2007-12-14 17:29 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2008-04-17 17:04 . 2008-04-17 17:04 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2008-04-17 17:04 . 2008-04-17 17:04 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2006-05-03 09:06 . 2008-05-23 22:45 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2008-05-23 22:45 31232 --sha-r- c:\windows\system32\msfDX.dll 2007-12-17 12:43 . 2008-05-23 22:52 27648 --sha-w- c:\windows\system32\Smab0.dll . ((((((((((((((((((((((((((((( SnapShot_2010-05-25_19.46.56 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-26 07:14 . 2010-05-26 07:14 16384 c:\windows\Temp\Perflib_Perfdata_5a4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-05 00:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Red Swoosh"="c:\program files\RSSoft\RedSwoosh.exe" [2007-02-27 62436] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-15 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 393944] "DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2007-02-22 140184] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 136600] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704] "MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 53248] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-07 118784] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\Blake\Start Menu\Programs\Startup\ Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-7-18 2074360] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-20 607584] Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-2-24 1719568] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2007-11-15 19:39 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2007-04-27 20:10 18744 ----a-w- c:\windows\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 06:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-09-01 23:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-11-15 21:11 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B179023B-6238-4499-8F26-CD73E9D90E0A}] 2007-07-12 18:57 179288 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDrive.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [9/5/2007 4:01 PM 277888] R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2/28/2007 12:15 PM 19072] R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2/28/2008 1:24 PM 140184] R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [5/1/2007 3:55 PM 143360] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 1:33 AM 135664] S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [11/18/2007 12:25 PM 375424] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 1:22 PM 34064] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/17/2008 11:53 AM 717296] . Contents of the 'Scheduled Tasks' folder 2010-05-26 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-15 08:40] 2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 08:33] 2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 08:33] 2010-05-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-02-05 00:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\uysb827j.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\Blake\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Blake\Application Data\Move Networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\Blake\Application Data\Mozilla\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-26 00:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-448539723-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(768) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll c:\windows\system32\PCANotify.dll c:\program files\AlienGUIse\fastload.dll - - - - - - - > 'explorer.exe'(4020) c:\windows\system32\WININET.dll c:\program files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-05-26 00:32:24 ComboFix-quarantined-files.txt 2010-05-26 07:32 ComboFix2.txt 2010-05-26 06:49 ComboFix3.txt 2010-05-25 19:50 ComboFix4.txt 2010-05-24 19:41 ComboFix5.txt 2010-05-26 07:17 Pre-Run: 15,265,611,776 bytes free Post-Run: 15,212,949,504 bytes free - - End Of File - - 7F8CE654943ECF479F92E721B76708D9
  10. ComboFix 10-05-25.02 - Blake 05/25/2010 23:23:12.6.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1475 [GMT -7:00] Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\hlp.dat . ((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 ))))))))))))))))))))))))))))))) . 2010-05-23 19:05 . 2006-08-17 15:55 44544 ----a-r- c:\windows\system32\drivers\bcm4sbxp.sys 2010-05-23 19:05 . 2010-05-23 19:05 -------- d-----w- c:\program files\Broadcom 2010-05-23 08:47 . 2010-05-23 08:47 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\PCHealth 2010-05-23 08:47 . 2010-05-23 08:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-05-23 04:39 . 2010-05-23 04:39 -------- d-----w- c:\program files\Trend Micro 2010-05-23 02:17 . 2010-05-23 02:17 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-05-23 01:46 . 2010-05-23 01:46 -------- d-sh--w- c:\documents and settings\Administrator.BDL\IETldCache 2010-05-23 01:22 . 2010-05-23 02:54 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\qxrxjddne 2010-05-12 03:52 . 2010-05-12 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-05-12 01:13 . 2010-05-12 01:13 45 ----a-w- c:\documents and settings\Blake\Local Settings\Application Data\machpro.dat 2010-05-10 22:59 . 2010-05-10 22:59 -------- d-----w- c:\windows\system32\XPSViewer 2010-05-10 22:59 . 2010-05-10 22:59 -------- d-----w- c:\program files\Reference Assemblies 2010-05-10 22:58 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-05-10 22:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-05-10 22:58 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-05-10 22:58 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-05-10 22:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-05-10 22:58 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-05-10 22:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-05-10 22:58 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-05-10 22:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-05-10 22:58 . 2010-05-10 22:59 -------- d-----w- C:\0e5bad5a42b855a025e80a8717cc8b 2010-05-10 22:40 . 2010-05-10 22:40 -------- d-sh--w- c:\documents and settings\Blake\IECompatCache 2010-05-10 22:40 . 2010-05-10 22:40 -------- d-sh--w- c:\documents and settings\Blake\PrivacIE 2010-05-10 22:24 . 2010-05-10 22:24 -------- d-sh--w- c:\documents and settings\Blake\IETldCache 2010-05-10 17:40 . 2010-05-10 17:41 -------- d-----w- c:\windows\ie8updates 2010-05-10 17:28 . 2010-05-10 17:35 -------- dc-h--w- c:\windows\ie8 2010-05-10 17:21 . 2010-05-12 18:21 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-10 17:20 . 2010-05-10 17:20 -------- d-----w- c:\windows\system32\MpEngineStore 2010-05-10 17:16 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-05-10 17:16 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-05-10 17:15 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-05-10 17:15 . 2010-05-10 17:15 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-05-10 17:14 . 2010-05-10 17:14 -------- d-----w- C:\d5d6b62b0017efcf097861df48cf 2010-05-09 00:51 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll 2010-05-09 00:50 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-05-09 00:49 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-05-09 00:49 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-05-09 00:49 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-05-09 00:45 . 2008-04-14 12:42 4274816 ------w- c:\windows\system32\nv4_disp.dll 2010-05-09 00:42 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-05-09 00:42 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-05-09 00:42 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2010-05-09 00:42 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-05-09 00:42 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-05-09 00:42 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2010-05-09 00:42 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-05-09 00:42 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-05-09 00:41 . 2010-05-09 00:46 -------- d-----w- c:\windows\ServicePackFiles 2010-05-09 00:40 . 2010-01-29 15:01 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2010-05-09 00:35 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2010-05-09 00:35 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-05-02 20:57 . 2010-05-02 20:57 -------- d-----w- c:\documents and settings\Blake\Application Data\Webroot 2010-05-02 20:55 . 2010-05-02 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Geek Squad 2010-04-28 19:54 . 2010-04-28 19:54 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2010-04-28 19:53 . 2008-04-14 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-04-28 19:49 . 2004-09-29 19:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll 2010-04-28 19:49 . 2004-09-29 19:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe 2010-04-28 19:49 . 2004-09-29 19:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll 2010-04-28 19:49 . 2004-09-29 19:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll 2010-04-28 19:49 . 2004-09-29 19:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll 2010-04-28 19:49 . 2004-09-29 19:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe 2010-04-28 19:49 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe 2010-04-28 19:49 . 2010-04-28 19:49 -------- d-----w- c:\program files\HP 2010-04-28 19:48 . 2010-04-28 19:54 102262 ----a-w- c:\windows\hpoins05.dat 2010-04-28 19:48 . 2005-06-22 14:03 17505 ------w- c:\windows\hpomdl07.dat 2010-04-28 19:48 . 2005-03-08 19:43 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys 2010-04-28 19:48 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys 2010-04-28 19:48 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys 2010-04-28 19:48 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll 2010-04-28 19:48 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll 2010-04-28 19:48 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll 2010-04-28 19:48 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll 2010-04-28 19:48 . 2005-03-08 19:39 274432 ----a-w- c:\windows\system32\HPZc3212.dll 2010-04-28 19:48 . 2005-03-18 18:32 180315 ----a-w- c:\windows\system32\hpzsnt12.dll 2010-04-28 19:47 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll 2010-04-28 19:47 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll 2010-04-27 02:24 . 2010-04-27 02:24 -------- d-----w- c:\documents and settings\Blake\Bluetooth Software 2010-04-27 02:22 . 2009-06-19 04:48 45984 ----a-w- c:\windows\system32\drivers\btwusb.sys 2010-04-27 02:22 . 2008-09-26 16:30 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys 2010-04-27 02:22 . 2007-09-20 19:59 106557 ----a-w- c:\windows\system32\btw_ci.dll 2010-04-27 02:22 . 2009-05-11 22:45 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys 2010-04-27 02:22 . 2008-07-25 01:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys 2010-04-27 02:22 . 2008-02-05 01:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys 2010-04-27 02:22 . 2009-04-16 02:13 991136 ----a-w- c:\windows\system32\drivers\btkrnl.sys 2010-04-27 02:22 . 2009-06-19 04:48 533024 ----a-w- c:\windows\system32\drivers\btaudio.sys 2010-04-27 02:21 . 2010-04-27 02:21 -------- d-----w- c:\program files\WIDCOMM 2010-04-26 23:20 . 2006-06-07 00:05 139264 ----a-w- c:\windows\system32\igfxres.dll 2010-04-26 22:45 . 2010-04-26 22:47 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\Deployment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-26 06:39 . 2007-11-15 22:23 -------- d-----w- c:\program files\RSSoft 2010-05-26 06:35 . 2009-02-25 00:46 -------- d-----w- c:\documents and settings\Blake\Application Data\Orbit 2010-05-25 21:15 . 2007-11-15 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-05-24 01:53 . 2008-02-01 02:44 -------- d-----w- c:\program files\Full Tilt Poker 2010-05-23 04:56 . 2008-05-30 19:31 -------- d-----w- c:\documents and settings\Blake\Application Data\U3 2010-05-23 03:41 . 2007-11-15 20:00 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-05-23 01:55 . 2008-09-21 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-22 23:31 . 2008-07-01 23:21 -------- d-----w- c:\documents and settings\Blake\Application Data\uTorrent 2010-05-22 19:07 . 2007-11-15 21:18 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-22 18:13 . 2007-11-15 20:07 72344 ----a-w- c:\documents and settings\Blake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-12 03:57 . 2007-11-17 00:32 -------- d-----w- c:\program files\DivX 2010-05-12 03:55 . 2009-03-17 23:34 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-05-12 01:13 . 2010-01-06 01:41 -------- d-----w- c:\program files\TableNinjaFT 2010-05-11 20:36 . 2007-11-26 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-05-11 02:08 . 2008-07-18 23:28 -------- d-----w- c:\program files\Common Files\Stardock 2010-05-11 01:57 . 2008-07-18 23:28 -------- d-----w- c:\program files\AlienGUIse 2010-05-10 22:59 . 2007-11-26 23:49 -------- d-----w- c:\program files\MSBuild 2010-05-10 22:11 . 2008-05-30 22:41 -------- d-----w- c:\program files\Unlocker 2010-05-09 10:43 . 2009-11-01 20:27 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-09 10:15 . 2007-11-26 23:49 -------- d-----w- c:\program files\Microsoft Works 2010-05-09 00:51 . 2007-11-15 08:03 87747 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-04-29 22:39 . 2008-09-21 03:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39 . 2008-09-21 03:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 21:33 . 2007-11-15 08:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-03-19 07:04 . 2010-03-24 01:00 163840 ----a-w- c:\windows\system32\svcmsdebug.exe 2010-03-10 06:15 . 2004-08-10 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2008-10-22 19:31 . 2008-10-22 19:31 0 ----a-w- c:\program files\Common Files\dht342126 2008-09-21 03:18 . 2008-09-21 03:18 822 ----a-w- c:\program files\imghz.txt 2008-04-17 17:04 . 2007-12-14 17:29 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2008-04-17 17:04 . 2007-12-14 17:29 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2008-04-17 17:04 . 2008-04-17 17:04 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2008-04-17 17:04 . 2008-04-17 17:04 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2006-05-03 09:06 . 2008-05-23 22:45 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2008-05-23 22:45 31232 --sha-r- c:\windows\system32\msfDX.dll 2007-12-17 12:43 . 2008-05-23 22:52 27648 --sha-w- c:\windows\system32\Smab0.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-05 00:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Red Swoosh"="c:\program files\RSSoft\RedSwoosh.exe" [2007-02-27 62436] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-15 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 393944] "DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2007-02-22 140184] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 136600] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704] "MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 53248] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-07 118784] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\Blake\Start Menu\Programs\Startup\ Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-7-18 2074360] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-20 607584] Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-2-24 1719568] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2007-11-15 19:39 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2007-04-27 20:10 18744 ----a-w- c:\windows\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 06:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-09-01 23:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-11-15 21:11 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B179023B-6238-4499-8F26-CD73E9D90E0A}] 2007-07-12 18:57 179288 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDrive.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [9/5/2007 4:01 PM 277888] R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2/28/2007 12:15 PM 19072] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/17/2008 11:53 AM 717296] R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2/28/2008 1:24 PM 140184] R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [5/1/2007 3:55 PM 143360] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 1:33 AM 135664] S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [11/18/2007 12:25 PM 375424] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 1:22 PM 34064] . Contents of the 'Scheduled Tasks' folder 2010-05-26 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-15 08:40] 2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 08:33] 2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 08:33] 2010-05-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-02-05 00:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\uysb827j.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\Blake\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Blake\Application Data\Move Networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\Blake\Application Data\Mozilla\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-25 23:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spkg.sys hal.dll >>UNKNOWN [0x8A7BB938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28 \Driver\ACPI -> ACPI.sys @ 0xba667cb8 \Driver\atapi -> atapi.sys @ 0xba5deb40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014 ParseProcedure -> ntkrnlpa.exe @ 0x80577c76 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014 ParseProcedure -> ntkrnlpa.exe @ 0x80577c76 NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xba4d0bb0 PacketIndicateHandler -> NDIS.sys @ 0xba4bfa0d SendHandler -> NDIS.sys @ 0xba4d3b40 user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-448539723-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(780) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll c:\windows\system32\PCANotify.dll c:\program files\AlienGUIse\fastload.dll - - - - - - - > 'explorer.exe'(3308) c:\windows\system32\WININET.dll c:\program files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Raxco\PerfectDisk10\PDAgent.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\windows\ehome\mcrdsvc.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\windows\eHome\ehmsas.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\program files\Orbitdownloader\orbitnet.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe . ************************************************************************** . Completion time: 2010-05-25 23:49:00 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-26 06:48 ComboFix2.txt 2010-05-25 19:50 ComboFix3.txt 2010-05-24 19:41 ComboFix4.txt 2010-05-24 00:24 ComboFix5.txt 2010-05-26 06:19 Pre-Run: 15,294,050,304 bytes free Post-Run: 15,247,998,976 bytes free - - End Of File - - 257287EC7E9B0C16152DCD6636E8F68B
  11. The DHCP client was set on Automatic, but was not started. I attempted to start it and got the following message: Could not start the DHCP Client service on Local Computer. Error 1068: The dependency service or group failed to start.
  12. I have been searching on the internet and asking for help, I was given the script as a possible solution which didn't work. I am connecting wireless.
  13. I didn't run combofix until my internet connection problems. I used malwarebytes to remove that internet security virus and after that my internet was done, always acquiring network address. ================================================== ComboFix 10-05-22.03 - Blake 05/25/2010 12:36:13.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1486 [GMT -7:00] Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Blake\Desktop\CFScript.txt AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\look.bat . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\user32.dll --> c:\windows\system32\user32.dll c:\windows\ServicePackFiles\i386\ws2_32.dll --> c:\windows\system32\ws2_32.dll . ((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 ))))))))))))))))))))))))))))))) . 2010-05-25 00:06 . 2010-05-24 17:08 -------- d-----w- c:\windows\maxdriver 2010-05-23 19:05 . 2006-08-17 15:55 44544 ----a-r- c:\windows\system32\drivers\bcm4sbxp.sys 2010-05-23 19:05 . 2010-05-23 19:05 -------- d-----w- c:\program files\Broadcom 2010-05-23 08:47 . 2010-05-23 08:47 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\PCHealth 2010-05-23 08:47 . 2010-05-23 08:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-05-23 04:39 . 2010-05-23 04:39 -------- d-----w- c:\program files\Trend Micro 2010-05-23 02:17 . 2010-05-23 02:17 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-05-23 01:46 . 2010-05-23 01:46 -------- d-sh--w- c:\documents and settings\Administrator.BDL\IETldCache 2010-05-23 01:22 . 2010-05-23 02:54 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\qxrxjddne 2010-05-12 03:58 . 2010-05-12 03:58 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-12 03:55 . 2010-05-12 03:55 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-05-12 03:55 . 2010-05-12 03:55 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-05-12 03:52 . 2010-05-12 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-05-12 01:13 . 2010-05-12 01:13 45 ----a-w- c:\documents and settings\Blake\Local Settings\Application Data\machpro.dat 2010-05-12 01:13 . 2010-05-12 01:13 13094 ----a-r- c:\documents and settings\Blake\Application Data\Microsoft\Installer\{10289533-8C81-454C-9F61-B7E85436FBF4}\_D4D83B804B6DAFCEC78109.exe 2010-05-12 01:13 . 2010-05-12 01:13 13094 ----a-r- c:\documents and settings\Blake\Application Data\Microsoft\Installer\{10289533-8C81-454C-9F61-B7E85436FBF4}\_569B488E6E5958FADB5C1A.exe 2010-05-10 22:59 . 2010-05-10 22:59 -------- d-----w- c:\windows\system32\XPSViewer 2010-05-10 22:59 . 2010-05-10 22:59 -------- d-----w- c:\program files\Reference Assemblies 2010-05-10 22:58 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-05-10 22:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-05-10 22:58 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-05-10 22:58 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-05-10 22:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-05-10 22:58 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-05-10 22:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-05-10 22:58 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-05-10 22:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-05-10 22:58 . 2010-05-10 22:59 -------- d-----w- C:\0e5bad5a42b855a025e80a8717cc8b 2010-05-10 22:40 . 2010-05-10 22:40 -------- d-sh--w- c:\documents and settings\Blake\IECompatCache 2010-05-10 22:40 . 2010-05-10 22:40 -------- d-sh--w- c:\documents and settings\Blake\PrivacIE 2010-05-10 22:24 . 2010-05-10 22:24 -------- d-sh--w- c:\documents and settings\Blake\IETldCache 2010-05-10 17:40 . 2010-05-10 17:41 -------- d-----w- c:\windows\ie8updates 2010-05-10 17:28 . 2010-05-10 17:35 -------- dc-h--w- c:\windows\ie8 2010-05-10 17:21 . 2010-05-12 18:21 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-10 17:20 . 2010-05-10 17:20 -------- d-----w- c:\windows\system32\MpEngineStore 2010-05-10 17:16 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-05-10 17:16 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-05-10 17:15 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-05-10 17:15 . 2010-05-10 17:15 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-05-10 17:14 . 2010-05-10 17:14 -------- d-----w- C:\d5d6b62b0017efcf097861df48cf 2010-05-09 00:51 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll 2010-05-09 00:50 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-05-09 00:49 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-05-09 00:49 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-05-09 00:49 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-05-09 00:45 . 2008-04-14 12:42 4274816 ------w- c:\windows\system32\nv4_disp.dll 2010-05-09 00:42 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-05-09 00:42 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-05-09 00:42 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2010-05-09 00:42 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-05-09 00:42 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-05-09 00:42 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2010-05-09 00:42 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-05-09 00:42 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-05-09 00:41 . 2010-05-09 00:46 -------- d-----w- c:\windows\ServicePackFiles 2010-05-09 00:40 . 2010-01-29 15:01 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2010-05-09 00:35 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2010-05-09 00:35 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-05-02 20:57 . 2010-05-02 20:57 -------- d-----w- c:\documents and settings\Blake\Application Data\Webroot 2010-05-02 20:55 . 2010-05-02 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Geek Squad 2010-04-28 19:54 . 2010-04-28 19:54 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2010-04-28 19:53 . 2008-04-14 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-04-28 19:49 . 2004-09-29 19:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll 2010-04-28 19:49 . 2004-09-29 19:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe 2010-04-28 19:49 . 2004-09-29 19:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll 2010-04-28 19:49 . 2004-09-29 19:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll 2010-04-28 19:49 . 2004-09-29 19:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll 2010-04-28 19:49 . 2004-09-29 19:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe 2010-04-28 19:49 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe 2010-04-28 19:49 . 2010-04-28 19:49 -------- d-----w- c:\program files\HP 2010-04-28 19:48 . 2010-04-28 19:54 102262 ----a-w- c:\windows\hpoins05.dat 2010-04-28 19:48 . 2005-06-22 14:03 17505 ------w- c:\windows\hpomdl07.dat 2010-04-28 19:48 . 2005-03-08 19:43 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys 2010-04-28 19:48 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys 2010-04-28 19:48 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys 2010-04-28 19:48 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll 2010-04-28 19:48 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll 2010-04-28 19:48 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll 2010-04-28 19:48 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll 2010-04-28 19:48 . 2005-03-08 19:39 274432 ----a-w- c:\windows\system32\HPZc3212.dll 2010-04-28 19:48 . 2005-03-18 18:32 180315 ----a-w- c:\windows\system32\hpzsnt12.dll 2010-04-28 19:47 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll 2010-04-28 19:47 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll 2010-04-27 02:24 . 2010-04-27 02:24 -------- d-----w- c:\documents and settings\Blake\Bluetooth Software 2010-04-27 02:22 . 2009-06-19 04:48 45984 ----a-w- c:\windows\system32\drivers\btwusb.sys 2010-04-27 02:22 . 2008-09-26 16:30 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys 2010-04-27 02:22 . 2007-09-20 19:59 106557 ----a-w- c:\windows\system32\btw_ci.dll 2010-04-27 02:22 . 2009-05-11 22:45 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys 2010-04-27 02:22 . 2008-07-25 01:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys 2010-04-27 02:22 . 2008-02-05 01:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys 2010-04-27 02:22 . 2009-04-16 02:13 991136 ----a-w- c:\windows\system32\drivers\btkrnl.sys 2010-04-27 02:22 . 2009-06-19 04:48 533024 ----a-w- c:\windows\system32\drivers\btaudio.sys 2010-04-27 02:21 . 2010-04-27 02:21 -------- d-----w- c:\program files\WIDCOMM 2010-04-26 23:20 . 2006-06-07 00:05 139264 ----a-w- c:\windows\system32\igfxres.dll 2010-04-26 22:45 . 2010-04-26 22:47 -------- d-----w- c:\documents and settings\Blake\Local Settings\Application Data\Deployment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-25 19:31 . 2009-02-25 00:46 -------- d-----w- c:\documents and settings\Blake\Application Data\Orbit 2010-05-25 19:27 . 2007-11-15 22:23 -------- d-----w- c:\program files\RSSoft 2010-05-24 20:14 . 2007-11-15 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-05-24 01:53 . 2008-02-01 02:44 -------- d-----w- c:\program files\Full Tilt Poker 2010-05-23 04:56 . 2008-05-30 19:31 -------- d-----w- c:\documents and settings\Blake\Application Data\U3 2010-05-23 03:41 . 2007-11-15 20:00 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-05-23 01:55 . 2008-09-21 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-22 23:31 . 2008-07-01 23:21 -------- d-----w- c:\documents and settings\Blake\Application Data\uTorrent 2010-05-22 19:07 . 2007-11-15 21:18 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-22 18:13 . 2007-11-15 20:07 72344 ----a-w- c:\documents and settings\Blake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-12 01:13 . 2010-01-06 01:41 -------- d-----w- c:\program files\TableNinjaFT 2010-05-11 20:36 . 2007-11-26 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-05-11 02:08 . 2008-07-18 23:28 -------- d-----w- c:\program files\Common Files\Stardock 2010-05-11 01:57 . 2008-07-18 23:28 -------- d-----w- c:\program files\AlienGUIse 2010-05-10 22:59 . 2007-11-26 23:49 -------- d-----w- c:\program files\MSBuild 2010-05-10 22:11 . 2008-05-30 22:41 -------- d-----w- c:\program files\Unlocker 2010-05-09 10:43 . 2009-11-01 20:27 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-09 10:15 . 2007-11-26 23:49 -------- d-----w- c:\program files\Microsoft Works 2010-05-09 00:51 . 2007-11-15 08:03 87747 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-04-29 22:39 . 2008-09-21 03:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39 . 2008-09-21 03:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 21:33 . 2007-11-15 08:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-03-19 07:04 . 2010-03-24 01:00 163840 ----a-w- c:\windows\system32\svcmsdebug.exe 2010-03-10 21:05 . 2009-11-23 22:39 79488 ----a-w- c:\documents and settings\Blake\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-10 06:15 . 2004-08-10 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-02-25 06:24 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2008-10-22 19:31 . 2008-10-22 19:31 0 ----a-w- c:\program files\Common Files\dht342126 2008-09-21 03:18 . 2008-09-21 03:18 822 ----a-w- c:\program files\imghz.txt 2008-04-17 17:04 . 2007-12-14 17:29 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2008-04-17 17:04 . 2007-12-14 17:29 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2008-04-17 17:04 . 2008-04-17 17:04 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2008-04-17 17:04 . 2008-04-17 17:04 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2006-05-03 09:06 . 2008-05-23 22:45 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2008-05-23 22:45 31232 --sha-r- c:\windows\system32\msfDX.dll 2007-12-17 12:43 . 2008-05-23 22:52 27648 --sha-w- c:\windows\system32\Smab0.dll . ((((((((((((((((((((((((((((( SnapShot@2010-05-23_20.44.51 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-25 19:33 . 2010-05-25 19:33 16384 c:\windows\Temp\Perflib_Perfdata_6e0.dat + 2004-08-10 11:00 . 2008-04-14 12:42 82432 c:\windows\system32\dllcache\ws2_32.dll + 2006-09-29 02:00 . 2006-09-29 02:00 82944 c:\windows\maxdriver\WudfRd.sys + 2006-09-29 01:55 . 2006-09-29 01:55 77568 c:\windows\maxdriver\WudfPf.sys + 2007-11-18 19:31 . 2008-04-14 07:16 19200 c:\windows\maxdriver\wstcodec.sys + 2004-08-10 11:00 . 2004-08-10 11:00 12032 c:\windows\maxdriver\ws2ifsl.sys + 2004-08-10 11:00 . 2006-10-19 03:00 38528 c:\windows\maxdriver\wpdusb.sys + 2007-11-15 19:49 . 2008-04-14 07:47 83072 c:\windows\maxdriver\wdmaud.sys + 2010-05-09 00:36 . 2008-04-14 05:04 25471 c:\windows\maxdriver\watv10nt.sys + 2010-05-09 00:36 . 2008-04-14 05:04 22271 c:\windows\maxdriver\watv06nt.sys + 2004-08-10 11:00 . 2008-04-14 07:27 34560 c:\windows\maxdriver\wanarp.sys + 2010-05-09 00:36 . 2008-04-14 05:04 11935 c:\windows\maxdriver\wadv11nt.sys + 2010-05-09 00:36 . 2008-04-14 05:04 11871 c:\windows\maxdriver\wadv09nt.sys + 2010-05-09 00:36 . 2008-04-14 05:04 11295 c:\windows\maxdriver\wadv08nt.sys + 2010-05-09 00:36 . 2008-04-14 05:04 11807 c:\windows\maxdriver\wadv07nt.sys + 2010-05-09 00:36 . 2008-04-14 07:13 14208 c:\windows\maxdriver\wacompen.sys + 2004-08-10 11:00 . 2008-04-14 07:11 52352 c:\windows\maxdriver\volsnap.sys + 2004-08-10 11:00 . 2008-04-14 07:14 81664 c:\windows\maxdriver\videoprt.sys + 2010-05-09 00:36 . 2008-04-14 07:06 42240 c:\windows\maxdriver\viaagp.sys + 2004-08-10 11:00 . 2008-04-14 07:14 20992 c:\windows\maxdriver\vga.sys + 2001-08-17 14:02 . 2004-08-10 11:00 58112 c:\windows\maxdriver\vdmindvd.sys + 2004-08-10 11:00 . 2008-04-14 07:15 20608 c:\windows\maxdriver\usbuhci.sys + 2007-11-15 22:16 . 2008-04-14 07:15 26368 c:\windows\maxdriver\usbstor.sys + 2010-04-28 19:53 . 2008-04-14 07:15 15104 c:\windows\maxdriver\usbscan.sys + 2007-11-27 02:58 . 2008-04-14 07:17 25856 c:\windows\maxdriver\usbprint.sys + 2004-08-03 23:08 . 2008-04-14 07:15 15872 c:\windows\maxdriver\usbintel.sys + 2004-08-10 11:00 . 2008-04-14 07:15 59520 c:\windows\maxdriver\usbhub.sys + 2004-08-10 11:00 . 2008-04-14 07:15 30208 c:\windows\maxdriver\usbehci.sys + 2007-11-27 02:57 . 2008-04-14 07:15 32128 c:\windows\maxdriver\usbccgp.sys + 2001-08-17 14:03 . 2008-04-14 07:15 25728 c:\windows\maxdriver\usbcamd2.sys + 2001-08-17 14:03 . 2008-04-14 07:15 25600 c:\windows\maxdriver\usbcamd.sys + 2008-09-13 19:57 . 2008-04-14 07:15 60032 c:\windows\maxdriver\usbaudio.sys + 2010-05-09 00:36 . 2008-04-14 07:26 12800 c:\windows\maxdriver\usb8023x.sys + 2004-08-10 11:00 . 2008-04-14 07:26 12800 c:\windows\maxdriver\usb8023.sys + 2004-08-10 11:00 . 2008-04-14 07:02 66048 c:\windows\maxdriver\udfs.sys + 2010-05-09 00:36 . 2008-04-14 07:06 44672 c:\windows\maxdriver\uagp35.sys + 2004-08-03 23:03 . 2008-04-14 07:26 12288 c:\windows\maxdriver\tunmp.sys + 2001-08-17 14:06 . 2004-08-10 11:00 21376 c:\windows\maxdriver\tsbvcap.sys + 2003-07-01 20:52 . 2003-07-01 20:52 16320 c:\windows\maxdriver\tostrans.sys + 2005-08-31 01:49 . 2005-08-31 01:49 36608 c:\windows\maxdriver\tosrfusb.sys + 2005-04-06 17:54 . 2005-04-06 17:54 50048 c:\windows\maxdriver\tosrfsnd.sys + 2005-01-06 21:42 . 2005-01-06 21:42 18612 c:\windows\maxdriver\tosrfnds.sys + 2002-02-08 00:24 . 2002-02-08 00:24 25420 c:\windows\maxdriver\tosrflan.sys + 2005-09-04 02:06 . 2005-09-04 02:06 62592 c:\windows\maxdriver\tosrfhid.sys + 2005-08-02 00:45 . 2005-08-02 00:45 64896 c:\windows\maxdriver\tosrfcom.sys + 2005-09-16 02:06 . 2005-09-16 02:06 36480 c:\windows\maxdriver\tosrfbnp.sys + 2005-06-21 04:30 . 2005-06-21 04:30 44288 c:\windows\maxdriver\tosporte.sys + 2001-08-17 14:01 . 2004-08-10 11:00 51712 c:\windows\maxdriver\tosdvd.sys + 2004-08-31 00:27 . 2004-08-31 00:27 48640 c:\windows\maxdriver\tosdbt.sys + 2003-04-08 05:52 . 2003-04-08 05:52 21120 c:\windows\maxdriver\tosbtsd2.sys + 2007-11-15 07:56 . 2008-04-14 12:43 40840 c:\windows\maxdriver\termdd.sys + 2007-11-15 07:56 . 2008-04-14 12:43 21896 c:\windows\maxdriver\tdtcp.sys + 2007-11-15 07:56 . 2008-04-14 12:43 12040 c:\windows\maxdriver\tdpipe.sys + 2004-08-10 11:00 . 2008-04-14 07:30 19072 c:\windows\maxdriver\tdi.sys + 2004-08-10 11:00 . 2008-04-14 07:10 14976 c:\windows\maxdriver\tape.sys + 2007-11-15 19:48 . 2008-04-14 07:45 60800 c:\windows\maxdriver\sysaudio.sys + 2007-11-15 19:48 . 2008-04-14 07:15 56576 c:\windows\maxdriver\swmidi.sys + 2007-11-18 19:32 . 2008-04-14 07:16 15232 c:\windows\maxdriver\streamip.sys + 2004-08-03 23:08 . 2008-04-14 07:15 49408 c:\windows\maxdriver\stream.sys + 2007-11-15 08:01 . 2008-04-14 07:06 73472 c:\windows\maxdriver\sr.sys + 2004-08-03 23:09 . 2008-04-14 07:16 25344 c:\windows\maxdriver\sonydcam.sys + 2004-08-10 11:00 . 2004-08-10 11:00 14592 c:\windows\maxdriver\smclib.sys + 2010-05-09 00:36 . 2008-04-14 06:53 13240 c:\windows\maxdriver\slwdmsup.sys + 2010-05-09 00:36 . 2008-04-14 06:53 95424 c:\windows\maxdriver\slnthal.sys + 2007-11-18 19:31 . 2008-04-14 07:16 11136 c:\windows\maxdriver\slip.sys + 2010-05-09 00:36 . 2008-04-14 07:06 40960 c:\windows\maxdriver\sisagp.sys + 2004-08-10 11:00 . 2008-04-14 07:10 11392 c:\windows\maxdriver\sfloppy.sys + 2004-08-10 11:00 . 2008-04-14 07:10 11008 c:\windows\maxdriver\sffp_sd.sys + 2010-05-09 00:36 . 2008-04-14 07:10 10240 c:\windows\maxdriver\sffp_mmc.sys + 2004-08-10 11:00 . 2008-04-14 07:10 11904 c:\windows\maxdriver\sffdisk.sys + 2004-08-10 11:00 . 2008-04-14 07:45 64512 c:\windows\maxdriver\serial.sys + 2004-08-10 11:00 . 2008-04-14 07:10 15744 c:\windows\maxdriver\serenum.sys + 2004-08-10 11:00 . 2007-11-13 10:25 20480 c:\windows\maxdriver\secdrv.sys + 2004-08-10 11:00 . 2008-04-14 07:06 79232 c:\windows\maxdriver\sdbus.sys + 2004-08-10 11:00 . 2008-04-14 07:10 96384 c:\windows\maxdriver\scsiport.sys + 2007-01-20 07:11 . 2007-01-20 07:11 31644 c:\windows\maxdriver\scdemu.sys + 2007-02-21 19:16 . 2007-02-21 19:16 12416 c:\windows\maxdriver\s24trans.sys + 2010-05-09 00:36 . 2008-04-14 07:26 30592 c:\windows\maxdriver\rndismpx.sys + 2004-08-10 11:00 . 2008-04-14 07:26 30592 c:\windows\maxdriver\rndismp.sys + 2001-08-17 13:24 . 2004-08-10 11:00 12032 c:\windows\maxdriver\riodrv.sys + 2001-08-17 13:24 . 2004-08-10 11:00 12032 c:\windows\maxdriver\rio8drv.sys + 2007-11-14 23:51 . 2008-04-14 07:16 59136 c:\windows\maxdriver\rfcomm.sys + 2007-11-14 23:51 . 2008-04-14 07:10 57600 c:\windows\maxdriver\redbook.sys + 2010-05-09 00:36 . 2008-04-14 06:53 13776 c:\windows\maxdriver\recagent.sys + 2004-08-10 11:00 . 2004-08-10 11:00 34432 c:\windows\maxdriver\rawwan.sys + 2004-08-10 11:00 . 2004-08-10 11:00 16512 c:\windows\maxdriver\raspti.sys + 2004-08-10 11:00 . 2008-04-14 07:49 48384 c:\windows\maxdriver\raspptp.sys + 2004-08-10 11:00 . 2008-04-14 07:27 41472 c:\windows\maxdriver\raspppoe.sys + 2004-08-10 11:00 . 2008-04-14 07:49 51328 c:\windows\maxdriver\rasl2tp.sys + 2008-11-20 19:19 . 2008-06-16 10:00 44944 c:\windows\maxdriver\pxhelp20.sys + 2004-08-10 11:00 . 2004-08-10 11:00 17792 c:\windows\maxdriver\ptilink.sys + 2004-08-10 11:00 . 2008-04-14 07:26 69120 c:\windows\maxdriver\psched.sys + 2004-08-03 22:59 . 2008-04-14 07:01 35840 c:\windows\maxdriver\processr.sys + 2009-12-27 07:14 . 2009-12-29 21:02 22328 c:\windows\maxdriver\PnkBstrK.sys + 2004-08-10 11:00 . 2008-04-14 07:10 24960 c:\windows\maxdriver\pciidex.sys + 2004-08-10 11:00 . 2008-04-14 07:06 68224 c:\windows\maxdriver\pci.sys + 2004-08-10 11:00 . 2008-04-14 07:10 19712 c:\windows\maxdriver\partmgr.sys + 2004-08-03 22:59 . 2008-04-14 07:10 80128 c:\windows\maxdriver\parport.sys + 2004-08-03 22:59 . 2008-04-14 07:01 42752 c:\windows\maxdriver\p3.sys + 2004-08-10 11:00 . 2008-04-14 07:16 61696 c:\windows\maxdriver\ohci1394.sys + 2004-08-10 11:00 . 2004-08-10 11:00 55936 c:\windows\maxdriver\nwlnkspx.sys + 2004-08-10 11:00 . 2004-08-10 11:00 63232 c:\windows\maxdriver\nwlnknb.sys + 2004-08-10 11:00 . 2008-04-14 07:26 88320 c:\windows\maxdriver\nwlnkipx.sys + 2004-08-10 11:00 . 2004-08-10 11:00 32512 c:\windows\maxdriver\nwlnkfwd.sys + 2004-08-10 11:00 . 2004-08-10 11:00 12416 c:\windows\maxdriver\nwlnkflt.sys + 2004-08-10 11:00 . 2008-04-14 07:02 30848 c:\windows\maxdriver\npfs.sys + 2007-11-06 20:22 . 2007-11-06 20:22 34064 c:\windows\maxdriver\npf.sys + 2004-08-10 11:00 . 2008-04-14 07:23 40320 c:\windows\maxdriver\nmnt.sys + 2001-08-17 13:24 . 2004-08-10 11:00 12032 c:\windows\maxdriver\nikedrv.sys + 2004-08-03 22:58 . 2008-04-14 07:21 61824 c:\windows\maxdriver\nic1394.sys + 2003-01-20 19:50 . 2003-01-20 19:50 20648 c:\windows\maxdriver\netrcacm.sys + 2004-08-10 11:00 . 2008-04-14 07:26 34688 c:\windows\maxdriver\netbios.sys + 2004-08-10 11:00 . 2008-04-14 07:27 40576 c:\windows\maxdriver\ndproxy.sys + 2004-08-10 11:00 . 2008-04-14 07:50 91520 c:\windows\maxdriver\ndiswan.sys + 2004-08-03 23:03 . 2008-04-14 07:26 14592 c:\windows\maxdriver\ndisuio.sys + 2004-08-10 11:00 . 2008-04-14 07:27 10112 c:\windows\maxdriver\ndistapi.sys + 2007-11-18 19:32 . 2008-04-14 07:16 10880 c:\windows\maxdriver\ndisip.sys + 2007-11-18 19:31 . 2008-04-14 07:16 85248 c:\windows\maxdriver\nabtsfec.sys + 2010-05-09 00:36 . 2008-04-14 07:13 12672 c:\windows\maxdriver\mutohpen.sys + 2004-08-03 23:07 . 2008-04-14 07:06 15488 c:\windows\maxdriver\mssmbios.sys + 2004-08-10 11:00 . 2008-04-14 07:26 35072 c:\windows\maxdriver\msgpc.sys + 2004-08-10 11:00 . 2008-04-14 07:02 19072 c:\windows\maxdriver\msfs.sys + 2004-08-10 11:00 . 2008-04-14 07:09 92544 c:\windows\maxdriver\mqac.sys + 2004-08-10 11:00 . 2008-04-14 07:09 42368 c:\windows\maxdriver\mountmgr.sys + 2007-11-15 20:44 . 2001-08-17 21:48 12160 c:\windows\maxdriver\mouhid.sys + 2004-08-03 22:58 . 2008-04-14 07:09 23040 c:\windows\maxdriver\mouclass.sys + 2004-08-03 23:08 . 2008-04-14 07:30 30080 c:\windows\maxdriver\modem.sys + 2007-11-15 07:58 . 2004-08-10 11:45 11008 c:\windows\maxdriver\mhndrv.sys + 2004-08-03 23:07 . 2008-04-14 07:06 63744 c:\windows\maxdriver\mf.sys + 2007-02-28 19:15 . 2007-02-28 19:15 19072 c:\windows\maxdriver\MDPMGRNT.sys + 2007-11-15 19:53 . 2004-03-17 20:04 13059 c:\windows\maxdriver\mdmxsdk.sys + 2008-09-21 03:04 . 2010-04-29 22:39 38224 c:\windows\maxdriver\mbamswissarmy.sys + 2008-09-21 03:04 . 2010-04-29 22:39 20952 c:\windows\maxdriver\mbam.sys + 2004-08-10 11:00 . 2009-06-24 11:18 92928 c:\windows\maxdriver\ksecdd.sys + 2007-11-17 02:01 . 2008-04-14 07:09 14592 c:\windows\maxdriver\kbdhid.sys + 2004-08-10 11:00 . 2008-04-14 07:09 24576 c:\windows\maxdriver\kbdclass.sys + 2004-08-10 11:00 . 2008-04-14 07:06 37248 c:\windows\maxdriver\isapnp.sys + 2007-11-14 23:48 . 2008-04-14 07:24 11264 c:\windows\maxdriver\irenum.sys + 2007-11-15 08:31 . 2008-04-14 07:15 46592 c:\windows\maxdriver\irbus.sys + 2004-08-10 11:00 . 2008-04-14 07:49 75264 c:\windows\maxdriver\ipsec.sys + 2004-08-10 11:00 . 2008-04-14 07:27 20864 c:\windows\maxdriver\ipinip.sys + 2004-08-10 11:00 . 2004-08-10 11:00 32896 c:\windows\maxdriver\ipfltdrv.sys + 2004-08-10 11:00 . 2008-04-14 07:23 36608 c:\windows\maxdriver\ip6fw.sys + 2004-08-10 11:00 . 2008-04-14 07:01 36352 c:\windows\maxdriver\intelppm.sys + 2004-08-10 11:00 . 2008-04-14 07:11 42112 c:\windows\maxdriver\imapi.sys + 2004-08-10 11:00 . 2008-04-14 07:48 52480 c:\windows\maxdriver\i8042prt.sys + 2010-04-28 19:48 . 2005-03-08 19:43 21744 c:\windows\maxdriver\HPZius12.sys + 2010-04-28 19:48 . 2005-03-08 19:43 16496 c:\windows\maxdriver\HPZipr12.sys + 2010-04-28 19:48 . 2005-03-08 19:43 51120 c:\windows\maxdriver\HPZid412.sys + 2007-11-26 19:12 . 2008-04-14 07:15 10368 c:\windows\maxdriver\hidusb.sys + 2004-08-10 11:00 . 2008-04-14 07:15 24960 c:\windows\maxdriver\hidparse.sys + 2007-11-15 08:31 . 2008-04-14 07:15 19200 c:\windows\maxdriver\hidir.sys + 2004-08-10 11:00 . 2008-04-14 07:15 36864 c:\windows\maxdriver\hidclass.sys + 2010-05-09 00:36 . 2008-04-14 07:16 25600 c:\windows\maxdriver\hidbth.sys + 2007-03-31 04:44 . 2007-03-31 04:44 20536 c:\windows\maxdriver\GERNUWA.sys + 2010-05-09 00:36 . 2008-04-14 07:06 46464 c:\windows\maxdriver\gagp30kx.sys + 2001-08-17 13:57 . 2004-08-10 11:00 12160 c:\windows\maxdriver\fsvga.sys + 2004-08-10 11:00 . 2008-04-14 07:10 20480 c:\windows\maxdriver\flpydisk.sys + 2004-08-10 11:00 . 2008-04-14 07:03 44544 c:\windows\maxdriver\fips.sys + 2004-08-10 11:00 . 2008-04-14 07:10 27392 c:\windows\maxdriver\fdc.sys + 2004-08-10 11:00 . 2008-04-14 07:08 71168 c:\windows\maxdriver\dxg.sys + 2004-08-10 11:00 . 2004-08-10 11:00 10496 c:\windows\maxdriver\dxapi.sys + 2008-06-22 01:07 . 2007-07-23 21:43 52000 c:\windows\maxdriver\DRVNDDM.SYS + 2008-06-22 01:07 . 2007-07-23 21:55 99808 c:\windows\maxdriver\DRVMCDB.SYS + 2007-11-15 19:48 . 2008-04-14 07:15 60160 c:\windows\maxdriver\drmk.sys + 2007-11-15 19:49 . 2008-04-14 07:15 52864 c:\windows\maxdriver\dmusic.sys + 2008-06-22 01:07 . 2007-07-23 22:04 93552 c:\windows\maxdriver\DLAUDFAM.SYS + 2008-06-22 01:07 . 2007-07-23 22:04 98448 c:\windows\maxdriver\DLAUDF_M.SYS + 2008-06-22 01:07 . 2007-07-23 21:49 30064 c:\windows\maxdriver\DLARTL_M.SYS + 2008-06-22 01:07 . 2007-07-23 22:04 16304 c:\windows\maxdriver\DLAPoolM.SYS + 2008-06-22 01:07 . 2007-07-23 22:04 27216 c:\windows\maxdriver\DLAOPIOM.SYS + 2008-06-22 01:07 . 2007-07-23 21:49 14576 c:\windows\maxdriver\DLACDBHM.SYS + 2008-06-22 01:07 . 2007-07-23 22:04 32848 c:\windows\maxdriver\DLABOIOM.SYS + 2008-06-22 01:07 . 2007-07-23 22:04 37360 c:\windows\maxdriver\DLABMFSM.SYS + 2004-08-10 11:00 . 2008-04-14 07:10 14208 c:\windows\maxdriver\diskdump.sys + 2004-08-10 11:00 . 2008-04-14 07:10 36352 c:\windows\maxdriver\disk.sys + 2009-06-08 17:00 . 2009-06-08 17:00 71696 c:\windows\maxdriver\DefragFs.sys + 2004-08-03 22:59 . 2008-04-14 07:01 36736 c:\windows\maxdriver\crusoe.sys + 2001-08-17 13:24 . 2004-08-10 11:00 11776 c:\windows\maxdriver\cpqdap01.sys + 2007-11-14 23:50 . 2008-04-14 07:06 10240 c:\windows\maxdriver\compbatt.sys + 2007-11-14 23:50 . 2008-04-14 07:06 13952 c:\windows\maxdriver\cmbatt.sys + 2004-08-10 11:00 . 2008-04-14 07:46 49536 c:\windows\maxdriver\classpnp.sys + 2004-12-13 21:14 . 2004-12-13 21:14 39904 c:\windows\maxdriver\cercsr6.sys + 2004-08-10 11:00 . 2008-04-14 07:10 62976 c:\windows\maxdriver\cdrom.sys + 2004-08-10 11:00 . 2008-04-14 07:44 63744 c:\windows\maxdriver\cdfs.sys + 2001-08-17 13:52 . 2004-08-10 11:00 18688 c:\windows\maxdriver\cdaudio.sys + 2007-11-18 19:31 . 2008-04-14 07:16 17024 c:\windows\maxdriver\ccdecode.sys + 2004-08-10 11:00 . 2004-08-10 11:00 13952 c:\windows\maxdriver\cbidf2k.sys + 2010-04-27 02:22 . 2009-06-19 04:48 45984 c:\windows\maxdriver\btwusb.sys + 2010-04-27 02:22 . 2008-09-26 16:30 91176 c:\windows\maxdriver\btwsecfl.sys + 2010-04-27 02:22 . 2009-05-11 22:45 56992 c:\windows\maxdriver\btwhid.sys + 2010-04-27 02:22 . 2008-02-05 01:57 37160 c:\windows\maxdriver\btport.sys + 2007-11-14 23:51 . 2008-04-14 07:16 18944 c:\windows\maxdriver\bthusb.sys + 2010-05-09 00:36 . 2008-04-14 07:16 36480 c:\windows\maxdriver\bthprint.sys + 2010-05-09 00:36 . 2008-04-14 07:16 37888 c:\windows\maxdriver\bthmodem.sys + 2007-11-14 23:51 . 2008-04-14 07:16 17024 c:\windows\maxdriver\bthenum.sys + 2004-08-10 11:00 . 2008-04-14 07:23 71552 c:\windows\maxdriver\bridge.sys + 2007-11-15 20:35 . 2005-10-03 20:57 86867 c:\windows\maxdriver\BCOREUSB.sys + 2010-05-23 19:05 . 2006-08-17 15:55 44544 c:\windows\maxdriver\bcm4sbxp.sys + 2007-11-14 23:50 . 2008-04-14 07:06 14208 c:\windows\maxdriver\battc.sys + 2007-03-31 04:47 . 2007-03-31 04:47 17848 c:\windows\maxdriver\AWLEGACY.sys + 2007-03-31 04:46 . 2007-03-31 04:46 13368 c:\windows\maxdriver\awechomd.sys + 2007-03-31 04:48 . 2007-03-31 04:48 18232 c:\windows\maxdriver\AW_HOST5.sys + 2007-12-14 17:30 . 2007-12-14 17:30 51304 c:\windows\maxdriver\atnt40k.sys + 2004-08-10 11:00 . 2008-04-14 07:21 55808 c:\windows\maxdriver\atmlane.sys + 2004-08-10 11:00 . 2004-08-10 11:00 31360 c:\windows\maxdriver\atmepvc.sys + 2004-08-10 11:00 . 2008-04-14 07:21 59904 c:\windows\maxdriver\atmarpc.sys + 2006-11-10 13:08 . 2006-11-10 13:08 24064 c:\windows\maxdriver\ATITool.sys + 2010-05-09 00:36 . 2008-04-14 05:04 63488 c:\windows\maxdriver\atinxsxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 31744 c:\windows\maxdriver\atinxbxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 73216 c:\windows\maxdriver\atintuxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 13824 c:\windows\maxdriver\atinttxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 28672 c:\windows\maxdriver\atinsnxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 52224 c:\windows\maxdriver\atinraxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 14336 c:\windows\maxdriver\atinpdxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 13824 c:\windows\maxdriver\atinmdxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 57856 c:\windows\maxdriver\atinbtxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 34735 c:\windows\maxdriver\ati1xsxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 29455 c:\windows\maxdriver\ati1xbxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 36463 c:\windows\maxdriver\ati1tuxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 21343 c:\windows\maxdriver\ati1ttxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 26367 c:\windows\maxdriver\ati1snxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 63663 c:\windows\maxdriver\ati1rvxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 30671 c:\windows\maxdriver\ati1raxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 12047 c:\windows\maxdriver\ati1pdxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 11615 c:\windows\maxdriver\ati1mdxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 56623 c:\windows\maxdriver\ati1btxx.sys + 2004-08-10 11:00 . 2008-04-14 07:10 96512 c:\windows\maxdriver\atapi.sys + 2004-08-10 11:00 . 2008-04-14 07:27 14336 c:\windows\maxdriver\asyncmac.sys + 2008-10-22 19:26 . 1999-09-10 11:06 25244 c:\windows\maxdriver\aspi32.sys + 2004-08-03 22:58 . 2008-04-14 07:21 60800 c:\windows\maxdriver\arp1394.sys + 2007-11-15 20:11 . 2005-08-13 01:50 16128 c:\windows\maxdriver\APPDRV.SYS + 2004-08-03 22:59 . 2008-04-14 07:01 37760 c:\windows\maxdriver\amdk7.sys + 2004-08-03 22:59 . 2008-04-14 07:01 37376 c:\windows\maxdriver\amdk6.sys + 2010-05-09 00:36 . 2008-04-14 07:06 43008 c:\windows\maxdriver\amdagp.sys + 2010-05-09 00:36 . 2008-04-14 07:06 42752 c:\windows\maxdriver\alim1541.sys + 2010-05-09 00:36 . 2008-04-14 07:06 44928 c:\windows\maxdriver\agpcpq.sys + 2010-05-09 00:36 . 2008-04-14 07:06 42368 c:\windows\maxdriver\agp440.sys + 2007-11-15 20:00 . 2010-05-23 03:41 21425 c:\windows\maxdriver\AegisP.sys + 2004-08-10 11:00 . 2004-08-10 11:00 11648 c:\windows\maxdriver\acpiec.sys + 2004-08-10 11:00 . 2008-04-14 07:16 53376 c:\windows\maxdriver\1394bus.sys + 2004-08-10 11:00 . 2004-08-10 11:00 4352 c:\windows\maxdriver\wmilib.sys + 2004-08-10 11:00 . 2004-08-10 11:00 4736 c:\windows\maxdriver\usbd.sys + 2004-05-17 23:18 . 2004-05-17 23:18 8573 c:\windows\maxdriver\tosrfec.sys + 2005-07-12 02:58 . 2005-07-12 02:58 3712 c:\windows\maxdriver\toshidpt.sys + 2004-08-03 22:58 . 2008-04-14 07:09 4352 c:\windows\maxdriver\swenum.sys + 2007-11-15 19:49 . 2008-04-14 07:15 6272 c:\windows\maxdriver\splitter.sys + 2010-05-09 00:36 . 2008-04-14 07:06 5888 c:\windows\maxdriver\smbali.sys + 2004-08-10 11:00 . 2004-08-10 11:00 5888 c:\windows\maxdriver\rootmdm.sys + 2004-08-10 11:00 . 2004-08-10 11:00 4224 c:\windows\maxdriver\rdpcdd.sys + 2004-08-10 11:00 . 2004-08-10 11:00 8832 c:\windows\maxdriver\rasacd.sys + 2004-08-10 11:00 . 2004-08-10 11:00 3328 c:\windows\maxdriver\pciide.sys + 2004-08-10 11:00 . 2004-08-10 11:00 6784 c:\windows\maxdriver\parvdm.sys + 2004-08-10 11:00 . 2004-08-10 11:00 3456 c:\windows\maxdriver\oprghdlr.sys + 2004-08-10 11:00 . 2004-08-10 11:00 2944 c:\windows\maxdriver\null.sys + 2007-11-18 19:32 . 2008-04-14 07:09 5504 c:\windows\maxdriver\mstee.sys + 2007-11-15 19:48 . 2008-04-14 07:09 4992 c:\windows\maxdriver\mspqm.sys + 2007-11-15 19:48 . 2008-04-14 07:09 5376 c:\windows\maxdriver\mspclock.sys + 2007-11-15 19:48 . 2008-04-14 07:09 7552 c:\windows\maxdriver\mskssrv.sys + 2004-08-10 11:00 . 2004-08-10 11:00 4224 c:\windows\maxdriver\mnmdd.sys + 2004-08-10 11:00 . 2004-08-10 11:00 7680 c:\windows\maxdriver\mcd.sys + 2007-11-14 23:50 . 2008-04-14 07:10 5504 c:\windows\maxdriver\intelide.sys + 2004-08-10 11:00 . 2004-08-10 11:00 7936 c:\windows\maxdriver\fs_rec.sys + 2007-11-14 23:50 . 2001-08-17 13:46 6400 c:\windows\maxdriver\enum1394.sys + 2004-08-10 11:00 . 2004-08-10 11:00 3328 c:\windows\maxdriver\dxgthk.sys + 2007-11-15 19:48 . 2008-04-14 07:15 2944 c:\windows\maxdriver\drmkaud.sys + 2004-08-10 11:00 . 2004-08-10 11:00 5888 c:\windows\maxdriver\dmload.sys + 2008-06-22 01:07 . 2007-07-23 22:05 9104 c:\windows\maxdriver\DLADResM.SYS + 2007-06-20 10:00 . 2007-06-20 10:00 9200 c:\windows\maxdriver\cdralw2k.sys + 2007-06-20 10:00 . 2007-06-20 10:00 9072 c:\windows\maxdriver\cdr4_xp.sys + 2004-08-10 11:00 . 2004-08-10 11:00 4224 c:\windows\maxdriver\beep.sys + 2007-11-14 23:52 . 2001-08-17 13:59 3072 c:\windows\maxdriver\audstub.sys + 2010-05-23 23:50 . 2007-02-15 21:31 730112 c:\windows\system32\DRVSTORE\netw4x64_4222030BCE046C58A302D849F8E5584EF0C7D11B\NETw4c64.dll + 2004-08-10 11:00 . 2008-04-14 12:42 578560 c:\windows\system32\dllcache\user32.dll + 2000-11-02 08:10 . 2000-11-02 08:10 164180 c:\windows\maxdriver\windrvr.sys + 2010-05-09 00:36 . 2008-04-14 07:16 121984 c:\windows\maxdriver\usbvideo.sys + 2004-08-10 11:00 . 2008-04-14 07:15 143872 c:\windows\maxdriver\usbport.sys + 2004-08-10 11:00 . 2008-04-14 07:09 384768 c:\windows\maxdriver\update.sys + 2002-08-02 05:53 . 2002-08-02 05:53 160672 c:\windows\maxdriver\tosrfpcc.sys + 2005-09-15 18:53 . 2005-09-15 18:53 108672 c:\windows\maxdriver\tosrfbd.sys + 2004-08-10 11:00 . 2010-02-11 12:02 226880 c:\windows\maxdriver\tcpip6.sys + 2004-08-10 11:00 . 2008-06-20 11:51 361600 c:\windows\maxdriver\tcpip.sys + 2007-11-15 19:48 . 2005-03-11 00:56 273168 c:\windows\maxdriver\STAC97.sys + 2004-08-10 11:00 . 2009-12-31 16:50 353792 c:\windows\maxdriver\srv.sys + 2008-03-17 18:53 . 2008-03-17 18:53 717296 c:\windows\maxdriver\sptd.sys + 2010-05-09 00:36 . 2008-04-14 06:53 404990 c:\windows\maxdriver\slntamr.sys + 2010-05-09 00:36 . 2008-04-14 06:53 129535 c:\windows\maxdriver\slnt7554.sys + 2010-05-09 00:36 . 2008-04-14 05:04 166912 c:\windows\maxdriver\s3gnbm.sys + 2004-08-10 11:00 . 2008-05-08 14:02 203136 c:\windows\maxdriver\rmcast.sys + 2007-11-15 07:56 . 2008-04-14 12:43 139656 c:\windows\maxdriver\rdpwd.sys + 2007-11-15 07:56 . 2008-04-14 07:02 196224 c:\windows\maxdriver\rdpdr.sys + 2004-08-10 11:00 . 2008-04-14 07:58 175744 c:\windows\maxdriver\rdbss.sys + 2007-11-15 19:48 . 2008-04-14 07:49 146048 c:\windows\maxdriver\portcls.sys + 2004-08-10 11:00 . 2008-04-14 07:06 120192 c:\windows\maxdriver\pcmcia.sys + 2004-08-10 11:00 . 2008-04-14 07:04 163584 c:\windows\maxdriver\nwrdr.sys + 2010-05-09 00:36 . 2008-04-14 06:53 180360 c:\windows\maxdriver\ntmtlfax.sys + 2004-08-10 11:00 . 2008-04-14 07:45 574976 c:\windows\maxdriver\ntfs.sys + 2004-08-10 11:00 . 2008-04-14 07:51 162816 c:\windows\maxdriver\netbt.sys + 2004-08-10 11:00 . 2008-04-14 07:50 182656 c:\windows\maxdriver\ndis.sys + 2004-08-10 11:00 . 2008-04-14 07:47 105344 c:\windows\maxdriver\mup.sys + 2010-05-09 00:36 . 2008-04-14 05:04 452736 c:\windows\maxdriver\mtxparhm.sys + 2010-05-09 00:36 . 2008-04-14 06:53 126686 c:\windows\maxdriver\mtlmnt5.sys + 2004-08-10 11:00 . 2010-02-24 13:11 455680 c:\windows\maxdriver\mrxsmb.sys + 2004-08-10 11:00 . 2008-04-14 07:02 180608 c:\windows\maxdriver\mrxdav.sys + 2009-12-02 22:23 . 2009-12-02 22:23 149040 c:\windows\maxdriver\MpFilter.sys + 2007-09-05 23:01 . 2007-09-05 23:01 277888 c:\windows\maxdriver\MDFSYSNT.SYS + 2004-08-03 23:15 . 2008-04-14 07:46 141056 c:\windows\maxdriver\ks.sys + 2007-11-15 19:48 . 2008-04-14 07:15 172416 c:\windows\maxdriver\kmixer.sys + 2004-08-10 11:00 . 2008-04-14 07:27 152832 c:\windows\maxdriver\ipnat.sys + 2004-08-10 11:00 . 2009-10-20 16:20 265728 c:\windows\maxdriver\http.sys + 2007-11-15 19:53 . 2005-05-03 23:08 208384 c:\windows\maxdriver\HSFHWICH.sys + 2010-05-09 00:36 . 2008-04-14 06:53 685056 c:\windows\maxdriver\hsfcxts2.sys + 2010-05-09 00:36 . 2008-04-14 06:53 220032 c:\windows\maxdriver\hsfbs2s2.sys + 2007-11-15 19:53 . 2005-05-03 23:08 705408 c:\windows\maxdriver\HSF_CNXT.sys + 2010-05-09 00:36 . 2008-04-14 05:06 144384 c:\windows\maxdriver\hdaudbus.sys + 2004-08-10 11:00 . 2004-08-10 11:00 125056 c:\windows\maxdriver\ftdisk.sys + 2007-11-15 08:01 . 2008-04-14 07:03 129792 c:\windows\maxdriver\fltmgr.sys + 2004-08-10 11:00 . 2008-04-14 07:44 143744 c:\windows\maxdriver\fastfat.sys + 2004-08-10 11:00 . 2008-04-14 07:14 153344 c:\windows\maxdriver\dmio.sys + 2004-08-10 11:00 . 2008-04-14 07:14 799744 c:\windows\maxdriver\dmboot.sys + 2008-06-22 01:07 . 2007-07-23 22:04 108752 c:\windows\maxdriver\DLAIFS_M.SYS + 2001-08-17 14:02 . 2004-08-10 11:00 262528 c:\windows\maxdriver\cinemst2.sys + 2010-04-27 02:22 . 2008-07-25 01:37 156816 c:\windows\maxdriver\btwdndis.sys + 2010-04-27 02:22 . 2009-04-16 02:13 991136 c:\windows\maxdriver\btkrnl.sys + 2007-11-14 23:51 . 2008-06-13 11:05 272128 c:\windows\maxdriver\bthport.sys + 2007-11-14 23:51 . 2008-04-14 07:21 101120 c:\windows\maxdriver\bthpan.sys + 2010-04-27 02:22 . 2009-06-19 04:48 533024 c:\windows\maxdriver\btaudio.sys + 2004-08-10 11:00 . 2004-08-10 11:00 352256 c:\windows\maxdriver\atmuni.sys + 2010-05-09 00:36 . 2008-04-14 05:04 104960 c:\windows\maxdriver\atinrvxx.sys + 2010-05-09 00:36 . 2008-04-14 05:04 327040 c:\windows\maxdriver\ati2mtaa.sys + 2007-11-18 19:25 . 2005-02-17 11:06 375424 c:\windows\maxdriver\AngelUsb.sys + 2004-08-10 11:00 . 2008-08-14 10:04 138496 c:\windows\maxdriver\afd.sys + 2007-11-15 19:48 . 2008-04-14 05:09 142592 c:\windows\maxdriver\aec.sys + 2004-08-10 11:00 . 2008-04-14 07:06 187776 c:\windows\maxdriver\acpi.sys + 2010-05-23 23:50 . 2007-02-25 15:10 3090432 c:\windows\system32\DRVSTORE\netw4x64_4222030BCE046C58A302D849F8E5584EF0C7D11B\NETw4x64.sys + 2010-05-23 23:50 . 2007-02-15 21:31 2655744 c:\windows\system32\DRVSTORE\netw4x64_4222030BCE046C58A302D849F8E5584EF0C7D11B\NETw4r64.dll + 2007-11-15 19:59 . 2007-02-08 21:51 2209408 c:\windows\maxdriver\w29n51.sys + 2010-05-09 00:36 . 2008-04-14 05:04 1897408 c:\windows\maxdriver\nv4_mini.sys + 2010-05-09 00:36 . 2008-04-14 06:53 1309184 c:\windows\maxdriver\mtlstrm.sys + 2010-04-26 23:14 . 2006-06-07 00:32 1168860 c:\windows\maxdriver\ialmnt5.sys + 2010-05-09 00:36 . 2008-04-14 06:53 1041536 c:\windows\maxdriver\hsfdpsp2.sys + 2007-11-15 19:53 . 2005-05-03 23:09 1033728 c:\windows\maxdriver\HSF_DPV.SYS + 2007-11-15 20:03 . 2005-08-04 07:10 1273344 c:\windows\maxdriver\ati2mtag.sys . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-05 00:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Red Swoosh"="c:\program files\RSSoft\RedSwoosh.exe" [2007-02-27 62436] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-15 68856] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 393944] "DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2007-02-22 140184] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 136600] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704] "MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 53248] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-07 118784] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\Blake\Start Menu\Programs\Startup\ Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-7-18 2074360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-20 607584] Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-2-24 1719568] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2007-11-15 19:39 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2007-04-27 20:10 18744 ----a-w- c:\windows\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 06:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-09-01 23:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-11-15 21:11 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B179023B-6238-4499-8F26-CD73E9D90E0A}] 2007-07-12 18:57 179288 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDrive.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [9/5/2007 4:01 PM 277888] R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2/28/2007 12:15 PM 19072] R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2/28/2008 1:24 PM 140184] R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [5/1/2007 3:55 PM 143360] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/17/2008 11:53 AM 717296] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 1:33 AM 135664] S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [11/18/2007 12:25 PM 375424] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 1:22 PM 34064] . Contents of the 'Scheduled Tasks' folder 2010-05-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-15 08:40] 2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 08:33] 2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 08:33] 2010-05-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-02-05 00:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\uysb827j.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\Blake\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Blake\Application Data\Move Networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\Blake\Application Data\Mozilla\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-25 12:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-448539723-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll c:\windows\system32\PCANotify.dll c:\program files\AlienGUIse\fastload.dll . Completion time: 2010-05-25 12:50:47 ComboFix-quarantined-files.txt 2010-05-25 19:50 ComboFix2.txt 2010-05-24 19:41 ComboFix3.txt 2010-05-24 00:24 ComboFix4.txt 2010-05-23 20:48 ComboFix5.txt 2010-05-25 19:34 Pre-Run: 15,384,776,704 bytes free Post-Run: 15,333,810,176 bytes free - - End Of File - - DC6E2FD83B4E1ADE3FA14F17C4DA7C3E
  14. OTL logfile created on: 5/25/2010 1:46:58 PM - Run 2 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Blake\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 14.32 Gb Free Space | 19.21% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BDL Current User Name: Blake Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/25 13:06:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTL.exe PRC - [2010/04/12 15:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009/07/17 11:10:16 | 000,931,080 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/05/01 15:55:36 | 000,143,360 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe PRC - [2007/02/21 12:28:36 | 000,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2007/02/21 12:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe PRC - [2007/02/21 12:16:48 | 000,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2007/02/21 12:10:00 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2006/12/07 17:52:14 | 000,140,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe PRC - [2006/12/07 17:52:10 | 000,095,128 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe PRC - [2006/06/29 13:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe ========== Modules (SafeList) ========== MOD - [2010/05/25 13:06:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTL.exe MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009/07/17 11:10:18 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine) SRV - [2009/07/17 11:10:16 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent) SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3) SRV - [2007/11/29 15:00:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007/11/15 12:39:52 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist) SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2007/05/11 13:10:00 | 000,132,728 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32) SRV - [2007/05/01 15:55:36 | 000,143,360 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe -- (MacDriveService) SRV - [2007/02/21 12:28:36 | 000,643,072 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel® SRV - [2007/02/21 12:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel® SRV - [2007/02/21 12:16:48 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel® SRV - [2007/02/21 12:10:00 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel® SRV - [2007/01/05 15:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2006/12/07 17:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB) SRV - [2006/12/07 17:52:10 | 000,095,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD) SRV - [2006/06/29 13:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC) SRV - [2005/08/30 18:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service) SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme) DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter) DRV - [2009/06/18 21:48:12 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2009/06/18 21:48:06 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2009/06/08 10:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DefragFs.sys -- (DefragFS) DRV - [2009/05/11 15:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2009/04/15 19:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008/07/24 18:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008/04/14 00:15:36 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus) DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/03/17 11:53:16 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008/02/04 18:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2007/09/05 16:01:10 | 000,277,888 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\MDFSYSNT.SYS -- (MDFSYSNT) DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM) DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM) DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM) DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM) DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2007/07/23 14:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2007/07/23 14:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2007/06/20 03:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2007/06/20 03:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2007/03/30 21:48:02 | 000,018,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST) DRV - [2007/03/30 21:47:22 | 000,017,848 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy) DRV - [2007/03/30 21:46:50 | 000,013,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho) DRV - [2007/03/30 21:44:22 | 000,020,536 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GERNUWA.sys -- (Gernuwa) DRV - [2007/02/28 12:15:08 | 000,019,072 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MDPMGRNT.sys -- (MDPMGRNT) DRV - [2007/02/21 12:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007/02/08 14:51:16 | 002,209,408 | ---- | M] (Intel
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.