Can you go to my original combofix download link, download and then run Combofix again and post the log please.
Let me know if anything has changed please.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
safyrmwn 0 Junior Poster in Training
Can you go to my original combofix download link, download and then run Combofix again and post the log please.
Let me know if anything has changed please.
:confused: I really did try to run Combofix again after re-downloading it from your original link, then disconnecting physically from the network, disabling anti virus, etc..
It started up perfect with the Regular Notification Screen and then the 2 Beep warnings that Digital Patrol was still running.
But now it is stuck in the "Please wait. Combofix is preparing to run." loop with Nircmd.3xe using 100% system resources!!
What to do?
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Not sure if it is best at this stage to try a system repair.
Do you have the Windows CD?
safyrmwn 0 Junior Poster in Training
Not sure if it is best at this stage to try a system repair.
Do you have the Windows CD?
I do have the Windows CD, but it does not have Service pack 3 included?
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
You would have to download SP3 after the repair.
safyrmwn 0 Junior Poster in Training
You would have to download SP3 after the repair.
Do I have to uninstall SP3 before the repair?
safyrmwn 0 Junior Poster in Training
Do I have to uninstall SP3 before the repair?
WAIT!
I was able to run Combofix.
Here is the log:
ComboFix 11-11-13.03 - mstihkal333 11/13/2011 16:20:20.12.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1628 [GMT -7:00]
Running from: c:\documents and settings\mstihkal333\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mstihkal333\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Digital Patrol *Enabled/Updated* {35237DD9-776F-4485-A7AF-729074E24B96}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
.
.
2011-11-13 03:58 . 2011-11-13 03:58 -------- d-----w- C:\VritualRoot
2011-11-06 01:38 . 2011-11-12 04:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Comodo
2011-11-06 01:38 . 2011-11-06 01:38 -------- d-----w- c:\program files\COMODO
2011-11-06 01:37 . 2011-11-06 01:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Comodo Downloader
2011-11-06 01:30 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-06 01:30 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-06 01:30 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-06 01:30 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-06 01:30 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-06 01:30 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-06 01:30 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-06 01:30 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-06 01:30 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-06 01:30 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-06 01:30 . 2011-11-06 01:30 -------- d-----w- c:\program files\AVAST Software
2011-11-06 01:30 . 2011-11-06 01:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-11-04 10:20 . 2011-11-04 10:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-03 19:01 . 2011-11-03 19:01 -------- d-----w- C:\_OTL
2011-11-02 14:51 . 2011-11-02 14:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\boost_interprocess
2011-10-29 22:42 . 2008-05-02 09:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2011-10-17 02:39 . 2011-10-17 02:41 -------- d-----w- c:\documents and settings\mstihkal333\Application Data\vlc
2011-10-17 02:38 . 2011-10-17 02:38 -------- d-----w- c:\program files\VideoLAN
2011-10-17 01:36 . 2011-10-17 01:36 -------- d-----w- C:\xpsp3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 20:44 . 2009-06-17 16:55 76304 ----a-w- c:\windows\KHALMNPR.Exe
2011-10-21 18:31 . 2011-06-13 05:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-08 01:48 . 2011-10-08 01:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-08 01:48 . 2011-10-08 01:48 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-08 01:48 . 2011-10-08 01:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-08 01:48 . 2011-10-08 01:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-08 01:47 . 2011-10-08 01:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-08 01:47 . 2011-10-08 01:47 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-03 12:06 . 2010-05-03 16:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 09:37 . 2009-01-04 19:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-16 07:32 . 2011-09-16 06:54 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys
2011-09-03 10:17 . 2004-08-04 00:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 00:00 . 2011-08-30 07:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 17:30 . 2008-08-14 14:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2011-08-29 18:16 . 2007-03-29 20:40 1880 -c--a-w- c:\windows\AUTOLNCH.REG
2008-11-27 21:34 . 2009-12-13 20:13 14957444 ----a-w- c:\program files\mozilla firefox\plugins\avcodec-51.dll
2008-11-27 21:34 . 2009-12-13 20:13 3889294 ----a-w- c:\program files\mozilla firefox\plugins\avformat-52.dll
2008-11-27 21:34 . 2009-12-13 20:13 177548 ----a-w- c:\program files\mozilla firefox\plugins\avutil-49.dll
2009-04-15 21:02 . 2009-12-13 20:13 1642496 ----a-w- c:\program files\mozilla firefox\plugins\libambulant_shwin32.dll
2009-04-15 21:03 . 2009-12-13 20:13 290816 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_ffmpeg.dll
2009-04-15 21:03 . 2009-12-13 20:13 11264 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_plugin.dll
2009-04-15 21:03 . 2009-12-13 20:13 462848 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_state_xpath.dll
2009-02-09 22:53 . 2009-12-13 20:13 1892352 ----a-w- c:\program files\mozilla firefox\plugins\xerces-c_2_8.dll
2011-10-13 02:45 . 2011-05-15 14:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2011-11-09 76304]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, digest.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-15 09:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 20:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"COMODO"=c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe
"CPA"=c:\program files\COMODO\COMODO GeekBuddy\VALA.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/5/2011 12:54 AM 13496]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [10/6/2011 10:04 AM 17904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/5/2011 6:30 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/5/2011 6:30 PM 320856]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/7/2011 6:48 PM 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/7/2011 6:48 PM 31704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/5/2011 6:30 PM 20568]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.SYS [3/19/2011 1:18 AM 1670016]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [9/15/2011 11:54 PM 49240]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [8/13/2011 12:25 AM 66432]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [10/6/2011 10:04 AM 51632]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [11/4/2009 9:54 AM 24576]
S3 ipgd;ASUS NX1101 Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\ipgdnd51.sys [8/13/2011 4:52 PM 33408]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 5:20 AM 12648]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [8/22/2010 6:37 AM 38976]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [3/21/2007 11:10 AM 25773]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 12872]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [1/4/2011 2:53 PM 98392]
S3 WSUSBDMAN;VMware View Virtual Client USB Manager;c:\windows\system32\DRIVERS\WSUSBDMAN.sys --> c:\windows\system32\DRIVERS\WSUSBDMAN.sys [?]
S4 kcusbser;Kyocera USB Device for Legacy Serial Communication;c:\windows\system32\drivers\kcusbser.sys [11/3/2009 4:50 PM 105984]
S4 kwcxbus;kwcxbus;c:\windows\system32\drivers\kwcxbus.sys [1/19/2007 8:17 PM 52480]
S4 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/4/2011 2:53 PM 64288]
S4 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/4/2011 11:20 AM 12184]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP111
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-10-13 20:08]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-602609370-839522115-1006Core.job
- c:\documents and settings\mstihkal333\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-27 07:49]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-602609370-839522115-1006UA.job
- c:\documents and settings\mstihkal333\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-27 07:49]
.
2011-09-05 c:\windows\Tasks\SmartDefrag_Schedule.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-05 01:19]
.
2010-08-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-08-22 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://go.eset.com/us/online-scanner
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: eset.com\www
Trusted Zone: eset.eu\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: kgbusa.com\wahops
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\www.update
Trusted Zone: pcpistop.com
FF - ProfilePath - c:\documents and settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-13 16:39
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpqddsvc]
"ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqddsvc.dll.target"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3BEEBE5E-899C-FFB5-7BEB-242B29CD3454}*]
"ladmkjldljfblmdcmdfjcohk"=hex:62,61,65,65,00,f2
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B1915B7C1E689F07E513E6759457E6429A012DC3C094C6BBC414CC47D87C327E20FB0352CD04E28E8EC48FF9D821A6824C406E774EBC7C2D6D8AD59E4EB9005AAE0E8EDCB311A81895AD18CEE270D20F63EB9B5EE1761EF0D32CB1F9BB771BF0AB0178D342D143CC9D8873B68C594AEBF6DCC4E555C83903A395AF1024CA5BD578CFEAD54190F77B5D504B5881765F3FB2B2305A5EBD4E041CA5CF775E500FC28A3BC664CC9801171D487ABD43E45AD455CDD77281E4CFB5147E4BAE9428F714EA481D63D43A0CB2BDF39455264775FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CBA7FD869164D6794A1E7D7D9DA9FA4D608B562067652AEA181137065D5FC2384AE2ECA9CFE1EC192F66D61F365062849D493E3F7781B7E1B2F2AF67247F32B4F42476D29B4C09A2B9D9B9B77B8041570AD532F322F17A6285448A457438A1043927C419957C358024AF3A3311180D4327FCD62FBE3965F3C3737B7FBB8937D01612D4414A09EB404D58A5A9E113754E7DBEA5D52BFB8673DC2D732F7FBB4A29C11CEB96BAA9CEF92BD0AE274BDB98261F82A46E6CFF17F07861DD91AC4E7B01C2A67A8AC76DB4E82A22FA4997F69565F309C079C098B6E68B48EB9E12D7BDEFD5816DC1569CF181EC84BCCAAA57F461980EACA0CC0A27CA3A4C62007B40FE7B0EB8964174C3E179F99434CF6608750378CCC0482B0A7F87052F49DF2BF1A8B1AD70714DA49421D3AA291D680C56175D797126780F75FB47A5A5E094194E68A0FB46502B873CA7B139342E2014EBF398D8D9C6E3A19E105DF8057FC456012AC5E3E900940BC1B8BC142F6AEE1D7AB245EFA635519F99D44332D4D5884300E3CC7D58BC8B47FC92954A66539C3A380C444136E9EB8E4D14F7D6ABDBBB679A0887E7C68248B76C0B24CDED5C7FA576EA82DAB5F0E69091408B7E4BD0E4B92E2E3AADCD0436F44400D9C2A27E08DFCF8677B3D652EAFF7CB5451F273F9E2B6C224E7407F8FBF6BD99EB06FC851B880F71884E7C84CC5A9381EAD0A9A6CD30682254719C53A0ED474D2E43641AA69B316D892EAE1F71676E7D2A4448218278338C44CF88635A04D4A9B882CA93E45CD54C864AEA187C11EC0E380E00FF21A174CE5EE1ABCB772846CEAE2A12FA72465860CAB3C08931E427B477FC336389E8B7EEE9A57F13CB28F3BB7AB0C92400FF9544D0DBFAD7933E92575D57383E4D810DECA312FC70343E56F7F9183AAA8486B3938250E3AD9BC7E1DEDA91B97BBA4B8D3E706C7F28F3B651241B245DE46C20184FC001B6D1BAC501A31168824C18E7D17B9DE68BAA7E3CC020026B22D4124E2DAD09F8198E527102345ABAEEFC258B73736FAFB7BD7BCC27344F5CF"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3292)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'csrss.exe'(584)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2011-11-13 16:46:57
ComboFix-quarantined-files.txt 2011-11-13 23:46
ComboFix2.txt 2011-11-12 15:38
ComboFix3.txt 2011-11-08 00:38
ComboFix4.txt 2011-11-05 05:59
.
Pre-Run: 22,875,955,200 bytes free
Post-Run: 22,843,494,400 bytes free
.
- - End Of File - - 064C6F0054D0B9D205588DFE40D332B9
safyrmwn 0 Junior Poster in Training
:?: - Would running the following CFscript get rid of the Digital Patrol issue?
I will not try without your approval.
"SecCenter::
{35237DD9-776F-4485-A7AF-729074E24B96}"
Other than that the system seems to be running fine.
Monitor flashes have stopped.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
No, but try a reg search for it please.
safyrmwn 0 Junior Poster in Training
No, but try a reg search for it please.
No instances of {35237DD9-776F-4485-A7AF-729074E24B96} found.
safyrmwn 0 Junior Poster in Training
No instances of {35237DD9-776F-4485-A7AF-729074E24B96} found.
How did the most recent ComboFix log look?
Were there any problems you could see?
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Sorry for no reply. Log looks ok, but I have asked one of the other helpers for advice on removing that Digital Patrol entry.
I reckon it is a benign leftover. Just not sure where it is located.
safyrmwn 0 Junior Poster in Training
Sorry for no reply. Log looks ok, but I have asked one of the other helpers for advice on removing that Digital Patrol entry.
I reckon it is a benign leftover. Just not sure where it is located.
Thank you!
I found this folder created 11/02/11
C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
it has 1 empty folder inside:
\4015C9C31599CC01
I did a reg search for both boost_interprocess & 4015C9C31599CC01 - no results.
The strange thing is when I opened the folder:
C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess\4015C9C31599CC01
my monitor flashed once again as if a screen shot was taken?
It only flashed the first time I opened the folder.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Looks like we need to get rid of it.
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Files C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess :OTL :Commands [purity] [emptyflash] [emptytemp] [Reboot]
- Then click the Run Fix button at the top.
- Let the program run unhindered, reboot the PC when it is done.
- Post log from this run.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
See if boost_interprocess exists anywhere else please.
safyrmwn 0 Junior Poster in Training
Requested logs.
Run Fix:
All processes killed
========== FILES ==========
C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess\4015C9C31599CC01 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess folder moved successfully.
========== OTL ==========
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
User: All Users
User: All Users.WINDOWS
User: Default User
User: Default User.WINDOWS
->Flash cache emptied: 0 bytes
User: gouls
User: knowMore
->Flash cache emptied: 0 bytes
User: LocalService
User: mstihkal333
->Flash cache emptied: 940 bytes
User: NetworkService
User: SafyrMwn
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: All Users.WINDOWS
User: Default User
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: gouls
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: knowMore
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: mstihkal333
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 213176 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 81684681 bytes
->Google Chrome cache emptied: 247407489 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: SafyrMwn
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 96608 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 77309 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 314.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 11172011_145521
Files\Folders moved on Reboot...
File move failed. C:\TEMP\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
safyrmwn 0 Junior Poster in Training
Quick Scan (part 1):
OTL logfile created on: 11/17/2011 3:01:33 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mstihkal333\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.57% Memory free
9.36 Gb Paging File | 9.03 Gb Available in Paging File | 96.51% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 21.19 Gb Free Space | 27.12% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 139.78 Gb Free Space | 60.02% Space Free | Partition Type: NTFS
Drive E: | 78.13 Gb Total Space | 34.30 Gb Free Space | 43.90% Space Free | Partition Type: NTFS
Drive F: | 77.49 Gb Total Space | 42.26 Gb Free Space | 54.53% Space Free | Partition Type: NTFS
Drive G: | 57.27 Gb Total Space | 42.21 Gb Free Space | 73.70% Space Free | Partition Type: NTFS
Drive I: | 74.51 Gb Total Space | 12.50 Gb Free Space | 16.77% Space Free | Partition Type: NTFS
Drive K: | 1.91 Gb Total Space | 0.77 Gb Free Space | 40.19% Space Free | Partition Type: FAT
Computer Name: MSTIHKAL333 | User Name: mstihkal333 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/09 13:48:19 | 000,077,824 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2011/11/09 13:40:58 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2011/11/02 03:05:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mstihkal333\desktop\OTL.exe
PRC - [2011/10/20 12:58:42 | 002,497,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/10/07 18:47:14 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/15 12:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/06/30 16:46:32 | 000,121,456 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2010/04/16 15:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/24 23:23:22 | 000,098,304 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2004/07/13 14:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/17 06:00:01 | 001,617,920 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11111702\algo.dll
MOD - [2011/11/15 04:59:54 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11111702\aswRep.dll
MOD - [2011/04/14 18:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/06/30 16:46:32 | 000,121,456 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2001/08/17 15:36:16 | 000,165,888 | ---- | M] () -- C:\WINDOWS\system32\hpgt53.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (NBService)
SRV - File not found [Disabled | Stopped] -- -- (hpqddsvc)
SRV - File not found [Disabled | Stopped] -- -- (hpqcxs08)
SRV - File not found [Disabled | Stopped] -- -- (gupdate1c9a43e39b016c)
SRV - [2011/10/31 03:33:55 | 003,074,040 | ---- | M] (Emsi Software GmbH) [On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/10/07 18:47:14 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/30 11:52:32 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2011/05/25 20:43:20 | 000,154,424 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/04/22 00:17:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/19 01:16:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/08/10 06:37:22 | 000,217,088 | R--- | M] () [Disabled | Stopped] -- C:\Program Files\ASUS\Printer Utilities\UsbService.exe -- (UsbService)
SRV - [2010/06/30 16:46:32 | 000,121,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/04/16 15:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010/01/27 01:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/12/20 10:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/03/24 23:23:22 | 000,098,304 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2004/07/13 14:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
========== Driver Services (SafeList) ==========
DRV - [2011/10/07 18:48:04 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/10/07 18:48:02 | 000,492,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/10/07 18:48:02 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/09/16 00:32:38 | 000,049,240 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 13:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/12 15:32:00 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011/04/30 04:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/02/27 01:35:19 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/27 01:35:19 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/02/27 01:35:19 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/01/04 14:53:33 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/12/03 02:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/09/07 14:26:52 | 000,028,160 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\PcaSp50.sys -- (PcaSp50)
DRV - [2010/08/25 13:27:40 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2010/05/13 16:34:30 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2010/05/13 16:34:28 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2010/04/16 15:34:10 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/11/04 09:54:00 | 000,024,576 | ---- | M] (Kyocera Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
DRV - [2009/11/03 16:50:00 | 000,105,984 | ---- | M] (Kyocera Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\kcusbser.sys -- (kcusbser)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/06/17 09:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 09:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/06/17 05:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/02/11 19:50:56 | 001,670,016 | R--- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\skfilt.SYS -- (skfilt)
DRV - [2007/12/20 02:55:36 | 000,066,432 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vuhub.sys -- (vuhub)
DRV - [2007/07/20 20:29:23 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/07/19 22:42:36 | 000,163,128 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2007/07/19 22:42:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/07/19 22:42:36 | 000,021,816 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2007/03/21 11:10:30 | 000,025,773 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2006/11/13 20:31:44 | 000,033,408 | R--- | M] (ASUSTeK Computer Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipgdnd51.sys -- (ipgd)
DRV - [2006/11/05 15:24:16 | 000,457,216 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/11/05 15:24:09 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2006/05/03 09:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/05/02 21:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [2005/01/17 16:09:38 | 000,052,480 | ---- | M] (MCCI) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\kwcxbus.sys -- (kwcxbus)
DRV - [2004/05/29 06:15:12 | 000,009,728 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2002/12/10 17:53:24 | 000,236,121 | ---- | M] (Logitech Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2002/07/24 13:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 10:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 10:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 10:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 10:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 10:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 10:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/06/14 13:49:56 | 000,010,194 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/04/09 13:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.eset.com/us/online-scanner
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 E3 F8 F8 70 97 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.speedtest.net/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {28FAD68E-4001-48d5-B994-68069F7CFB1D}:0.4.7
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {3892FE4C-6DCB-4669-9D01-E23BB9FB61FB}:0.2.10
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.8
FF - prefs.js..extensions.enabledItems: researchword@scott:1.3.7
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.4
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: texpertension@texperts.com:1.0.11
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.91
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2
FF - prefs.js..extensions.enabledItems: flvideoreplacer@lovinglinux.megabyet.net:2.1.8
FF - prefs.js..extensions.enabledItems: flvripper@harsha:2.0
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.8
FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:3.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..extensions.enabledItems: kempelton-fx@arvidaxelsson.se:3.2.1
FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF836D0E}:0.9.030
FF - prefs.js..splitbrowser.search.loadResultsIn: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/02/27 23:48:10 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\mstihkal333\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/05 18:30:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/12 19:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/26 12:23:59 | 000,000,000 | ---D | M]
[2008/09/18 01:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Extensions
[2011/11/15 01:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions
[2011/07/17 16:12:29 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/01/26 01:33:37 | 000,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
[2011/07/11 10:03:21 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/15 01:36:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/12 00:03:22 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/09/01 23:39:19 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2011/08/12 01:39:29 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/08/12 18:19:09 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\DeviceDetection@logitech.com
[2010/07/13 23:48:33 | 000,000,000 | ---D | M] (Kempelton) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\kempelton-fx@arvidaxelsson.se
[2010/11/24 20:19:55 | 000,000,000 | ---D | M] (Research Word) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\researchword@scott
[2011/10/27 15:37:07 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\video.downloader.plugin@ffpimp.com
[2011/09/01 23:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2011/09/01 23:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI
[2011/11/17 12:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions
[2010/09/16 09:47:09 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/11/04 12:10:57 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/10/20 09:59:20 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/05/11 06:21:54 | 000,000,000 | ---D | M] (SafeSearch Off) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{3975c680-be94-11dd-ad8b-0800200c9a66}
[2010/06/28 20:45:52 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}(2)
[2011/09/20 20:33:16 | 000,000,000 | ---D | M] (Clippings) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2011/07/10 13:44:51 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/17 12:34:50 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2011/05/11 06:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/10/30 15:09:05 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2010/06/28 20:49:45 | 000,000,000 | ---D | M] (After the Deadline) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\afterthedeadline@afterthedeadline(2).com
[2011/08/10 16:47:08 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\DeviceDetection@logitech.com
[2010/06/28 20:45:52 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\ietab@ip(2).cn
[2009/08/05 07:50:05 | 000,000,000 | ---D | M] (Link Gopher) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\linkgopher@oooninja.com
[2010/10/02 15:17:29 | 000,000,000 | ---D | M] (Research Word) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\researchword@scott
[2011/11/17 12:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2011/11/17 12:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\devtools
[2011/11/17 12:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI
[2011/05/11 06:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2009/03/25 23:54:43 | 000,001,865 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\allplus.xml
[2011/11/03 11:50:41 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\ixquick.xml
[2009/03/25 04:25:56 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\kedrix-mearch.xml
[2011/07/19 10:28:00 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\s-amazon.xml
[2007/06/01 18:37:07 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\siteadvisor.xml
[2009/04/06 13:57:07 | 000,001,898 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\surf-canyon.xml
[2009/03/29 19:18:06 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\webster.xml
[2007/06/12 17:11:15 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\whitepagescom.xml
[2011/11/02 04:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/25 20:10:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/11/02 04:05:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\84940WAR.DEFAULT\EXTENSIONS\{28FAD68E-4001-48D5-B994-68069F7CFB1D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\84940WAR.DEFAULT\EXTENSIONS\{3892FE4C-6DCB-4669-9D01-E23BB9FB61FB}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\84940WAR.DEFAULT\EXTENSIONS\{C0CB8BA3-6C1B-47E8-A6AB-1FAB889562D9}.XPI
[2011/11/05 18:30:28 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/04/03 00:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/12 19:45:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/11/27 14:34:40 | 014,957,444 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\avcodec-51.dll
[2008/11/27 14:34:44 | 003,889,294 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\avformat-52.dll
[2008/11/27 14:34:34 | 000,177,548 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\avutil-49.dll
[2009/04/15 14:02:44 | 001,642,496 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libambulant_shwin32.dll
[2009/04/15 14:03:00 | 000,290,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libamplugin_ffmpeg.dll
[2009/04/15 14:03:00 | 000,011,264 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libamplugin_plugin.dll
[2009/04/15 14:03:00 | 000,462,848 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libamplugin_state_xpath.dll
[2009/04/15 14:03:04 | 000,027,136 | ---- | M] (CWI, Amsterdam, The Netherlands) -- C:\Program Files\mozilla firefox\plugins\npambulant.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/07/28 23:39:46 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 13:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2006/03/22 04:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2008/05/21 11:52:54 | 000,652,568 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\mozilla firefox\plugins\npzzatif.dll
[2009/02/09 15:53:36 | 001,892,352 | ---- | M] (Apache Software Foundation) -- C:\Program Files\mozilla firefox\plugins\xerces-c_2_8.dll
[2011/10/12 19:45:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome NaCl (Disabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: AmbulantPlayer npapi browser plugin for W3C SMIL 3.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npambulant.dll
CHR - plugin: SuperAdBlocker FireFox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: AlternaTIFF (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzzatif.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\mstihkal333\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
O1 HOSTS File: ([2011/11/04 22:56:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: eset.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: eset.eu ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kgbusa.com ([wahops] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pcpistop.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www1.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6440/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50ED8773-082B-4408-B3CF-77A02EA3D9E8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B81983F-3A3C-4D7D-90EF-B15139C274A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83C05F44-58E5-4C2F-B0FB-42EE9E827859}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\AutorunsDisabled\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O19 - User stylesheet: User Stylesheet -
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/17 01:01:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/15 00:30:55 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\mstihkal333\Desktop\dds.scr
[2011/11/14 23:51:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/13 16:47:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/13 14:11:18 | 004,292,963 | R--- | C] (Swearware) -- C:\Documents and Settings\mstihkal333\Desktop\ComboFix.exe
[2011/11/12 20:58:54 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2011/11/05 18:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\COMODO
[2011/11/05 18:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\COMODO
[2011/11/05 18:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
[2011/11/05 18:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/11/05 18:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo Downloader
[2011/11/05 18:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avast! Free Antivirus
[2011/11/05 18:30:49 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/05 18:30:49 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/05 18:30:46 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/05 18:30:45 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/05 18:30:45 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/05 18:30:44 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/05 18:30:44 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/05 18:30:43 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/05 18:30:25 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/05 18:30:25 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/05 18:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/05 18:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/11/04 13:55:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/03 12:01:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/02 08:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mstihkal333\Desktop\RegSrch
[2011/11/02 03:06:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mstihkal333\Desktop\OTL.exe
[2007/12/09 06:13:50 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/11/24 12:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2000/07/13 06:43:30 | 000,160,256 | ---- | C] ( ) -- C:\WINDOWS\System32\GVJPEG32.dll
[2 D:\(ALL)_My\MyDocuments\*.tmp files -> D:\(ALL)_My\MyDocuments\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/17 14:57:23 | 000,026,715 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/11/17 14:57:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/16 18:19:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/16 02:24:55 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\everest_cpl.ini
[2011/11/15 01:35:48 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/11/15 00:32:01 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\mstihkal333\Desktop\dds.scr
[2011/11/14 23:38:44 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Desktop\gmer.zip
[2011/11/13 14:11:22 | 004,292,963 | R--- | M] (Swearware) -- C:\Documents and Settings\mstihkal333\Desktop\ComboFix.exe
[2011/11/11 23:29:10 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/11/11 23:29:05 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2011/11/05 18:39:06 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO Firewall.lnk
[2011/11/05 18:38:16 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/11/05 18:38:16 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO GeekBuddy.lnk
[2011/11/05 18:30:50 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2011/11/05 18:30:45 | 000,002,669 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/04 22:56:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/03 03:08:47 | 000,283,170 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Local Settings\Application Data\census.cache
[2011/11/03 03:08:46 | 000,329,698 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Local Settings\Application Data\ars.cache
[2011/11/02 03:05:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mstihkal333\Desktop\OTL.exe
[2011/10/29 15:42:47 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2011/10/24 15:09:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\DRMSJ4.SDF
[2011/10/24 14:16:36 | 000,524,179 | ---- | M] () -- C:\JournalBackup.jbk
[2011/10/22 19:58:24 | 000,000,069 | ---- | M] () -- C:\WINDOWS\dcenhance.INI
[2011/10/19 10:02:10 | 002,248,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2 D:\(ALL)_My\MyDocuments\*.tmp files -> D:\(ALL)_My\MyDocuments\*.tmp -> ]
safyrmwn 0 Junior Poster in Training
Quick Scan (part 2):
========== Files Created - No Company Name ==========
[2011/11/15 01:35:48 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/11/15 00:32:24 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Desktop\gmer.zip
[2011/11/05 18:39:06 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO Firewall.lnk
[2011/11/05 18:38:16 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/11/05 18:38:16 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO GeekBuddy.lnk
[2011/11/05 18:30:50 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2011/11/04 22:44:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/04 19:50:24 | 000,256,000 | R--- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/03 01:47:48 | 000,283,170 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Local Settings\Application Data\census.cache
[2011/11/03 01:47:40 | 000,329,698 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Local Settings\Application Data\ars.cache
[2011/11/02 21:48:01 | 000,003,254 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Desktop\RegSrch.vbs
[2011/10/14 16:16:08 | 000,026,715 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2011/10/14 16:15:43 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2011/09/20 05:56:14 | 000,000,272 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/08/18 22:17:16 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2011/08/13 00:25:03 | 000,066,432 | R--- | C] () -- C:\WINDOWS\System32\drivers\vuhub.sys
[2011/08/10 17:41:32 | 000,000,910 | ---- | C] () -- C:\WINDOWS\speakfre.ini
[2011/06/20 12:39:36 | 000,007,432 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2011/04/05 00:54:55 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/04/05 00:54:55 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/19 01:18:31 | 000,025,262 | ---- | C] () -- C:\WINDOWS\System32\xfisk.ini
[2011/03/19 01:18:31 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/03/19 01:18:24 | 000,151,040 | R--- | C] () -- C:\WINDOWS\System32\KSXPPI32.dll
[2011/01/04 14:11:38 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-3G69D.exe
[2010/09/23 01:01:12 | 000,000,075 | RHS- | C] () -- C:\WINDOWS\CT6PRET.BIN
[2010/07/02 02:48:32 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/06/29 15:06:37 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/04/12 23:42:32 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Application Data\setup_ldm.iss
[2010/03/18 02:57:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2010/03/18 02:44:36 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/16 05:13:43 | 000,695,578 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2010/03/16 05:13:43 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/01/16 10:01:28 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Local Settings\Application Data\housecall.guid.cache
[2009/10/23 22:31:04 | 000,000,200 | ---- | C] () -- C:\WINDOWS\QCPC80UI.dat
[2009/10/01 01:30:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/09/22 05:33:23 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2009/08/25 04:07:15 | 000,073,744 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/23 23:05:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/28 14:17:34 | 000,000,061 | ---- | C] () -- C:\Program Files\VMProps.VMP
[2009/04/08 15:46:25 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\everest_cpl.ini
[2009/03/24 00:52:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/24 00:52:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/08 22:44:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/19 08:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 10:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 10:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 10:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 09:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/11/04 22:41:09 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/11/04 21:54:08 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/10/21 22:13:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/09/25 21:12:17 | 000,038,912 | ---- | C] () -- C:\WINDOWS\wizmo.exe
[2008/09/06 13:57:36 | 000,000,069 | ---- | C] () -- C:\WINDOWS\dcenhance.INI
[2008/06/24 17:05:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/09 12:21:25 | 000,000,125 | ---- | C] () -- C:\WINDOWS\fd3.INI
[2008/04/17 21:02:16 | 000,000,256 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2008/04/03 02:00:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBFC.dat
[2008/04/02 00:25:02 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Application Data\.akvis_coloriage.settings
[2008/03/30 22:41:16 | 000,890,953 | ---- | C] () -- C:\WINDOWS\HSC_sq4.ini
[2008/03/30 11:00:20 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Application Data\.akvis_enhancer.settings
[2008/03/29 14:54:46 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/01/20 00:00:36 | 000,585,791 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/01/07 20:13:17 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2008/01/07 01:50:50 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/01/07 01:50:49 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/01/07 01:50:49 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/12/31 02:00:01 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2007/12/09 06:13:51 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2007/12/09 06:13:51 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2007/12/09 06:13:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2007/12/09 06:13:51 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2007/12/04 21:12:03 | 000,129,056 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2007/12/04 21:12:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2007/12/03 03:02:28 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2007/11/22 20:43:35 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/11/22 20:43:34 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/11/22 20:43:03 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2007/11/03 03:46:09 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2007/10/25 10:26:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2007/10/25 10:26:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/10/18 14:44:27 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/09/28 00:20:02 | 000,000,041 | -H-- | C] () -- C:\WINDOWS\dsez7411.dat
[2007/08/13 22:23:24 | 000,000,273 | ---- | C] () -- C:\WINDOWS\WaterIllusion.ini
[2007/05/21 11:41:40 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/16 02:46:18 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hasher.dll
[2007/04/22 01:26:58 | 000,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com
[2007/04/22 01:11:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/04/19 00:13:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/04/14 18:56:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2007/03/29 13:40:20 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2007/03/29 13:40:20 | 000,147,715 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2007/03/29 13:40:20 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2007/03/28 00:28:11 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/03/24 14:18:17 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\addr_file.html
[2007/03/16 10:50:22 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx80lc.ini
[2007/03/16 10:50:18 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx5363.ini
[2007/02/19 21:34:39 | 000,000,075 | RHS- | C] () -- C:\WINDOWS\ICSET.BIN
[2007/01/20 17:17:42 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/01/09 01:00:30 | 000,000,094 | ---- | C] () -- C:\WINDOWS\System32\spv1_W1ssg.ini
[2007/01/07 00:27:40 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2007/01/07 00:27:40 | 000,006,067 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2006/12/29 23:05:58 | 000,000,016 | ---- | C] () -- C:\WINDOWS\bfpw.dat
[2006/12/24 04:50:59 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/24 04:50:59 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/12/20 14:18:52 | 000,000,058 | ---- | C] () -- C:\WINDOWS\GScript.INI
[2006/12/13 04:14:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2006/12/13 04:14:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2006/11/16 00:23:39 | 000,003,163 | ---- | C] () -- C:\WINDOWS\AXCursor.INI
[2006/11/06 19:13:35 | 000,143,299 | ---- | C] () -- C:\WINDOWS\Curves 2 Uninstaller.exe
[2006/11/05 15:56:15 | 000,000,058 | ---- | C] () -- C:\WINDOWS\Progs_.ini
[2006/11/05 15:24:09 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2006/11/04 02:32:15 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2006/11/03 00:05:52 | 000,000,024 | ---- | C] () -- C:\WINDOWS\APHIB.ini
[2006/11/03 00:05:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SNYA.ini
[2006/11/03 00:05:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SEEYB.ini
[2006/11/03 00:05:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\CONVB.ini
[2006/11/02 09:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/11/02 05:20:48 | 000,001,478 | ---- | C] () -- C:\WINDOWS\Illuminator Settings.ini
[2006/11/02 05:20:48 | 000,000,053 | ---- | C] () -- C:\WINDOWS\SnapYa! Settings.ini
[2006/11/02 05:20:48 | 000,000,047 | ---- | C] () -- C:\WINDOWS\SeeYa! Settings.ini
[2006/10/30 10:30:30 | 000,010,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBTEDrv.sys
[2006/10/27 14:18:11 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\dalisav.ini
[2006/10/18 21:31:47 | 000,005,239 | ---- | C] () -- C:\WINDOWS\System32\Choice.com
[2006/10/16 10:20:57 | 000,007,096 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/10/03 00:22:32 | 000,000,279 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/10/01 04:00:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/10/01 00:19:12 | 000,000,109 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2006/09/29 23:44:49 | 002,243,260 | -H-- | C] () -- C:\WINDOWS\System32\spython.bin
[2006/09/28 11:24:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/09/21 22:56:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/16 19:41:18 | 000,090,691 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/09/08 09:36:50 | 000,000,349 | ---- | C] () -- C:\WINDOWS\CloneDVD.INI
[2006/09/07 16:03:50 | 000,000,056 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2006/08/30 15:26:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2006/08/29 10:05:24 | 000,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/08/27 00:38:51 | 000,002,579 | ---- | C] () -- C:\WINDOWS\SCANFONT.INI
[2006/08/26 01:14:56 | 000,000,138 | ---- | C] () -- C:\WINDOWS\PROPHET8.INI
[2006/08/23 19:41:52 | 000,002,664 | ---- | C] () -- C:\WINDOWS\BlacBox2.INI
[2006/08/23 19:00:23 | 000,296,448 | ---- | C] () -- C:\WINDOWS\Xenofex.ini
[2006/08/23 18:47:20 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2006/08/23 13:02:27 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2006/08/22 00:45:02 | 000,001,150 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/21 12:20:23 | 000,000,013 | ---- | C] () -- C:\WINDOWS\FFINI.ini
[2006/08/20 18:38:29 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pdf2word.DAT
[2006/08/19 00:06:54 | 000,003,600 | ---- | C] () -- C:\WINDOWS\ssconf2.bin
[2006/08/18 00:56:43 | 000,000,037 | ---- | C] () -- C:\WINDOWS\PRISME.INI
[2006/08/10 05:39:07 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2006/08/08 23:54:11 | 000,000,542 | ---- | C] () -- C:\WINDOWS\Gems.ini
[2006/08/08 12:13:46 | 000,000,075 | RHS- | C] () -- C:\WINDOWS\CT4SET.BIN
[2006/08/06 08:40:38 | 000,000,518 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2006/08/06 08:34:03 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2006/08/06 08:34:03 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2006/08/06 08:34:03 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2006/08/06 08:34:03 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2006/08/06 08:34:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/08/06 08:32:27 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2006/08/02 20:26:27 | 000,002,744 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/07/31 20:03:40 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7D.DLL
[2006/07/29 03:05:01 | 000,000,068 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2006/07/27 05:43:41 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/27 05:38:37 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/07/25 23:01:01 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/07/25 23:00:45 | 000,011,126 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/23 09:32:27 | 000,008,111 | ---- | C] () -- C:\WINDOWS\GWSPRO.INI
[2006/07/23 09:32:27 | 000,002,795 | ---- | C] () -- C:\WINDOWS\GWSFILTR.INI
[2006/07/23 09:32:10 | 000,000,245 | ---- | C] () -- C:\WINDOWS\GCSULT.INI
[2006/07/19 13:46:31 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2006/07/19 01:42:09 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\giveio.sys
[2006/07/18 22:46:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/07/18 13:14:58 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/07/17 01:04:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/17 00:58:29 | 000,022,780 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/16 17:51:01 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2006/07/16 17:47:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/16 17:46:30 | 002,248,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/05 15:07:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dzwrapper.dll
[2006/06/05 15:06:34 | 005,935,104 | ---- | C] () -- C:\WINDOWS\System32\dzcore.dll
[2006/06/04 20:08:23 | 001,798,144 | R--- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2006/05/11 14:39:02 | 001,445,888 | ---- | C] () -- C:\WINDOWS\System32\daz-qsa.dll
[2006/04/28 14:37:12 | 005,910,528 | ---- | C] () -- C:\WINDOWS\System32\daz-qt-mt.dll
[2005/11/02 10:39:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2005/11/02 10:39:16 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2005/04/14 10:37:46 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\PurchaseArtSong.exe
[2004/10/03 10:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/06 17:17:40 | 000,502,320 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/06 17:17:39 | 000,089,544 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/06 17:17:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/03 18:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/09/07 23:56:36 | 000,880,640 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/09/07 23:56:34 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/07 23:56:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/04/24 14:59:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\id3lib.dll
[2003/01/30 06:04:00 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002/04/20 14:44:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\vttdrve.dll
[2002/03/14 13:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2002/01/11 11:25:04 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2001/12/27 05:38:04 | 000,054,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\LMFilt.sys
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2000/01/06 17:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll
[2000/01/06 17:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv
[1999/07/05 03:00:00 | 000,074,806 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[1999/01/12 11:40:22 | 000,029,184 | ---- | C] () -- C:\WINDOWS\rmud.exe.bad.tx_
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1996/04/08 19:29:34 | 000,890,953 | ---- | C] () -- C:\WINDOWS\Amsk4.ini.bad.tx_
========== LOP Check ==========
[2010/03/11 23:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2009/07/11 11:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Amazon
[2011/04/26 17:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Applications
[2011/11/05 18:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/03/29 08:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avaya
[2008/12/06 00:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BlackPencil
[2009/05/27 02:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BOC427
[2008/07/19 16:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
[2006/07/22 12:23:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2010/07/09 17:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CheckPoint
[2011/03/12 09:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Cisco
[2009/10/21 01:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
[2007/10/18 08:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FireGlow
[2010/01/08 22:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GameHouse
[2007/09/23 01:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Geek Squad
[2007/07/17 13:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Genimo
[2011/07/04 11:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
[2008/04/13 23:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intenium
[2007/04/14 23:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
[2008/10/22 02:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\logs
[2010/08/10 09:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motorola
[2007/02/18 01:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSScanAppDataDir
[2011/09/16 00:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2011/08/17 17:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PACE Anti-Piracy
[2008/11/16 15:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScreenSeven
[2007/07/19 07:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
[2007/11/23 20:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SugarGames
[2010/01/11 01:24:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\System Restore
[2010/03/18 03:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
[2007/02/03 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TreeCardGames
[2006/11/04 02:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
[2007/05/31 13:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\7Wonders
[2008/12/15 21:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\ACAMPREF
[2010/08/28 02:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\AKVIS LLC
[2008/04/06 20:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Alien Skin
[2010/08/22 04:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Antares
[2011/09/18 05:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Audacity
[2011/03/12 09:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Avaya
[2009/11/01 17:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\avidemux
[2007/06/21 21:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\COWON
[2011/07/11 12:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\DisplayTune
[2011/03/12 05:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\f-secure
[2010/05/03 01:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Facebook
[2010/09/02 20:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\FireShot
[2007/06/13 23:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Genimo
[2011/11/09 14:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\GlarySoft
[2007/05/20 06:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\GlowingWorld
[2008/04/12 18:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Hardcoded Software
[2007/05/21 00:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Imagenomic
[2011/06/01 00:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\ImgBurn
[2011/04/05 00:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\IObit
[2010/06/01 10:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\JPEGsnoop
[2009/11/24 15:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Leadertech
[2008/12/06 09:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\minuscule
[2009/10/14 17:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\My Games
[2011/09/15 23:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\NCH Swift Sound
[2010/06/01 12:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\OfficeRecovery
[2008/05/31 02:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\onOne Software
[2007/10/30 20:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Opera
[2011/08/17 17:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\PACE Anti-Piracy
[2011/06/08 03:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\QuickScan
[2011/09/16 00:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Recordpad
[2009/05/31 05:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Reflexive Arcade
[2009/11/30 21:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Registry Booster
[2009/01/13 02:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\ScreenSeven
[2009/06/26 16:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\SolSuite
[2011/06/01 00:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\SPORE Creature Creator
[2009/10/07 07:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Tapur
[2009/10/14 14:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\TechSmith
[2008/09/12 04:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Ultra Fractal 4
[2007/10/11 19:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Uniblue
[2008/03/06 07:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Wildfire
[2010/08/18 04:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\WinPatrol
[2011/11/12 15:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\XnView
[2011/11/11 23:29:10 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/09/05 01:14:34 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Schedule.job
[2006/07/17 06:10:00 | 000,001,299 | ---- | M] () -- C:\WINDOWS\Tasks\thisfolder.html
[2010/08/22 00:00:33 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\dzcore.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\KHALMNPR.Exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\mstihkal333\Desktop\dds.scr:SummaryInformation
@Alternate Data Stream - 1548 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:xrEDLYafUZwyViWdUO5lL4
@Alternate Data Stream - 1496 bytes -> C:\Program Files\outlook express:DuEutOLFm0aHwZ5WSZOLwfuHlW
@Alternate Data Stream - 1463 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:6WMMRrzrPfPIeAgX8PL2fs2LGm
@Alternate Data Stream - 1457 bytes -> C:\TEMP:OqPXisjImFyPfIpBW
@Alternate Data Stream - 1431 bytes -> C:\Program Files\Common Files\System:LmzBJXu45ANy2JWqOQw57Hzc
@Alternate Data Stream - 1425 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:spAZls9I1HtjxkVtS8eXeQyN2h
@Alternate Data Stream - 1346 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:mKQZH4LHTDkO77n5RswkjUb
< End of report >
safyrmwn 0 Junior Poster in Training
Still running computer search for boost_interprocess.
So far it looks like other than log files it still remains in system restore files:
A0001315.bat 257 KB C:\System Volume Information\_restore{FD8A3D9F-6EAC-4569-A20E-3F0BCAB86D66}\RP10 MS-DOS Batch File
A0001415.bat 257 KB C:\System Volume Information\_restore{FD8A3D9F-6EAC-4569-A20E-3F0BCAB86D66}\RP10 MS-DOS Batch File
A0001499.bat 257 KB C:\System Volume Information\_restore{FD8A3D9F-6EAC-4569-A20E-3F0BCAB86D66}\RP10 MS-DOS Batch File
A0001555.bat 257 KB C:\System Volume Information\_restore{FD8A3D9F-6EAC-4569-A20E-3F0BCAB86D66}\RP10 MS-DOS Batch File
A0000558.bat 255 KB C:\System Volume Information\_restore{FD8A3D9F-6EAC-4569-A20E-3F0BCAB86D66}\RP3 MS-DOS Batch File
A0000630.bat 255 KB C:\System Volume Information\_restore{FD8A3D9F-6EAC-4569-A20E-3F0BCAB86D66}\RP3 MS-DOS Batch File
A0000784.bat 255 KB C:\System Volume Information\_restore{FD8A3D9F-6EAC-4569-A20E-3F0BCAB86D66}\RP4 MS-DOS Batch File
A0001148.bat 255 KB C:\System Volume Information\_restore{FD8A3D9F-6EAC-4569-A20E-3F0BCAB86D66}\RP9 MS-DOS Batch File
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Files :OTL SRV - File not found [Disabled | Stopped] -- -- (NBService) SRV - File not found [Disabled | Stopped] -- -- (hpqddsvc) SRV - File not found [Disabled | Stopped] -- -- (hpqcxs08) SRV - File not found [Disabled | Stopped] -- -- (gupdate1c9a43e39b016c) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No CLSID value found. :Commands [Reboot]
- Then click the Run Fix button at the top.
- Let the program run unhindered, reboot the PC when it is done.
- Post log from this run.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
====
Go to Start | Run and type msconfig and press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.
Check the box labelled 'Turn off System restore'.
Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
Note that all previous restore points will be lost.
====
How are things now?
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
:?: - Would running the following CFscript get rid of the Digital Patrol issue?
I will not try without your approval."SecCenter::
{35237DD9-776F-4485-A7AF-729074E24B96}"Other than that the system seems to be running fine.
Monitor flashes have stopped.
Lets try your suggestion.
1. Please open Notepad
- Click Start , then Run
- Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
SecCenter::
{35237DD9-776F-4485-A7AF-729074E24B96}
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Save the above as CFScript.txt
4. Physically disconnect from the internet.
5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then drag the CFScript.txt into ComboFix.exe.
7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
- Combofix.txt
Please take note:
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
safyrmwn 0 Junior Poster in Training
I apologize for the slow reply.
Per instructions ran the OTL fix and quick scan.
The two logs follow.
Also cleared all System Restores, rebooted and restarted System restore.
In Msconfig I noticed:
Msconfig - General
Selective Startup is marked
there are checks in all the boxes that follow
Use Original BOOT.INI is marked
Two other observations I'm not sure if they are normal:
WinPatrol New Program Alert:
A new auto startup program has been detected.
:?:Should I approve the addition of this program startup setting?
System Configuration Utility
C:\WINDOW\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
System Properties - Remote - Remote Desktop
there is a check in the "Allow users to connect remotely to this computer"
but the text is "greyed out" and the check can not be changed -
click on the "Select Remote Users" button
the "Remote Desktop Users" window is blank
Also my computer starting running very slow after the previous OTL fix (the one before this one).
I immediately disconnected the network cable and ran an Avast boot scan.
It said it found 1 infected file that it was not able to repair.
May I please post two Avast logs to see if there is anything you might recognize?
I will also continue with your newest CF request.
OTL logs:
========== FILES ==========
========== OTL ==========
Service NBService stopped successfully!
Service NBService deleted successfully!
Service hpqddsvc stopped successfully!
Service hpqddsvc deleted successfully!
Service hpqcxs08 stopped successfully!
Service hpqcxs08 deleted successfully!
Service gupdate1c9a43e39b016c stopped successfully!
Service gupdate1c9a43e39b016c deleted successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.31.0 log created on 11192011_015330
safyrmwn 0 Junior Poster in Training
Part 1
OTL logfile created on: 11/19/2011 2:04:00 AM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mstihkal333\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.06% Memory free
9.36 Gb Paging File | 9.02 Gb Available in Paging File | 96.40% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 21.00 Gb Free Space | 26.88% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 139.78 Gb Free Space | 60.02% Space Free | Partition Type: NTFS
Drive E: | 78.13 Gb Total Space | 34.30 Gb Free Space | 43.90% Space Free | Partition Type: NTFS
Drive F: | 77.49 Gb Total Space | 42.26 Gb Free Space | 54.53% Space Free | Partition Type: NTFS
Drive G: | 57.27 Gb Total Space | 42.21 Gb Free Space | 73.70% Space Free | Partition Type: NTFS
Drive I: | 74.51 Gb Total Space | 12.50 Gb Free Space | 16.77% Space Free | Partition Type: NTFS
Drive K: | 1.91 Gb Total Space | 0.77 Gb Free Space | 40.18% Space Free | Partition Type: FAT
Computer Name: MSTIHKAL333 | User Name: mstihkal333 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/09 13:48:19 | 000,077,824 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2011/11/09 13:40:58 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2011/11/02 03:05:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mstihkal333\desktop\OTL.exe
PRC - [2011/10/20 12:58:42 | 002,497,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/10/07 18:47:14 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/15 12:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/06/30 16:46:32 | 000,121,456 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2010/04/16 15:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/24 23:23:22 | 000,098,304 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2004/07/13 14:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/17 14:11:03 | 001,617,920 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11111703\algo.dll
MOD - [2011/11/15 04:59:54 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11111703\aswRep.dll
MOD - [2011/06/21 09:09:04 | 001,662,976 | ---- | M] () -- C:\Program Files\XnView\ShellEx\XnViewShellExt.dll
MOD - [2011/04/14 18:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/06/30 16:46:32 | 000,121,456 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2006/08/05 11:34:34 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2001/08/17 15:36:16 | 000,165,888 | ---- | M] () -- C:\WINDOWS\system32\hpgt53.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/10/31 03:33:55 | 003,074,040 | ---- | M] (Emsi Software GmbH) [On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/10/07 18:47:14 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/30 11:52:32 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2011/05/25 20:43:20 | 000,154,424 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/04/22 00:17:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/19 01:16:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/08/10 06:37:22 | 000,217,088 | R--- | M] () [Disabled | Stopped] -- C:\Program Files\ASUS\Printer Utilities\UsbService.exe -- (UsbService)
SRV - [2010/06/30 16:46:32 | 000,121,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/04/16 15:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010/01/27 01:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/12/20 10:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/03/24 23:23:22 | 000,098,304 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2004/07/13 14:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
========== Driver Services (SafeList) ==========
DRV - [2011/10/07 18:48:04 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/10/07 18:48:02 | 000,492,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/10/07 18:48:02 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/09/16 00:32:38 | 000,049,240 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 13:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/12 15:32:00 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011/04/30 04:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/02/27 01:35:19 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/27 01:35:19 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/02/27 01:35:19 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/01/04 14:53:33 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/12/03 02:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/09/07 14:26:52 | 000,028,160 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\PcaSp50.sys -- (PcaSp50)
DRV - [2010/08/25 13:27:40 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2010/05/13 16:34:30 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2010/05/13 16:34:28 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2010/04/16 15:34:10 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/11/04 09:54:00 | 000,024,576 | ---- | M] (Kyocera Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
DRV - [2009/11/03 16:50:00 | 000,105,984 | ---- | M] (Kyocera Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\kcusbser.sys -- (kcusbser)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/06/17 09:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 09:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/06/17 05:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/02/11 19:50:56 | 001,670,016 | R--- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\skfilt.SYS -- (skfilt)
DRV - [2007/12/20 02:55:36 | 000,066,432 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vuhub.sys -- (vuhub)
DRV - [2007/07/20 20:29:23 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/07/19 22:42:36 | 000,163,128 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2007/07/19 22:42:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/07/19 22:42:36 | 000,021,816 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2007/03/21 11:10:30 | 000,025,773 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2006/11/13 20:31:44 | 000,033,408 | R--- | M] (ASUSTeK Computer Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipgdnd51.sys -- (ipgd)
DRV - [2006/11/05 15:24:16 | 000,457,216 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/11/05 15:24:09 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2006/05/03 09:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/05/02 21:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [2005/01/17 16:09:38 | 000,052,480 | ---- | M] (MCCI) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\kwcxbus.sys -- (kwcxbus)
DRV - [2004/05/29 06:15:12 | 000,009,728 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2002/12/10 17:53:24 | 000,236,121 | ---- | M] (Logitech Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2002/07/24 13:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 10:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 10:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 10:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 10:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 10:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 10:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/06/14 13:49:56 | 000,010,194 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/04/09 13:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.eset.com/us/online-scanner
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 E3 F8 F8 70 97 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.speedtest.net/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {28FAD68E-4001-48d5-B994-68069F7CFB1D}:0.4.7
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {3892FE4C-6DCB-4669-9D01-E23BB9FB61FB}:0.2.10
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.8
FF - prefs.js..extensions.enabledItems: researchword@scott:1.3.7
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.4
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: texpertension@texperts.com:1.0.11
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.91
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2
FF - prefs.js..extensions.enabledItems: flvideoreplacer@lovinglinux.megabyet.net:2.1.8
FF - prefs.js..extensions.enabledItems: flvripper@harsha:2.0
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.8
FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:3.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..extensions.enabledItems: kempelton-fx@arvidaxelsson.se:3.2.1
FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF836D0E}:0.9.030
FF - prefs.js..splitbrowser.search.loadResultsIn: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/02/27 23:48:10 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\mstihkal333\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/05 18:30:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/12 19:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/26 12:23:59 | 000,000,000 | ---D | M]
[2008/09/18 01:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Extensions
[2011/11/17 19:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions
[2011/07/17 16:12:29 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/01/26 01:33:37 | 000,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
[2011/07/11 10:03:21 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/15 01:36:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/12 00:03:22 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/11/17 19:52:38 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2011/08/12 01:39:29 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/08/12 18:19:09 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\DeviceDetection@logitech.com
[2010/07/13 23:48:33 | 000,000,000 | ---D | M] (Kempelton) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\kempelton-fx@arvidaxelsson.se
[2010/11/24 20:19:55 | 000,000,000 | ---D | M] (Research Word) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\researchword@scott
[2011/11/17 19:52:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\staged
[2011/10/27 15:37:07 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\video.downloader.plugin@ffpimp.com
[2011/11/17 19:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2011/11/17 19:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\devtools
[2011/11/17 19:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI
[2011/11/17 12:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions
[2010/09/16 09:47:09 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/11/04 12:10:57 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/10/20 09:59:20 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/05/11 06:21:54 | 000,000,000 | ---D | M] (SafeSearch Off) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{3975c680-be94-11dd-ad8b-0800200c9a66}
[2010/06/28 20:45:52 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}(2)
[2011/09/20 20:33:16 | 000,000,000 | ---D | M] (Clippings) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2011/07/10 13:44:51 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/17 12:34:50 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2011/05/11 06:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/10/30 15:09:05 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2010/06/28 20:49:45 | 000,000,000 | ---D | M] (After the Deadline) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\afterthedeadline@afterthedeadline(2).com
[2011/08/10 16:47:08 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\DeviceDetection@logitech.com
[2010/06/28 20:45:52 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\ietab@ip(2).cn
[2009/08/05 07:50:05 | 000,000,000 | ---D | M] (Link Gopher) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\linkgopher@oooninja.com
[2010/10/02 15:17:29 | 000,000,000 | ---D | M] (Research Word) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\researchword@scott
[2011/11/17 12:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2011/11/17 12:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\devtools
[2011/11/17 12:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI
[2011/05/11 06:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2009/03/25 23:54:43 | 000,001,865 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\allplus.xml
[2011/11/03 11:50:41 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\ixquick.xml
[2009/03/25 04:25:56 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\kedrix-mearch.xml
[2011/07/19 10:28:00 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\s-amazon.xml
[2007/06/01 18:37:07 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\siteadvisor.xml
[2009/04/06 13:57:07 | 000,001,898 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\surf-canyon.xml
[2009/03/29 19:18:06 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\webster.xml
[2007/06/12 17:11:15 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\whitepagescom.xml
[2011/11/02 04:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/25 20:10:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/11/02 04:05:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\84940WAR.DEFAULT\EXTENSIONS\{28FAD68E-4001-48D5-B994-68069F7CFB1D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\84940WAR.DEFAULT\EXTENSIONS\{3892FE4C-6DCB-4669-9D01-E23BB9FB61FB}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\84940WAR.DEFAULT\EXTENSIONS\{C0CB8BA3-6C1B-47E8-A6AB-1FAB889562D9}.XPI
[2011/11/05 18:30:28 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/04/03 00:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/12 19:45:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/11/27 14:34:40 | 014,957,444 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\avcodec-51.dll
[2008/11/27 14:34:44 | 003,889,294 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\avformat-52.dll
[2008/11/27 14:34:34 | 000,177,548 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\avutil-49.dll
[2009/04/15 14:02:44 | 001,642,496 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libambulant_shwin32.dll
[2009/04/15 14:03:00 | 000,290,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libamplugin_ffmpeg.dll
[2009/04/15 14:03:00 | 000,011,264 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libamplugin_plugin.dll
[2009/04/15 14:03:00 | 000,462,848 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libamplugin_state_xpath.dll
[2009/04/15 14:03:04 | 000,027,136 | ---- | M] (CWI, Amsterdam, The Netherlands) -- C:\Program Files\mozilla firefox\plugins\npambulant.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/07/28 23:39:46 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 13:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2006/03/22 04:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2008/05/21 11:52:54 | 000,652,568 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\mozilla firefox\plugins\npzzatif.dll
[2009/02/09 15:53:36 | 001,892,352 | ---- | M] (Apache Software Foundation) -- C:\Program Files\mozilla firefox\plugins\xerces-c_2_8.dll
[2011/10/12 19:45:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome NaCl (Disabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: AmbulantPlayer npapi browser plugin for W3C SMIL 3.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npambulant.dll
CHR - plugin: SuperAdBlocker FireFox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: AlternaTIFF (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzzatif.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\mstihkal333\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
O1 HOSTS File: ([2011/11/04 22:56:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: eset.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: eset.eu ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kgbusa.com ([wahops] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pcpistop.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www1.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6440/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50ED8773-082B-4408-B3CF-77A02EA3D9E8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83C05F44-58E5-4C2F-B0FB-42EE9E827859}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\AutorunsDisabled\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O19 - User stylesheet: User Stylesheet -
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/17 01:01:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/15 00:30:55 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\mstihkal333\Desktop\dds.scr
[2011/11/14 23:51:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/13 16:47:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/13 14:11:18 | 004,292,963 | R--- | C] (Swearware) -- C:\Documents and Settings\mstihkal333\Desktop\ComboFix.exe
[2011/11/12 20:58:54 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2011/11/05 18:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\COMODO
[2011/11/05 18:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\COMODO
[2011/11/05 18:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
[2011/11/05 18:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/11/05 18:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo Downloader
[2011/11/05 18:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avast! Free Antivirus
[2011/11/05 18:30:49 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/05 18:30:49 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/05 18:30:46 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/05 18:30:45 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/05 18:30:45 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/05 18:30:44 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/05 18:30:44 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/05 18:30:43 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/05 18:30:25 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/05 18:30:25 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/05 18:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/05 18:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/11/04 13:55:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/03 12:01:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/02 08:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mstihkal333\Desktop\RegSrch
[2011/11/02 03:06:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mstihkal333\Desktop\OTL.exe
[2007/12/09 06:13:50 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/11/24 12:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2000/07/13 06:43:30 | 000,160,256 | ---- | C] ( ) -- C:\WINDOWS\System32\GVJPEG32.dll
[2 D:\(ALL)_My\MyDocuments\*.tmp files -> D:\(ALL)_My\MyDocuments\*.tmp -> ]
safyrmwn 0 Junior Poster in Training
Part 2
========== Files - Modified Within 30 Days ==========
[2011/11/19 01:55:12 | 000,026,715 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/11/19 01:54:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/19 01:54:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/16 02:24:55 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\everest_cpl.ini
[2011/11/15 01:35:48 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/11/15 00:32:01 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\mstihkal333\Desktop\dds.scr
[2011/11/14 23:38:44 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Desktop\gmer.zip
[2011/11/13 14:11:22 | 004,292,963 | R--- | M] (Swearware) -- C:\Documents and Settings\mstihkal333\Desktop\ComboFix.exe
[2011/11/11 23:29:10 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/11/11 23:29:05 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2011/11/05 18:39:06 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO Firewall.lnk
[2011/11/05 18:38:16 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/11/05 18:38:16 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO GeekBuddy.lnk
[2011/11/05 18:30:50 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2011/11/05 18:30:45 | 000,002,669 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/04 22:56:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/03 03:08:47 | 000,283,170 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Local Settings\Application Data\census.cache
[2011/11/03 03:08:46 | 000,329,698 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Local Settings\Application Data\ars.cache
[2011/11/02 03:05:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mstihkal333\Desktop\OTL.exe
[2011/10/31 18:59:04 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Desktop\PROCESS EXPLORER.lnk
[2011/10/29 15:42:47 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2011/10/24 15:09:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\DRMSJ4.SDF
[2011/10/24 14:16:36 | 000,524,179 | ---- | M] () -- C:\JournalBackup.jbk
[2011/10/22 19:58:24 | 000,000,069 | ---- | M] () -- C:\WINDOWS\dcenhance.INI
[2 D:\(ALL)_My\MyDocuments\*.tmp files -> D:\(ALL)_My\MyDocuments\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/15 01:35:48 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/11/15 00:32:24 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Desktop\gmer.zip
[2011/11/05 18:39:06 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO Firewall.lnk
[2011/11/05 18:38:16 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/11/05 18:38:16 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO GeekBuddy.lnk
[2011/11/05 18:30:50 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2011/11/04 22:44:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/04 19:50:24 | 000,256,000 | R--- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/03 01:47:48 | 000,283,170 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Local Settings\Application Data\census.cache
[2011/11/03 01:47:40 | 000,329,698 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Local Settings\Application Data\ars.cache
[2011/11/02 21:48:01 | 000,003,254 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Desktop\RegSrch.vbs
[2011/10/31 18:59:04 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Desktop\PROCESS EXPLORER.lnk
[2011/10/14 16:16:08 | 000,026,715 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2011/10/14 16:15:43 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2011/09/20 05:56:14 | 000,000,272 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/08/18 22:17:16 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2011/08/13 00:25:03 | 000,066,432 | R--- | C] () -- C:\WINDOWS\System32\drivers\vuhub.sys
[2011/08/10 17:41:32 | 000,000,910 | ---- | C] () -- C:\WINDOWS\speakfre.ini
[2011/06/20 12:39:36 | 000,007,432 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2011/04/05 00:54:55 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/04/05 00:54:55 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/19 01:18:31 | 000,025,262 | ---- | C] () -- C:\WINDOWS\System32\xfisk.ini
[2011/03/19 01:18:31 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/03/19 01:18:24 | 000,151,040 | R--- | C] () -- C:\WINDOWS\System32\KSXPPI32.dll
[2011/01/04 14:11:38 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-3G69D.exe
[2010/09/23 01:01:12 | 000,000,075 | RHS- | C] () -- C:\WINDOWS\CT6PRET.BIN
[2010/07/02 02:48:32 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/06/29 15:06:37 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/04/12 23:42:32 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Application Data\setup_ldm.iss
[2010/03/18 02:57:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2010/03/18 02:44:36 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/16 05:13:43 | 000,695,578 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2010/03/16 05:13:43 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/01/16 10:01:28 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Local Settings\Application Data\housecall.guid.cache
[2009/10/23 22:31:04 | 000,000,200 | ---- | C] () -- C:\WINDOWS\QCPC80UI.dat
[2009/10/01 01:30:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/09/22 05:33:23 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2009/08/25 04:07:15 | 000,073,744 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/23 23:05:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/28 14:17:34 | 000,000,061 | ---- | C] () -- C:\Program Files\VMProps.VMP
[2009/04/08 15:46:25 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\everest_cpl.ini
[2009/03/24 00:52:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/24 00:52:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/08 22:44:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/19 08:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 10:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 10:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 10:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 09:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/11/04 22:41:09 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/11/04 21:54:08 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/10/21 22:13:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/09/25 21:12:17 | 000,038,912 | ---- | C] () -- C:\WINDOWS\wizmo.exe
[2008/09/06 13:57:36 | 000,000,069 | ---- | C] () -- C:\WINDOWS\dcenhance.INI
[2008/06/24 17:05:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/09 12:21:25 | 000,000,125 | ---- | C] () -- C:\WINDOWS\fd3.INI
[2008/04/17 21:02:16 | 000,000,256 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2008/04/03 02:00:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBFC.dat
[2008/04/02 00:25:02 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Application Data\.akvis_coloriage.settings
[2008/03/30 22:41:16 | 000,890,953 | ---- | C] () -- C:\WINDOWS\HSC_sq4.ini
[2008/03/30 11:00:20 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Application Data\.akvis_enhancer.settings
[2008/03/29 14:54:46 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/01/20 00:00:36 | 000,585,791 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/01/07 20:13:17 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2008/01/07 01:50:50 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/01/07 01:50:49 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/01/07 01:50:49 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/12/31 02:00:01 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2007/12/09 06:13:51 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2007/12/09 06:13:51 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2007/12/09 06:13:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2007/12/09 06:13:51 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2007/12/04 21:12:03 | 000,129,056 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2007/12/04 21:12:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2007/12/03 03:02:28 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2007/11/22 20:43:35 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/11/22 20:43:34 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/11/22 20:43:03 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2007/11/03 03:46:09 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2007/10/25 10:26:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2007/10/25 10:26:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/10/18 14:44:27 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/09/28 00:20:02 | 000,000,041 | -H-- | C] () -- C:\WINDOWS\dsez7411.dat
[2007/08/13 22:23:24 | 000,000,273 | ---- | C] () -- C:\WINDOWS\WaterIllusion.ini
[2007/05/21 11:41:40 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\mstihkal333\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/16 02:46:18 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hasher.dll
[2007/04/22 01:26:58 | 000,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com
[2007/04/22 01:11:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/04/19 00:13:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/04/14 18:56:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2007/03/29 13:40:20 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2007/03/29 13:40:20 | 000,147,715 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2007/03/29 13:40:20 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2007/03/28 00:28:11 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/03/24 14:18:17 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\addr_file.html
[2007/03/16 10:50:22 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx80lc.ini
[2007/03/16 10:50:18 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx5363.ini
[2007/02/19 21:34:39 | 000,000,075 | RHS- | C] () -- C:\WINDOWS\ICSET.BIN
[2007/01/20 17:17:42 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/01/09 01:00:30 | 000,000,094 | ---- | C] () -- C:\WINDOWS\System32\spv1_W1ssg.ini
[2007/01/07 00:27:40 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2007/01/07 00:27:40 | 000,006,067 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2006/12/29 23:05:58 | 000,000,016 | ---- | C] () -- C:\WINDOWS\bfpw.dat
[2006/12/24 04:50:59 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/24 04:50:59 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/12/20 14:18:52 | 000,000,058 | ---- | C] () -- C:\WINDOWS\GScript.INI
[2006/12/13 04:14:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2006/12/13 04:14:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2006/11/16 00:23:39 | 000,003,163 | ---- | C] () -- C:\WINDOWS\AXCursor.INI
[2006/11/06 19:13:35 | 000,143,299 | ---- | C] () -- C:\WINDOWS\Curves 2 Uninstaller.exe
[2006/11/05 15:56:15 | 000,000,058 | ---- | C] () -- C:\WINDOWS\Progs_.ini
[2006/11/05 15:24:09 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2006/11/04 02:32:15 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2006/11/03 00:05:52 | 000,000,024 | ---- | C] () -- C:\WINDOWS\APHIB.ini
[2006/11/03 00:05:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SNYA.ini
[2006/11/03 00:05:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SEEYB.ini
[2006/11/03 00:05:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\CONVB.ini
[2006/11/02 09:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/11/02 05:20:48 | 000,001,478 | ---- | C] () -- C:\WINDOWS\Illuminator Settings.ini
[2006/11/02 05:20:48 | 000,000,053 | ---- | C] () -- C:\WINDOWS\SnapYa! Settings.ini
[2006/11/02 05:20:48 | 000,000,047 | ---- | C] () -- C:\WINDOWS\SeeYa! Settings.ini
[2006/10/30 10:30:30 | 000,010,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBTEDrv.sys
[2006/10/27 14:18:11 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\dalisav.ini
[2006/10/18 21:31:47 | 000,005,239 | ---- | C] () -- C:\WINDOWS\System32\Choice.com
[2006/10/16 10:20:57 | 000,007,096 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/10/03 00:22:32 | 000,000,279 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/10/01 04:00:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/10/01 00:19:12 | 000,000,109 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2006/09/29 23:44:49 | 002,243,260 | -H-- | C] () -- C:\WINDOWS\System32\spython.bin
[2006/09/28 11:24:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/09/21 22:56:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/16 19:41:18 | 000,090,691 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/09/08 09:36:50 | 000,000,349 | ---- | C] () -- C:\WINDOWS\CloneDVD.INI
[2006/09/07 16:03:50 | 000,000,056 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2006/08/30 15:26:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2006/08/29 10:05:24 | 000,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/08/27 00:38:51 | 000,002,579 | ---- | C] () -- C:\WINDOWS\SCANFONT.INI
[2006/08/26 01:14:56 | 000,000,138 | ---- | C] () -- C:\WINDOWS\PROPHET8.INI
[2006/08/23 19:41:52 | 000,002,664 | ---- | C] () -- C:\WINDOWS\BlacBox2.INI
[2006/08/23 19:00:23 | 000,296,448 | ---- | C] () -- C:\WINDOWS\Xenofex.ini
[2006/08/23 18:47:20 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2006/08/23 13:02:27 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2006/08/22 00:45:02 | 000,001,150 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/21 12:20:23 | 000,000,013 | ---- | C] () -- C:\WINDOWS\FFINI.ini
[2006/08/20 18:38:29 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pdf2word.DAT
[2006/08/19 00:06:54 | 000,003,600 | ---- | C] () -- C:\WINDOWS\ssconf2.bin
[2006/08/18 00:56:43 | 000,000,037 | ---- | C] () -- C:\WINDOWS\PRISME.INI
[2006/08/10 05:39:07 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2006/08/08 23:54:11 | 000,000,542 | ---- | C] () -- C:\WINDOWS\Gems.ini
[2006/08/08 12:13:46 | 000,000,075 | RHS- | C] () -- C:\WINDOWS\CT4SET.BIN
[2006/08/06 08:40:38 | 000,000,518 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2006/08/06 08:34:03 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2006/08/06 08:34:03 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2006/08/06 08:34:03 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2006/08/06 08:34:03 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2006/08/06 08:34:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/08/06 08:32:27 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2006/08/02 20:26:27 | 000,002,744 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/07/31 20:03:40 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7D.DLL
[2006/07/29 03:05:01 | 000,000,068 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2006/07/27 05:43:41 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/27 05:38:37 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/07/25 23:01:01 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/07/25 23:00:45 | 000,011,126 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/23 09:32:27 | 000,008,111 | ---- | C] () -- C:\WINDOWS\GWSPRO.INI
[2006/07/23 09:32:27 | 000,002,795 | ---- | C] () -- C:\WINDOWS\GWSFILTR.INI
[2006/07/23 09:32:10 | 000,000,245 | ---- | C] () -- C:\WINDOWS\GCSULT.INI
[2006/07/19 13:46:31 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2006/07/19 01:42:09 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\giveio.sys
[2006/07/18 22:46:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/07/18 13:14:58 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/07/17 01:04:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/17 00:58:29 | 000,022,780 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/16 17:51:01 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2006/07/16 17:47:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/16 17:46:30 | 002,248,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/05 15:07:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dzwrapper.dll
[2006/06/05 15:06:34 | 005,935,104 | ---- | C] () -- C:\WINDOWS\System32\dzcore.dll
[2006/06/04 20:08:23 | 001,798,144 | R--- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2006/05/11 14:39:02 | 001,445,888 | ---- | C] () -- C:\WINDOWS\System32\daz-qsa.dll
[2006/04/28 14:37:12 | 005,910,528 | ---- | C] () -- C:\WINDOWS\System32\daz-qt-mt.dll
[2005/11/02 10:39:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2005/11/02 10:39:16 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2005/04/14 10:37:46 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\PurchaseArtSong.exe
[2004/10/03 10:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/06 17:17:40 | 000,502,320 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/06 17:17:39 | 000,089,544 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/06 17:17:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/03 18:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/09/07 23:56:36 | 000,880,640 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/09/07 23:56:34 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/07 23:56:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/04/24 14:59:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\id3lib.dll
[2003/01/30 06:04:00 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002/04/20 14:44:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\vttdrve.dll
[2002/03/14 13:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2002/01/11 11:25:04 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2001/12/27 05:38:04 | 000,054,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\LMFilt.sys
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2000/01/06 17:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll
[2000/01/06 17:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv
[1999/07/05 03:00:00 | 000,074,806 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[1999/01/12 11:40:22 | 000,029,184 | ---- | C] () -- C:\WINDOWS\rmud.exe.bad.tx_
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1996/04/08 19:29:34 | 000,890,953 | ---- | C] () -- C:\WINDOWS\Amsk4.ini.bad.tx_
========== LOP Check ==========
[2010/03/11 23:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2009/07/11 11:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Amazon
[2011/04/26 17:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Applications
[2011/11/05 18:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/03/29 08:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avaya
[2008/12/06 00:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BlackPencil
[2009/05/27 02:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BOC427
[2008/07/19 16:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
[2006/07/22 12:23:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2010/07/09 17:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CheckPoint
[2011/03/12 09:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Cisco
[2009/10/21 01:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
[2007/10/18 08:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FireGlow
[2010/01/08 22:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GameHouse
[2007/09/23 01:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Geek Squad
[2007/07/17 13:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Genimo
[2011/07/04 11:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
[2008/04/13 23:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intenium
[2007/04/14 23:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
[2008/10/22 02:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\logs
[2010/08/10 09:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motorola
[2007/02/18 01:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSScanAppDataDir
[2011/09/16 00:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2011/08/17 17:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PACE Anti-Piracy
[2008/11/16 15:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScreenSeven
[2007/07/19 07:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
[2007/11/23 20:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SugarGames
[2010/01/11 01:24:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\System Restore
[2010/03/18 03:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
[2007/02/03 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TreeCardGames
[2006/11/04 02:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
[2007/05/31 13:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\7Wonders
[2008/12/15 21:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\ACAMPREF
[2010/08/28 02:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\AKVIS LLC
[2008/04/06 20:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Alien Skin
[2010/08/22 04:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Antares
[2011/09/18 05:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Audacity
[2011/03/12 09:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Avaya
[2009/11/01 17:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\avidemux
[2007/06/21 21:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\COWON
[2011/07/11 12:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\DisplayTune
[2011/03/12 05:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\f-secure
[2010/05/03 01:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Facebook
[2010/09/02 20:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\FireShot
[2007/06/13 23:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Genimo
[2011/11/09 14:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\GlarySoft
[2007/05/20 06:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\GlowingWorld
[2008/04/12 18:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Hardcoded Software
[2007/05/21 00:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Imagenomic
[2011/06/01 00:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\ImgBurn
[2011/04/05 00:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\IObit
[2010/06/01 10:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\JPEGsnoop
[2009/11/24 15:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Leadertech
[2008/12/06 09:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\minuscule
[2009/10/14 17:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\My Games
[2011/09/15 23:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\NCH Swift Sound
[2010/06/01 12:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\OfficeRecovery
[2008/05/31 02:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\onOne Software
[2007/10/30 20:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Opera
[2011/08/17 17:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\PACE Anti-Piracy
[2011/06/08 03:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\QuickScan
[2011/09/16 00:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Recordpad
[2009/05/31 05:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Reflexive Arcade
[2009/11/30 21:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Registry Booster
[2009/01/13 02:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\ScreenSeven
[2009/06/26 16:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\SolSuite
[2011/06/01 00:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\SPORE Creature Creator
[2009/10/07 07:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Tapur
[2009/10/14 14:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\TechSmith
[2008/09/12 04:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Ultra Fractal 4
[2007/10/11 19:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Uniblue
[2008/03/06 07:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Wildfire
[2010/08/18 04:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\WinPatrol
[2011/11/12 15:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\XnView
[2011/11/11 23:29:10 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/09/05 01:14:34 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Schedule.job
[2006/07/17 06:10:00 | 000,001,299 | ---- | M] () -- C:\WINDOWS\Tasks\thisfolder.html
[2010/08/22 00:00:33 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\dzcore.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\KHALMNPR.Exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\mstihkal333\Desktop\dds.scr:SummaryInformation
@Alternate Data Stream - 1548 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:xrEDLYafUZwyViWdUO5lL4
@Alternate Data Stream - 1496 bytes -> C:\Program Files\outlook express:DuEutOLFm0aHwZ5WSZOLwfuHlW
@Alternate Data Stream - 1463 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:6WMMRrzrPfPIeAgX8PL2fs2LGm
@Alternate Data Stream - 1457 bytes -> C:\TEMP:OqPXisjImFyPfIpBW
@Alternate Data Stream - 1431 bytes -> C:\Program Files\Common Files\System:LmzBJXu45ANy2JWqOQw57Hzc
@Alternate Data Stream - 1425 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:spAZls9I1HtjxkVtS8eXeQyN2h
@Alternate Data Stream - 1346 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:mKQZH4LHTDkO77n5RswkjUb
< End of report >
safyrmwn 0 Junior Poster in Training
:-O OMG! It worked! Digital Patrol is gone from the log, hallelujah!
Thank you!
ComboFix 11-11-19.03 - mstihkal333 11/19/2011 6:52.13.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1668 [GMT -7:00]
Running from: c:\documents and settings\mstihkal333\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mstihkal333\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
d:\(all)_my\MyDocuments\~WRL1880.tmp
d:\(all)_my\MyDocuments\~WRL2770.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 13:36 . 2011-11-19 13:36 -------- d-----w- c:\windows\LastGood
2011-11-13 03:58 . 2011-11-13 03:58 -------- d-----w- C:\VritualRoot
2011-11-06 01:38 . 2011-11-12 04:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Comodo
2011-11-06 01:38 . 2011-11-06 01:38 -------- d-----w- c:\program files\COMODO
2011-11-06 01:37 . 2011-11-06 01:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Comodo Downloader
2011-11-06 01:30 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-06 01:30 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-06 01:30 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-06 01:30 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-06 01:30 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-06 01:30 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-06 01:30 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-06 01:30 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-06 01:30 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-06 01:30 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-06 01:30 . 2011-11-06 01:30 -------- d-----w- c:\program files\AVAST Software
2011-11-06 01:30 . 2011-11-06 01:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-11-04 10:20 . 2011-11-04 10:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-03 19:01 . 2011-11-03 19:01 -------- d-----w- C:\_OTL
2011-10-29 22:42 . 2008-05-02 09:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 20:44 . 2009-06-17 16:55 76304 ----a-w- c:\windows\KHALMNPR.Exe
2011-10-21 18:31 . 2011-06-13 05:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-08 01:48 . 2011-10-08 01:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-08 01:48 . 2011-10-08 01:48 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-08 01:48 . 2011-10-08 01:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-08 01:48 . 2011-10-08 01:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-08 01:47 . 2011-10-08 01:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-08 01:47 . 2011-10-08 01:47 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-03 12:06 . 2010-05-03 16:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 09:37 . 2009-01-04 19:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-16 07:32 . 2011-09-16 06:54 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys
2011-09-03 10:17 . 2004-08-04 00:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 00:00 . 2011-08-30 07:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 17:30 . 2008-08-14 14:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2011-08-29 18:16 . 2007-03-29 20:40 1880 -c--a-w- c:\windows\AUTOLNCH.REG
2008-11-27 21:34 . 2009-12-13 20:13 14957444 ----a-w- c:\program files\mozilla firefox\plugins\avcodec-51.dll
2008-11-27 21:34 . 2009-12-13 20:13 3889294 ----a-w- c:\program files\mozilla firefox\plugins\avformat-52.dll
2008-11-27 21:34 . 2009-12-13 20:13 177548 ----a-w- c:\program files\mozilla firefox\plugins\avutil-49.dll
2009-04-15 21:02 . 2009-12-13 20:13 1642496 ----a-w- c:\program files\mozilla firefox\plugins\libambulant_shwin32.dll
2009-04-15 21:03 . 2009-12-13 20:13 290816 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_ffmpeg.dll
2009-04-15 21:03 . 2009-12-13 20:13 11264 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_plugin.dll
2009-04-15 21:03 . 2009-12-13 20:13 462848 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_state_xpath.dll
2009-02-09 22:53 . 2009-12-13 20:13 1892352 ----a-w- c:\program files\mozilla firefox\plugins\xerces-c_2_8.dll
2011-10-13 02:45 . 2011-05-15 14:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-13_23.40.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-14 23:16 . 2011-11-19 13:35 26715 c:\windows\system32\tablet.dat
- 2011-10-14 23:16 . 2011-11-13 20:49 26715 c:\windows\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2011-11-09 76304]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-9-24 805392]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, digest.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-15 09:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 20:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"COMODO"=c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe
"CPA"=c:\program files\COMODO\COMODO GeekBuddy\VALA.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\mstihkal333\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/5/2011 12:54 AM 13496]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [10/6/2011 10:04 AM 17904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/5/2011 6:30 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/5/2011 6:30 PM 320856]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/7/2011 6:48 PM 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/7/2011 6:48 PM 31704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/5/2011 6:30 PM 20568]
R3 ipgd;ASUS NX1101 Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\ipgdnd51.sys [8/13/2011 4:52 PM 33408]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.SYS [3/19/2011 1:18 AM 1670016]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [9/15/2011 11:54 PM 49240]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [8/13/2011 12:25 AM 66432]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [10/6/2011 10:04 AM 51632]
S3 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [10/6/2011 10:04 AM 3074040]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [11/4/2009 9:54 AM 24576]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 5:20 AM 12648]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [8/22/2010 6:37 AM 38976]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [3/21/2007 11:10 AM 25773]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 12872]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [1/4/2011 2:53 PM 98392]
S3 WSUSBDMAN;VMware View Virtual Client USB Manager;c:\windows\system32\DRIVERS\WSUSBDMAN.sys --> c:\windows\system32\DRIVERS\WSUSBDMAN.sys [?]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S4 kcusbser;Kyocera USB Device for Legacy Serial Communication;c:\windows\system32\drivers\kcusbser.sys [11/3/2009 4:50 PM 105984]
S4 kwcxbus;kwcxbus;c:\windows\system32\drivers\kwcxbus.sys [1/19/2007 8:17 PM 52480]
S4 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/4/2011 2:53 PM 64288]
S4 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/4/2011 11:20 AM 12184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-10-13 20:08]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-602609370-839522115-1006Core.job
- c:\documents and settings\mstihkal333\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-27 07:49]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-602609370-839522115-1006UA.job
- c:\documents and settings\mstihkal333\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-27 07:49]
.
2011-09-05 c:\windows\Tasks\SmartDefrag_Schedule.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-05 01:19]
.
2010-08-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-08-22 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://go.eset.com/us/online-scanner
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: eset.com\www
Trusted Zone: eset.eu\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: kgbusa.com\wahops
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\www.update
Trusted Zone: pcpistop.com
FF - ProfilePath - c:\documents and settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.speedtest.net/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-19 07:12
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3BEEBE5E-899C-FFB5-7BEB-242B29CD3454}*]
"ladmkjldljfblmdcmdfjcohk"=hex:62,61,65,65,00,f2
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B1915B7C1E689F07E513E6759457E6429A012DC3C094C6BBC414CC47D87C327E20FB0352CD04E28E8EC48FF9D821A6824C406E774EBC7C2D6D8AD59E4EB9005AAE0E8EDCB311A81895AD18CEE270D20F63EB9B5EE1761EF0D32CB1F9BB771BF0AB0178D342D143CC9D8873B68C594AEBF6DCC4E555C83903A395AF1024CA5BD578CFEAD54190F77B5D504B5881765F3FB2B2305A5EBD4E041CA5CF775E500FC28A3BC664CC9801171D487ABD43E45AD455CDD77281E4CFB5147E4BAE9428F714EA481D63D43A0CB2BDF39455264775FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CBA7FD869164D6794A1E7D7D9DA9FA4D608B562067652AEA181137065D5FC2384AE2ECA9CFE1EC192F66D61F365062849D493E3F7781B7E1B2F2AF67247F32B4F42476D29B4C09A2B9D9B9B77B8041570AD532F322F17A6285448A457438A1043927C419957C358024AF3A3311180D4327FCD62FBE3965F3C3737B7FBB8937D01612D4414A09EB404D58A5A9E113754E7DBEA5D52BFB8673DC2D732F7FBB4A29C11CEB96BAA9CEF92BD0AE274BDB98261F82A46E6CFF17F07861DD91AC4E7B01C2A67A8AC76DB4E82A22FA4997F69565F309C079C098B6E68B48EB9E12D7BDEFD5816DC1569CF181EC84BCCAAA57F461980EACA0CC0A27CA3A4C62007B40FE7B0EB8964174C3E179F99434CF6608750378CCC0482B0A7F87052F49DF2BF1A8B1AD70714DA49421D3AA291D680C56175D797126780F75FB47A5A5E094194E68A0FB46502B873CA7B139342E2014EBF398D8D9C6E3A19E105DF8057FC456012AC5E3E900940BC1B8BC142F6AEE1D7AB245EFA635519F99D44332D4D5884300E3CC7D58BC8B47FC92954A66539C3A380C444136E9EB8E4D14F7D6ABDBBB679A0887E7C68248B76C0B24CDED5C7FA576EA82DAB5F0E69091408B7E4BD0E4B92E2E3AADCD0436F44400D9C2A27E08DFCF8677B3D652EAFF7CB5451F273F9E2B6C224E7407F8FBF6BD99EB06FC851B880F71884E7C84CC5A9381EAD0A9A6CD30682254719C53A0ED474D2E43641AA69B316D892EAE1F71676E7D2A4448218278338C44CF88635A04D4A9B882CA93E45CD54C864AEA187C11EC0E380E00FF21A174CE5EE1ABCB772846CEAE2A12FA72465860CAB3C08931E427B477FC336389E8B7EEE9A57F13CB28F3BB7AB0C92400FF9544D0DBFAD7933E92575D57383E4D810DECA312FC70343E56F7F9183AAA8486B3938250E3AD9BC7E1DEDA91B97BBA4B8D3E706C7F28F3B651241B245DE46C20184FC001B6D1BAC501A31168824C18E7D17B9DE68BAA7E3CC020026B22D4124E2DAD09F8198E527102345ABAEEFC258B73736FAFB7BD7BCC27344F5CF"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(768)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2011-11-19 07:19:56
ComboFix-quarantined-files.txt 2011-11-19 14:19
ComboFix2.txt 2011-11-13 23:47
ComboFix3.txt 2011-11-12 15:38
ComboFix4.txt 2011-11-08 00:38
ComboFix5.txt 2011-11-19 13:47
.
Pre-Run: 23,947,116,544 bytes free
Post-Run: 23,906,185,216 bytes free
.
- - End Of File - - 26BB67E7FF3EBDD0EAD2E102B8D64BFE
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Try a few reboots and see if the slowdown is still there and let me know.
safyrmwn 0 Junior Poster in Training
Try a few reboots and see if the slowdown is still there and let me know.
Concerns:
Msconfig - General
"Selective Startup" is marked
checks in all the boxes that follow
Use Original BOOT.INI is marked
Internet Properties - Connections - highlited message:
"Some settings are managed by your system administrator."
The radio button options above the message are "greyed out"
System Properties - Remote - Remote Desktop
check in "Allow users to connect remotely to this computer"
text is "greyed out" /checkbox can not be changed -
click "Select Remote Users" button & "Remote Desktop Users" window is blank?
Firefox (random instance)
Page "find" box - types a diamond shape ♦ after pressing "Back" key?
Other than that, no more slowdown and everything seems good.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Concerns:
Msconfig - General
"Selective Startup" is marked
checks in all the boxes that follow
Use Original BOOT.INI is marked
Means you have disabled start-up on certain software.
Internet Properties - Connections - highlited message:
"Some settings are managed by your system administrator."
The radio button options above the message are "greyed out"
Not sure.
System Properties - Remote - Remote Desktop
check in "Allow users to connect remotely to this computer"
text is "greyed out" /checkbox can not be changed -
click "Select Remote Users" button & "Remote Desktop Users" window is blank?
Service could be disabled already. Check in "services.msc" without "" by going to 'Start > Run.'
Firefox (random instance)
Page "find" box - types a diamond shape ♦ after pressing "Back" key?
Re-install FF?
Other than that, no more slowdown and everything seems good.
Try the above and let me know.
Edited by crunchie because: n/a
safyrmwn 0 Junior Poster in Training
From "services.msc" not sure which of these are relevant?
Remote Access Connection Manager
Status-Started/Startup Type-Manual
Remote Desktop Help Session Manager
Status-Stopped/Startup Type-Manual
Telephony
Status-Started/Startup Type-Manual
TermService
Status-Started/Startup Type-Manual
Uninstall/Install FF - no change
still getting ♦ when clicking "Back" (keyboard +/or mouse)
Thank you!
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
I believe it's the first one (looks a little different to mine).
Unless you want someone to have remote access, it's better off disabled.
Really not sure about the ♦ you are getting. Never seen that before.
Probably gone as far as I am able with this, so if you are happy, we can call it a day?
Perhaps post this in the XP forum?
safyrmwn 0 Junior Poster in Training
I believe it's the first one (looks a little different to mine).
Unless you want someone to have remote access, it's better off disabled.
Really not sure about the ♦ you are getting. Never seen that before.
Probably gone as far as I am able with this, so if you are happy, we can call it a day?
Perhaps post this in the XP forum?
Alrighty then. Happy & thankful!
Thanks so much for all your guidance and patience.
I will try the XP forum as you suggested.
Have a Happy Holiday & take care.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.