Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen of Death


  • This topic is locked This topic is locked
53 replies to this topic

#1 jtl310

jtl310

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 09 April 2010 - 03:11 PM

I will get right down to it:
- No known problems with the computer last night
- Woke up started comp and i had a Rogue Anit-spyware program on the computer creating random pops via explorer and bottom dialog pop ups regarding computer being unsafe or attacked.
- Tried the regfix/malware bytes , but regfix didnt not work and a pop up would stated reg could not be accessed/changed
- Tried to boot via safe mode to try regfix - but immediately after hitting enter on safemode option it would show the partdisk dos screen (which i know is normal) immediately followed by a flash of blue screen.
- I then tried to boot normal and the computer started just fine, so i went between trying to start safe mode (failing with the blue screen) and properly starting in normal 2-3 times and then normal would give me the blue screen.
- When i tried to start in any mode the blue screen would pop up before the xp welcome screen and it would not last - it would flash and restart the computer.

What i already tried?
- So far i have used the recovery console via the bios boot XP cd - and copied the atapi.sys file but has not changed anything.
But i took a picture of the blue screen which is posted below - i apologize for the poor quality but please understand the blue screen appears and disappears within a second.



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:04 PM

Posted 09 April 2010 - 03:13 PM

Hello there,

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Use Safelist
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 jtl310

jtl310
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 09 April 2010 - 03:17 PM

Thanks for all the help Elise! i really do appreciate it smile.gif

fyi - downloading burning loading shouldnt take more than 20-30 minutes.

#4 jtl310

jtl310
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 09 April 2010 - 03:52 PM

OTL logfile created on: 4/9/2010 3:42:01 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 303.00 Mb Available Physical Memory | 59.00% Memory free
459.00 Mb Paging File | 335.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 6.97 Gb Free Space | 9.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (FirebirdServerDefaultInstance)
SRV - [2010/03/02 22:29:01 | 001,029,456 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/22 23:11:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/06/15 18:55:00 | 000,300,544 | ---- | M] (Nokia.) [Disabled] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/01/31 10:50:24 | 000,066,335 | ---- | M] (PostgreSQL Global Development Group) [Disabled] -- C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe -- (pgsql-8.0)
SRV - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Auto] -- -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (_VOIDd.sys)
DRV - [2010/04/09 13:19:51 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\bzxnd.sys -- (bzxnd)
DRV - [2010/04/09 12:54:17 | 000,044,544 | ---- | M] () [Kernel | System] -- C:\WINDOWS\_VOIDwqqoievmpe\_VOIDd.sys -- (_VOIDwqqoievmpe)
DRV - [2010/04/09 12:54:11 | 000,044,544 | ---- | M] () [Kernel | System] -- C:\WINDOWS\_VOIDbwwkyijpet\_VOIDd.sys -- (_VOIDbwwkyijpet)
DRV - [2009/05/16 16:50:47 | 000,040,576 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2009/04/21 21:30:29 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2008/08/14 10:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/06/06 11:24:44 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/07 09:38:36 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 09:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 09:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/02/25 14:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/08/06 20:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/10/13 02:26:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/03/04 17:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/02/24 01:26:00 | 003,444,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/05/08 12:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/12/17 18:02:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2003/12/17 18:02:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tiumflt.sys -- (DevUpper)
DRV - [2003/12/02 02:27:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/10/23 03:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 15:40:00 | 000,094,601 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/18 01:57:52 | 000,007,080 | R--- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/05 23:46:16 | 000,005,220 | R--- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\eabusb.sys -- (eabusb)
DRV - [2001/11/05 13:56:00 | 000,032,960 | ---- | M] (ALCATech GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL)
DRV - [2001/05/28 17:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MARXDEV3.SYS -- (MarxDev3)
DRV - [2001/05/28 17:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MARXDEV2.SYS -- (MarxDev2)
DRV - [2001/05/28 17:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MARXDEV1.SYS -- (MarxDev1)
DRV - [1997/12/23 04:00:00 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\JT_Vanguard_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 23:53:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 18:30:34 | 000,000,000 | ---D | M]

[2010/04/08 01:55:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/23 02:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/02/23 00:28:45 | 000,001,665 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 3 more lines...
O2 - BHO: (C:\WINDOWS\system32\vo4s7.dll) - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\vo4s7.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\mwqth7ez.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.69.dll ()
O3 - HKU\Joel_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ewrgetuj] C:\DOCUME~1\Joel\LOCALS~1\Temp\geurge.exe File not found
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe (Universal Electronics Inc.)
O4 - HKU\Joel_ON_C..\Run: [dbnetlib.exe] C:\Documents and Settings\Joel\Local Settings\Temp\dbnetlib.exe (Microsoft Corporation)
O4 - HKU\Joel_ON_C..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\Documents and Settings\Joel\Local Settings\Temp\tv9j4.exe ()
O4 - HKU\Joel_ON_C..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Documents and Settings\Joel\Local Settings\Temp\avp32.exe ()
O4 - HKU\Joel_ON_C..\Run: [notepad] C:\Documents and Settings\Joel\ntload.dll ()
O4 - HKU\Joel_ON_C..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\Joel_ON_C..\Run: [YVIBBBHA8C] C:\Documents and Settings\Joel\Local Settings\Temp\Ml1.exe ()
O4 - Startup: C:\Documents and Settings\Joel\Start Menu\Programs\Startup\scandisk.dll ()
O4 - Startup: C:\Documents and Settings\Joel\Start Menu\Programs\Startup\scandisk.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Joel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Joel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\Joel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Joel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\JT_Vanguard_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1215127886828 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1215152956656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.105,93.188.166.153
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - hasiufhiusdfjdhfudd - C:\WINDOWS\system32\vo4s7.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/03 18:33:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 12:54:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\_VOIDwqqoievmpe
[2010/04/09 12:54:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\_VOIDbwwkyijpet
[2010/04/09 01:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\URUSoft
[2010/04/09 01:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
[2010/04/08 16:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\My Documents\Nujabes
[2010/04/08 14:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\My Documents\Avalon.2001.DVDRip.XviD-iNOS
[2010/04/06 17:57:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joel\PrivacIE
[2010/04/06 13:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\Local Settings\Application Data\gihtskgli
[2010/03/19 00:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/03/16 02:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\My Documents\New.Moon.DVDRip.XviD-NeDiVx
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/09 15:44:55 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/09 13:30:00 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/09 13:30:00 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/09 13:29:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/09 13:29:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/09 13:29:26 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Joel\NTUSER.DAT
[2010/04/09 13:29:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Joel\ntuser.ini
[2010/04/09 13:29:21 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/09 13:28:20 | 000,000,428 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/09 13:28:20 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/04/09 13:28:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/09 13:28:19 | 000,000,191 | ---- | M] () -- C:\WINDOWS\System32\_VOIDmnfppueoad.dat
[2010/04/09 13:27:43 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/09 13:27:37 | 000,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/09 13:27:04 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 13:19:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\bzxnd.sys
[2010/04/09 12:54:29 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDyoypcgfsnc.dll
[2010/04/09 12:54:29 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDerpjdictax.dll
[2010/04/09 12:54:15 | 000,029,696 | ---- | M] () -- C:\WINDOWS\System32\_VOIDmspqmxdnvv.dll
[2010/04/09 12:54:14 | 000,000,118 | ---- | M] () -- C:\tujserrew.bat
[2010/04/09 12:53:34 | 000,020,000 | ---- | M] () -- C:\WINDOWS\System32\vo4s7.dll
[2010/04/09 12:53:34 | 000,000,647 | -HS- | M] () -- C:\Documents and Settings\Joel\Start Menu\Programs\Startup\scandisk.lnk
[2010/04/09 12:53:13 | 000,189,440 | ---- | M] () -- C:\WINDOWS\Mdunea.exe
[2010/04/09 03:31:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1292428093-725345543-1004UA.job
[2010/04/09 01:44:54 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Subtitle Workshop.lnk
[2010/04/06 13:31:14 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1292428093-725345543-1004Core.job
[2010/04/05 21:30:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/31 14:38:00 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Google Chrome.lnk
[2010/03/23 04:25:32 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\List of Books to read.doc
[2010/03/22 02:40:16 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Curative Powers reviewed by Jennifer Looyis.doc
[2010/03/18 02:15:36 | 000,022,484 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/17 02:30:31 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\lightning lap times.xls
[2010/03/15 01:02:36 | 000,436,470 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 01:02:35 | 000,069,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 01:02:31 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 18:38:06 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\resume short.doc
[2010/03/12 18:37:38 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\resume fullform.doc
[2010/03/12 18:36:48 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\resume full.doc
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/09 12:54:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDerpjdictax.dll
[2010/04/09 12:54:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDyoypcgfsnc.dll
[2010/04/09 12:54:16 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\_VOIDmnfppueoad.dat
[2010/04/09 12:54:15 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\_VOIDmspqmxdnvv.dll
[2010/04/09 12:54:14 | 000,000,118 | ---- | C] () -- C:\tujserrew.bat
[2010/04/09 12:53:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bzxnd.sys
[2010/04/09 12:53:42 | 000,189,440 | ---- | C] () -- C:\WINDOWS\Mdunea.exe
[2010/04/09 12:53:34 | 000,020,000 | ---- | C] () -- C:\WINDOWS\System32\vo4s7.dll
[2010/04/09 12:53:29 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/09 12:53:25 | 000,000,244 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/09 01:44:54 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\Subtitle Workshop.lnk
[2010/03/23 04:19:49 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\List of Books to read.doc
[2010/03/22 02:00:30 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\Curative Powers reviewed by Jennifer Looyis.doc
[2010/03/17 02:30:30 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\lightning lap times.xls
[2010/03/12 18:38:06 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\resume short.doc
[2010/03/12 18:37:38 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\resume fullform.doc
[2010/03/12 17:52:53 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\resume full.doc
[2009/11/28 18:22:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\prvlcl.dat
[2009/07/15 01:16:50 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\winscp.rnd
[2009/01/28 03:34:07 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2008/10/08 20:47:12 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 12:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/07/17 02:23:18 | 000,138,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/10 18:24:10 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS
[2008/07/10 18:24:10 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS
[2008/07/10 18:24:10 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS
[2008/07/10 18:24:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/07/04 13:47:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/04 13:46:38 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/03 18:48:39 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/07/03 18:47:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/07/03 18:42:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2008/07/03 18:29:25 | 000,040,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/02/04 20:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/12/07 13:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/01/31 10:50:14 | 000,154,758 | ---- | C] () -- C:\WINDOWS\System32\libpq.dll
[2004/04/27 10:45:24 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\libintl-2.dll
[2004/03/18 19:43:52 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/03/18 19:43:44 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/01/08 23:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/31 15:00:00 | 000,034,304 | -HS- | C] () -- C:\WINDOWS\System32\notepad.dll
[2003/01/31 19:41:30 | 000,916,849 | ---- | C] () -- C:\WINDOWS\System32\libiconv-2.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2010/04/08 22:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Audacity
[2008/07/04 02:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\COWON
[2009/09/10 22:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\FireShot
[2010/02/24 05:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\foobar2000
[2008/08/27 17:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Free-backup.info
[2009/12/06 04:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\gtk-2.0
[2008/09/04 01:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\InterVideo
[2009/10/29 15:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\IObit
[2008/08/22 21:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Nokia
[2008/07/04 14:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\OfficeUpdate12
[2008/08/22 20:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\PC Suite
[2009/02/04 21:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Publish Providers
[2009/07/12 17:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\SecondLife
[2009/02/05 05:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Sony
[2008/07/25 20:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\SystemRequirementsLab
[2009/09/01 20:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\TELUS
[2008/11/03 19:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\TigerPlayer
[2010/04/02 20:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\uTorrent
[2010/04/05 21:30:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/01/25 01:28:10 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/04/09 13:29:21 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/09 13:27:43 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========


< End of report >


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:04 PM

Posted 09 April 2010 - 04:05 PM

Please rerun OTLPE, and copy/paste the text in the codebox below into the "run scan/fix" field. Click "run fix".
CODE
:otl
DRV - File not found [Kernel | System] -- -- (_VOIDd.sys)
DRV - [2010/04/09 13:19:51 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\bzxnd.sys -- (bzxnd)
DRV - [2010/04/09 12:54:17 | 000,044,544 | ---- | M] () [Kernel | System] -- C:\WINDOWS\_VOIDwqqoievmpe\_VOIDd.sys -- (_VOIDwqqoievmpe)
DRV - [2010/04/09 12:54:11 | 000,044,544 | ---- | M] () [Kernel | System] -- C:\WINDOWS\_VOIDbwwkyijpet\_VOIDd.sys -- (_VOIDbwwkyijpet)
IE - HKU\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O2 - BHO: (C:\WINDOWS\system32\vo4s7.dll) - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\vo4s7.dll ()
O4 - HKLM..\Run: [ewrgetuj] C:\DOCUME~1\Joel\LOCALS~1\Temp\geurge.exe File not found
O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL ()
O4 - HKU\Joel_ON_C..\Run: [dbnetlib.exe] C:\Documents and Settings\Joel\Local Settings\Temp\dbnetlib.exe (Microsoft Corporation)
O4 - HKU\Joel_ON_C..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\Documents and Settings\Joel\Local Settings\Temp\tv9j4.exe ()
O4 - HKU\Joel_ON_C..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Documents and Settings\Joel\Local Settings\Temp\avp32.exe ()
O4 - HKU\Joel_ON_C..\Run: [notepad] C:\Documents and Settings\Joel\ntload.dll ()
O4 - HKU\Joel_ON_C..\Run: [YVIBBBHA8C] C:\Documents and Settings\Joel\Local Settings\Temp\Ml1.exe ()
O4 - Startup: C:\Documents and Settings\Joel\Start Menu\Programs\Startup\scandisk.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Joel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\Joel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Joel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O22 - SharedTaskScheduler: {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - hasiufhiusdfjdhfudd - C:\WINDOWS\system32\vo4s7.dll ()
[2010/04/09 12:54:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\_VOIDwqqoievmpe
[2010/04/09 12:54:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\_VOIDbwwkyijpet
[2010/04/09 12:54:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDerpjdictax.dll
[2010/04/09 12:54:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDyoypcgfsnc.dll
[2010/04/09 12:54:16 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\_VOIDmnfppueoad.dat
[2010/04/09 12:54:15 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\_VOIDmspqmxdnvv.dll
[2010/04/09 12:54:14 | 000,000,118 | ---- | C] () -- C:\tujserrew.bat
[2010/04/09 12:53:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bzxnd.sys
[2010/04/09 12:53:42 | 000,189,440 | ---- | C] () -- C:\WINDOWS\Mdunea.exe
[2010/04/09 12:53:34 | 000,020,000 | ---- | C] () -- C:\WINDOWS\System32\vo4s7.dll
[2010/04/09 12:53:29 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/09 12:53:25 | 000,000,244 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

:commands
[emptytemp]

Afterwards try to boot and let me know what happens.

Edited by elise025, 09 April 2010 - 04:05 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 jtl310

jtl310
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 09 April 2010 - 04:22 PM

mmmm how long is [emptytemp] supposed to take?? its been 5-10 minutes at the least and is still going :/- i hope that normal..

#7 jtl310

jtl310
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 09 April 2010 - 04:34 PM

k i guess it took along time and everything worked out.

Ive pasted the copy of the follow up text of OTL and then the second set is a re-scan and posted that as well.

Then i shut down the comp took out the CD and started the laptop in normal - and the same thing again blue screen- and no xp welcome screen sad.gif


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\_VOIDd.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\bzxnd deleted successfully.
C:\WINDOWS\system32\drivers\bzxnd.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\_VOIDwqqoievmpe deleted successfully.
C:\WINDOWS\_VOIDwqqoievmpe\_VOIDd.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\_VOIDbwwkyijpet deleted successfully.
C:\WINDOWS\_VOIDbwwkyijpet\_VOIDd.sys moved successfully.
Unable to set value : HKU\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9BA40A1-74F1-52BD-F431-00B15A2C8953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9BA40A1-74F1-52BD-F431-00B15A2C8953}\ deleted successfully.
C:\WINDOWS\system32\vo4s7.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ewrgetuj deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\notepad deleted successfully.
C:\WINDOWS\system32\notepad.dll moved successfully.
Registry value HKEY_USERS\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\dbnetlib.exe deleted successfully.
C:\Documents and Settings\Joel\Local Settings\Temp\dbnetlib.exe moved successfully.
Registry value HKEY_USERS\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\hf8wefhuaihf8ewfydiujhfdsfdf deleted successfully.
C:\Documents and Settings\Joel\Local Settings\Temp\tv9j4.exe moved successfully.
Registry value HKEY_USERS\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\hsf87efjhdsf87f3jfsdi7fhsujfd deleted successfully.
C:\Documents and Settings\Joel\Local Settings\Temp\avp32.exe moved successfully.
Registry value HKEY_USERS\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\notepad deleted successfully.
C:\Documents and Settings\Joel\ntload.dll moved successfully.
Registry value HKEY_USERS\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\YVIBBBHA8C deleted successfully.
C:\Documents and Settings\Joel\Local Settings\Temp\Ml1.exe moved successfully.
C:\Documents and Settings\Joel\Start Menu\Programs\Startup\scandisk.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\Joel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully.
Registry value HKEY_USERS\Joel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\Joel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{A9BA40A1-74F1-52BD-F431-00B15A2C8953} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9BA40A1-74F1-52BD-F431-00B15A2C8953}\ not found.
File C:\WINDOWS\system32\vo4s7.dll not found.
C:\WINDOWS\_VOIDwqqoievmpe folder moved successfully.
C:\WINDOWS\_VOIDbwwkyijpet folder moved successfully.
C:\WINDOWS\system32\_VOIDerpjdictax.dll moved successfully.
C:\WINDOWS\system32\_VOIDyoypcgfsnc.dll moved successfully.
C:\WINDOWS\system32\_VOIDmnfppueoad.dat moved successfully.
C:\WINDOWS\system32\_VOIDmspqmxdnvv.dll moved successfully.
C:\tujserrew.bat moved successfully.
File C:\WINDOWS\System32\drivers\bzxnd.sys not found.
C:\WINDOWS\Mdunea.exe moved successfully.
File C:\WINDOWS\System32\vo4s7.dll not found.
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Joel
->Temp folder emptied: 1031917798 bytes
->Temporary Internet Files folder emptied: 190654296 bytes
->Java cache emptied: 2710633 bytes
->FireFox cache emptied: 45397698 bytes
->Google Chrome cache emptied: 232461564 bytes
->Flash cache emptied: 129875 bytes

User: JT Vanguard
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 132378 bytes
->Temporary Internet Files folder emptied: 1326917 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20436800 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23938290 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes

Total Files Cleaned = 1,479.00 mb


OTLPE by OldTimer - Version 3.1.37.1 log created on 04092010_160821




++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



OTL logfile created on: 4/9/2010 4:28:45 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 247.00 Mb Available Physical Memory | 48.00% Memory free
459.00 Mb Paging File | 305.00 Mb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 8.41 Gb Free Space | 11.29% Space Free | Partition Type: NTFS
Drive D: | 491.23 Mb Total Space | 377.55 Mb Free Space | 76.86% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (FirebirdServerDefaultInstance)
SRV - [2010/03/02 22:29:01 | 001,029,456 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/22 23:11:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/06/15 18:55:00 | 000,300,544 | ---- | M] (Nokia.) [Disabled] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/01/31 10:50:24 | 000,066,335 | ---- | M] (PostgreSQL Global Development Group) [Disabled] -- C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe -- (pgsql-8.0)
SRV - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Auto] -- -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2009/05/16 16:50:47 | 000,040,576 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2009/04/21 21:30:29 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2008/08/14 10:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/06/06 11:24:44 | 000,008,064 | ---- | M] (Windows Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/07 09:38:36 | 000,008,064 | ---- | M] (Windows Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 09:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 09:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/02/25 14:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/08/06 20:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/10/13 02:26:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/03/04 17:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/02/24 01:26:00 | 003,444,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/05/08 12:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/12/17 18:02:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2003/12/17 18:02:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tiumflt.sys -- (DevUpper)
DRV - [2003/12/02 02:27:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/10/23 03:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 15:40:00 | 000,094,601 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/18 01:57:52 | 000,007,080 | R--- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/05 23:46:16 | 000,005,220 | R--- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\eabusb.sys -- (eabusb)
DRV - [2001/11/05 13:56:00 | 000,032,960 | ---- | M] (ALCATech GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL)
DRV - [2001/05/28 17:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MARXDEV3.SYS -- (MarxDev3)
DRV - [2001/05/28 17:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MARXDEV2.SYS -- (MarxDev2)
DRV - [2001/05/28 17:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MARXDEV1.SYS -- (MarxDev1)
DRV - [1997/12/23 04:00:00 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\JT_Vanguard_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 23:53:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 18:30:34 | 000,000,000 | ---D | M]

[2010/04/09 03:44:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/23 02:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/02/23 00:28:45 | 000,001,665 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 3 more lines...
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\mwqth7ez.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.69.dll ()
O3 - HKU\Joel_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe (Universal Electronics Inc.)
O4 - HKU\Joel_ON_C..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\Joel\Start Menu\Programs\Startup\scandisk.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Joel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\JT_Vanguard_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1215127886828 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1215152956656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.105,93.188.166.153
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/03 18:33:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 16:08:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/09 01:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\URUSoft
[2010/04/09 01:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
[2010/04/08 16:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\My Documents\Nujabes
[2010/04/08 14:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\My Documents\Avalon.2001.DVDRip.XviD-iNOS
[2010/04/06 17:57:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joel\PrivacIE
[2010/04/06 13:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\Local Settings\Application Data\gihtskgli
[2010/03/19 00:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/03/16 02:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\My Documents\New.Moon.DVDRip.XviD-NeDiVx

========== Files - Modified Within 30 Days ==========

[2010/04/09 16:28:26 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/09 13:30:00 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/09 13:30:00 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/09 13:29:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/09 13:29:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/09 13:29:26 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Joel\NTUSER.DAT
[2010/04/09 13:29:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Joel\ntuser.ini
[2010/04/09 13:28:20 | 000,000,428 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/09 13:28:20 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/04/09 13:28:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/09 13:27:37 | 000,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/09 13:27:04 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 12:53:34 | 000,000,647 | -HS- | M] () -- C:\Documents and Settings\Joel\Start Menu\Programs\Startup\scandisk.lnk
[2010/04/09 03:31:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1292428093-725345543-1004UA.job
[2010/04/09 01:44:54 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Subtitle Workshop.lnk
[2010/04/06 13:31:14 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1292428093-725345543-1004Core.job
[2010/04/05 21:30:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/31 14:38:00 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Google Chrome.lnk
[2010/03/23 04:25:32 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\List of Books to read.doc
[2010/03/22 02:40:16 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Curative Powers reviewed by Jennifer Looyis.doc
[2010/03/18 02:15:36 | 000,022,484 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/17 02:30:31 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\lightning lap times.xls
[2010/03/15 01:02:36 | 000,436,470 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 01:02:35 | 000,069,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 01:02:31 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 18:38:06 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\resume short.doc
[2010/03/12 18:37:38 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\resume fullform.doc
[2010/03/12 18:36:48 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\resume full.doc

========== Files Created - No Company Name ==========

[2010/04/09 01:44:54 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\Subtitle Workshop.lnk
[2010/03/23 04:19:49 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\List of Books to read.doc
[2010/03/22 02:00:30 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\Curative Powers reviewed by Jennifer Looyis.doc
[2010/03/17 02:30:30 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\lightning lap times.xls
[2010/03/12 18:38:06 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\resume short.doc
[2010/03/12 18:37:38 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\resume fullform.doc
[2010/03/12 17:52:53 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\resume full.doc
[2009/11/28 18:22:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\prvlcl.dat
[2009/07/15 01:16:50 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\winscp.rnd
[2009/01/28 03:34:07 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2008/10/08 20:47:12 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 12:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/07/17 02:23:18 | 000,138,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/10 18:24:10 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS
[2008/07/10 18:24:10 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS
[2008/07/10 18:24:10 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS
[2008/07/10 18:24:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/07/04 13:47:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/04 13:46:38 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/03 18:48:39 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/07/03 18:47:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/07/03 18:42:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2008/07/03 18:29:25 | 000,040,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/02/04 20:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/12/07 13:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/01/31 10:50:14 | 000,154,758 | ---- | C] () -- C:\WINDOWS\System32\libpq.dll
[2004/04/27 10:45:24 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\libintl-2.dll
[2004/03/18 19:43:52 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/03/18 19:43:44 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/01/08 23:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/31 19:41:30 | 000,916,849 | ---- | C] () -- C:\WINDOWS\System32\libiconv-2.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2010/04/08 22:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Audacity
[2008/07/04 02:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\COWON
[2009/09/10 22:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\FireShot
[2010/02/24 05:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\foobar2000
[2008/08/27 17:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Free-backup.info
[2009/12/06 04:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\gtk-2.0
[2008/09/04 01:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\InterVideo
[2009/10/29 15:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\IObit
[2008/08/22 21:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Nokia
[2008/07/04 14:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\OfficeUpdate12
[2008/08/22 20:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\PC Suite
[2009/02/04 21:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Publish Providers
[2009/07/12 17:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\SecondLife
[2009/02/05 05:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Sony
[2008/07/25 20:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\SystemRequirementsLab
[2009/09/01 20:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\TELUS
[2008/11/03 19:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\TigerPlayer
[2010/04/02 20:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\uTorrent
[2010/04/05 21:30:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/01/25 01:28:10 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========


< End of report >

Edited by jtl310, 09 April 2010 - 04:35 PM.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:04 PM

Posted 10 April 2010 - 01:29 AM

Please rerun the OTLPE scan, but before clicking "run scan" do the following:

Under Drivers make sure All is ticked.

Type the word restorepoints in the "run scan/fix" field.

Now click "run scan".

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 jtl310

jtl310
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 10 April 2010 - 01:57 AM

OTL logfile created on: 4/10/2010 2:49:46 AM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 305.00 Mb Available Physical Memory | 60.00% Memory free
459.00 Mb Paging File | 336.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 8.42 Gb Free Space | 11.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (FirebirdServerDefaultInstance)
SRV - [2010/03/02 22:29:01 | 001,029,456 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/22 23:11:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/06/15 18:55:00 | 000,300,544 | ---- | M] (Nokia.) [Disabled] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/01/31 10:50:24 | 000,066,335 | ---- | M] (PostgreSQL Global Development Group) [Disabled] -- C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe -- (pgsql-8.0)
SRV - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Auto] -- -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/04 14:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/06/01 16:51:54 | 000,027,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2009/05/18 17:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/16 16:50:47 | 000,040,576 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2009/04/21 21:30:29 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2008/12/07 18:24:07 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/08/14 10:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/06 11:24:44 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/07 09:38:36 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 09:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 09:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:39:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 14:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 14:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008/04/13 14:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:38 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/04/13 14:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
DRV - [2008/04/13 14:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/02/25 14:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/06 20:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/03/07 19:51:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2006/11/02 09:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2006/10/18 22:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2006/10/13 02:26:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/09/16 00:30:10 | 000,082,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/16 00:29:52 | 000,076,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2005/03/04 17:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/02/24 01:26:00 | 003,444,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/05/08 12:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/02/01 11:22:00 | 000,100,384 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2004/01/13 18:40:28 | 000,612,032 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/12/17 18:02:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2003/12/17 18:02:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tiumflt.sys -- (DevUpper)
DRV - [2003/12/02 02:27:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/10/23 03:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 15:40:00 | 000,094,601 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/18 01:57:52 | 000,007,080 | R--- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/05 23:46:16 | 000,005,220 | R--- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\eabusb.sys -- (eabusb)
DRV - [2003/03/31 15:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2003/03/31 15:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2003/03/31 15:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2003/03/31 15:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2003/03/31 15:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/31 15:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2003/03/31 15:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2003/03/31 15:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2003/03/31 15:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2003/03/31 15:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2003/03/31 15:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2003/03/31 15:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2003/03/31 15:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2003/03/31 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2003/03/31 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2003/03/31 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2003/03/31 15:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2003/03/31 15:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2003/03/31 15:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2001/11/05 13:56:00 | 000,032,960 | ---- | M] (ALCATech GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL)
DRV - [2001/08/17 16:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/05/28 17:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MARXDEV3.SYS -- (MarxDev3)
DRV - [2001/05/28 17:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MARXDEV2.SYS -- (MarxDev2)
DRV - [2001/05/28 17:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MARXDEV1.SYS -- (MarxDev1)
DRV - [1997/12/23 04:00:00 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\JT_Vanguard_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 23:53:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 18:30:34 | 000,000,000 | ---D | M]

[2010/04/09 03:44:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/23 02:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/02/23 00:28:45 | 000,001,665 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 3 more lines...
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\mwqth7ez.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.69.dll ()
O3 - HKU\Joel_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe (Universal Electronics Inc.)
O4 - HKU\Joel_ON_C..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\Joel\Start Menu\Programs\Startup\scandisk.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Joel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\JT_Vanguard_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1215127886828 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1215152956656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.105,93.188.166.153
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/03 18:33:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 16:08:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/09 01:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\URUSoft
[2010/04/09 01:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
[2010/04/08 16:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\My Documents\Nujabes
[2010/04/08 14:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\My Documents\Avalon.2001.DVDRip.XviD-iNOS
[2010/04/06 17:57:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joel\PrivacIE
[2010/04/06 13:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\Local Settings\Application Data\gihtskgli
[2010/03/19 00:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/03/16 02:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\My Documents\New.Moon.DVDRip.XviD-NeDiVx

========== Files - Modified Within 30 Days ==========

[2010/04/09 16:30:50 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Joel\NTUSER.DAT
[2010/04/09 16:30:50 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/09 13:30:00 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/09 13:30:00 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/09 13:29:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/09 13:29:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/09 13:29:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Joel\ntuser.ini
[2010/04/09 13:28:20 | 000,000,428 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/09 13:28:20 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/04/09 13:28:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/09 13:27:37 | 000,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/09 13:27:04 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 12:53:34 | 000,000,647 | -HS- | M] () -- C:\Documents and Settings\Joel\Start Menu\Programs\Startup\scandisk.lnk
[2010/04/09 03:31:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1292428093-725345543-1004UA.job
[2010/04/09 01:44:54 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Subtitle Workshop.lnk
[2010/04/06 13:31:14 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1292428093-725345543-1004Core.job
[2010/04/05 21:30:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/31 14:38:00 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Google Chrome.lnk
[2010/03/23 04:25:32 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\List of Books to read.doc
[2010/03/22 02:40:16 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Curative Powers reviewed by Jennifer Looyis.doc
[2010/03/18 02:15:36 | 000,022,484 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/17 02:30:31 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\lightning lap times.xls
[2010/03/15 01:02:36 | 000,436,470 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 01:02:35 | 000,069,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 01:02:31 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 18:38:06 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\resume short.doc
[2010/03/12 18:37:38 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\resume fullform.doc
[2010/03/12 18:36:48 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\resume full.doc

========== Files Created - No Company Name ==========

[2010/04/09 01:44:54 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\Subtitle Workshop.lnk
[2010/03/23 04:19:49 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\List of Books to read.doc
[2010/03/22 02:00:30 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\Curative Powers reviewed by Jennifer Looyis.doc
[2010/03/17 02:30:30 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\lightning lap times.xls
[2010/03/12 18:38:06 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\resume short.doc
[2010/03/12 18:37:38 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\resume fullform.doc
[2010/03/12 17:52:53 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\resume full.doc
[2009/11/28 18:22:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\prvlcl.dat
[2009/07/15 01:16:50 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\winscp.rnd
[2009/01/28 03:34:07 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2008/10/08 20:47:12 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 12:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/07/17 02:23:18 | 000,138,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/10 18:24:10 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS
[2008/07/10 18:24:10 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS
[2008/07/10 18:24:10 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS
[2008/07/10 18:24:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/07/04 13:47:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/04 13:46:38 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/03 18:48:39 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/07/03 18:47:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/07/03 18:42:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2008/07/03 18:29:25 | 000,040,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/02/04 20:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/12/07 13:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/01/31 10:50:14 | 000,154,758 | ---- | C] () -- C:\WINDOWS\System32\libpq.dll
[2004/04/27 10:45:24 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\libintl-2.dll
[2004/03/18 19:43:52 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/03/18 19:43:44 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/01/08 23:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/31 19:41:30 | 000,916,849 | ---- | C] () -- C:\WINDOWS\System32\libiconv-2.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2010/04/08 22:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Audacity
[2008/07/04 02:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\COWON
[2009/09/10 22:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\FireShot
[2010/02/24 05:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\foobar2000
[2008/08/27 17:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Free-backup.info
[2009/12/06 04:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\gtk-2.0
[2008/09/04 01:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\InterVideo
[2009/10/29 15:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\IObit
[2008/08/22 21:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Nokia
[2008/07/04 14:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\OfficeUpdate12
[2008/08/22 20:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\PC Suite
[2009/02/04 21:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Publish Providers
[2009/07/12 17:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\SecondLife
[2009/02/05 05:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Sony
[2008/07/25 20:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\SystemRequirementsLab
[2009/09/01 20:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\TELUS
[2008/11/03 19:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\TigerPlayer
[2010/04/02 20:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\uTorrent
[2010/04/05 21:30:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/01/25 01:28:10 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========



========== Restore Points Found ==========
< End of report >


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:04 PM

Posted 10 April 2010 - 02:19 AM

Can you please run the following fix?
CODE
:otl
DRV - File not found [Kernel | Auto] -- -- (RPSKT) Security Services Driver (x86)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 jtl310

jtl310
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 10 April 2010 - 02:25 AM

========== OTL ==========
Service\Driver key RPSKT) Security Services Driver (x86 not found.

OTLPE by OldTimer - Version 3.1.37.1 log created on 04102010_032409


#12 jtl310

jtl310
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 10 April 2010 - 02:56 AM

OTL logfile created on: 4/10/2010 3:50:22 AM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 258.00 Mb Available Physical Memory | 50.00% Memory free
459.00 Mb Paging File | 296.00 Mb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 8.42 Gb Free Space | 11.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (FirebirdServerDefaultInstance)
SRV - [2010/03/02 22:29:01 | 001,029,456 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/22 23:11:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/06/15 18:55:00 | 000,300,544 | ---- | M] (Nokia.) [Disabled] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/01/31 10:50:24 | 000,066,335 | ---- | M] (PostgreSQL Global Development Group) [Disabled] -- C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe -- (pgsql-8.0)
SRV - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Auto] -- -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/04 14:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/06/01 16:51:54 | 000,027,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2009/05/18 17:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/16 16:50:47 | 000,040,576 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2009/04/21 21:30:29 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2008/12/07 18:24:07 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/08/14 10:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/06 11:24:44 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/07 09:38:36 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 09:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 09:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:39:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 14:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 14:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008/04/13 14:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:38 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/04/13 14:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
DRV - [2008/04/13 14:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/02/25 14:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/06 20:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/03/07 19:51:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2006/11/02 09:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2006/10/18 22:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2006/10/13 02:26:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/09/16 00:30:10 | 000,082,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/16 00:29:52 | 000,076,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2005/03/04 17:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/02/24 01:26:00 | 003,444,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/05/08 12:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/02/01 11:22:00 | 000,100,384 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2004/01/13 18:40:28 | 000,612,032 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/12/17 18:02:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2003/12/17 18:02:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tiumflt.sys -- (DevUpper)
DRV - [2003/12/02 02:27:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/10/23 03:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 15:40:00 | 000,094,601 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/18 01:57:52 | 000,007,080 | R--- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/05 23:46:16 | 000,005,220 | R--- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\eabusb.sys -- (eabusb)
DRV - [2003/03/31 15:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2003/03/31 15:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2003/03/31 15:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2003/03/31 15:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2003/03/31 15:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/31 15:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2003/03/31 15:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2003/03/31 15:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2003/03/31 15:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2003/03/31 15:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2003/03/31 15:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2003/03/31 15:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2003/03/31 15:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2003/03/31 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2003/03/31 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2003/03/31 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2003/03/31 15:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2003/03/31 15:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2003/03/31 15:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2001/11/05 13:56:00 | 000,032,960 | ---- | M] (ALCATech GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL)
DRV - [2001/08/17 16:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/05/28 17:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MARXDEV3.SYS -- (MarxDev3)
DRV - [2001/05/28 17:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MARXDEV2.SYS -- (MarxDev2)
DRV - [2001/05/28 17:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MARXDEV1.SYS -- (MarxDev1)
DRV - [1997/12/23 04:00:00 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Joel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\JT_Vanguard_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 23:53:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 18:30:34 | 000,000,000 | ---D | M]

[2010/04/09 03:44:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/23 02:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/02/23 00:28:45 | 000,001,665 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 3 more lines...
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\mwqth7ez.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.69.dll ()
O3 - HKU\Joel_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe (Universal Electronics Inc.)
O4 - HKU\Joel_ON_C..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\Joel\Start Menu\Programs\Startup\scandisk.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Joel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\JT_Vanguard_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1215127886828 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1215152956656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.105,93.188.166.153
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/03 18:33:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 16:08:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/09 01:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\URUSoft
[2010/04/09 01:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
[2010/04/08 16:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\My Documents\Nujabes
[2010/04/08 14:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\My Documents\Avalon.2001.DVDRip.XviD-iNOS
[2010/04/06 17:57:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joel\PrivacIE
[2010/04/06 13:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\Local Settings\Application Data\gihtskgli
[2010/03/19 00:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/03/16 02:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\My Documents\New.Moon.DVDRip.XviD-NeDiVx

========== Files - Modified Within 30 Days ==========

[2010/04/09 16:30:50 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Joel\NTUSER.DAT
[2010/04/09 16:30:50 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/09 13:30:00 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/09 13:30:00 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/09 13:29:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/09 13:29:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/09 13:29:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Joel\ntuser.ini
[2010/04/09 13:28:20 | 000,000,428 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/09 13:28:20 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/04/09 13:28:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/09 13:27:37 | 000,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/09 13:27:04 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 12:53:34 | 000,000,647 | -HS- | M] () -- C:\Documents and Settings\Joel\Start Menu\Programs\Startup\scandisk.lnk
[2010/04/09 03:31:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1292428093-725345543-1004UA.job
[2010/04/09 01:44:54 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Subtitle Workshop.lnk
[2010/04/06 13:31:14 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1292428093-725345543-1004Core.job
[2010/04/05 21:30:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/31 14:38:00 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Google Chrome.lnk
[2010/03/23 04:25:32 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\List of Books to read.doc
[2010/03/22 02:40:16 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Curative Powers reviewed by Jennifer Looyis.doc
[2010/03/18 02:15:36 | 000,022,484 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/17 02:30:31 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\lightning lap times.xls
[2010/03/15 01:02:36 | 000,436,470 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 01:02:35 | 000,069,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 01:02:31 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 18:38:06 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\resume short.doc
[2010/03/12 18:37:38 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\resume fullform.doc
[2010/03/12 18:36:48 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\resume full.doc

========== Files Created - No Company Name ==========

[2010/04/09 01:44:54 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\Subtitle Workshop.lnk
[2010/03/23 04:19:49 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\List of Books to read.doc
[2010/03/22 02:00:30 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\Curative Powers reviewed by Jennifer Looyis.doc
[2010/03/17 02:30:30 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\lightning lap times.xls
[2010/03/12 18:38:06 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\resume short.doc
[2010/03/12 18:37:38 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\resume fullform.doc
[2010/03/12 17:52:53 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\resume full.doc
[2009/11/28 18:22:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\prvlcl.dat
[2009/07/15 01:16:50 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\winscp.rnd
[2009/01/28 03:34:07 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2008/10/08 20:47:12 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 12:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/07/17 02:23:18 | 000,138,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/10 18:24:10 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS
[2008/07/10 18:24:10 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS
[2008/07/10 18:24:10 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS
[2008/07/10 18:24:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/07/04 13:47:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/04 13:46:38 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/03 18:48:39 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/07/03 18:47:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/07/03 18:42:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2008/07/03 18:29:25 | 000,040,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/02/04 20:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/12/07 13:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/01/31 10:50:14 | 000,154,758 | ---- | C] () -- C:\WINDOWS\System32\libpq.dll
[2004/04/27 10:45:24 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\libintl-2.dll
[2004/03/18 19:43:52 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/03/18 19:43:44 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/01/08 23:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/31 19:41:30 | 000,916,849 | ---- | C] () -- C:\WINDOWS\System32\libiconv-2.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2010/04/08 22:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Audacity
[2008/07/04 02:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\COWON
[2009/09/10 22:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\FireShot
[2010/02/24 05:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\foobar2000
[2008/08/27 17:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Free-backup.info
[2009/12/06 04:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\gtk-2.0
[2008/09/04 01:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\InterVideo
[2009/10/29 15:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\IObit
[2008/08/22 21:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Nokia
[2008/07/04 14:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\OfficeUpdate12
[2008/08/22 20:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\PC Suite
[2009/02/04 21:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Publish Providers
[2009/07/12 17:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\SecondLife
[2009/02/05 05:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Sony
[2008/07/25 20:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\SystemRequirementsLab
[2009/09/01 20:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\TELUS
[2008/11/03 19:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\TigerPlayer
[2010/04/02 20:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\uTorrent
[2010/04/05 21:30:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/01/25 01:28:10 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========


< End of report >


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:04 PM

Posted 10 April 2010 - 03:06 AM

Please try to boot in safe mode.

You'll see a list of drivers rolling over the screen. Please let me know what the last one is you see before the BSOD.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 jtl310

jtl310
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 10 April 2010 - 03:09 AM

system\drivers\tiumflt.sys

hope that helps!

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:04 PM

Posted 10 April 2010 - 03:12 AM

Please run the following custom scan:
CODE
/md5start
tiumflt.sys
/md5stop

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users