Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected : Google redirections + ad and search engine popup


  • This topic is locked This topic is locked
26 replies to this topic

#1 Kolqhoz

Kolqhoz

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 17 August 2010 - 06:27 AM

Hi there, I have a problem with my browser (I use opera and firefox). It sometimes redirects to unwanted pages when i hit the google search results and sometimes popup to search engines appear on their own (example : hxxp://fr.gomeo.fr/index.php?keyword=bleeping+computer ) with no results shown. I also have the famous "Your computer is infected !" webpage with the fake scan image ... It's pretty annoying, I already tried MBAM scan, Super antispyware, spybot S&D and still nothing would remove it.

Any help would be appreciated, thanks in advance.

Here come the dds and gmer log files also have hijackthis log if you want.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Paresse Appropri‚e at 13:01:26.87 on Tue 08/17/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1245 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Program Files\Auslogics\Auslogics BoostSpeed\DiskDefrag.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Wireless Vector Mouse\TSR\xDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
D:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
d:\Program Files\Icecast2 Win32\icecastService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\mppspsv.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Paresse Appropriée\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [Auslogics BoostSpeed] d:\program files\auslogics\auslogics boostspeed\boostspeed.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Daemon] c:\program files\hp\hp wireless vector mouse\tsr\xDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: ??? ?? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /SEARCH.HTML
IE: ??? ????? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /BOOKMARK.HTML
IE: ??? ??? ?? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /BLOG.HTML
IE: ??? ?? ?? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /DIC.HTML
IE: ??? ????? ???? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /OPENCAST.HTML
IE: ??? ?? ?? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /JKTRANS.HTML
DPF: {1A65149A-82B3-4633-9E3D-4DC37FB93FB9} - hxxp://www.mintpass.com/sapphire/bin/sapphire.CAB
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38}
DPF: {78730E49-511E-4AE3-8E4F-84E2EA240397} - hxxp://www.mintpass.com/sapphire/bin/sapphire.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxps://members.hangame.com/common/HanSetup1030.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\paress~1\appdata\roaming\mozilla\firefox\profiles\r8hp02zg.default\
FF - component: c:\users\paresse appropriée\appdata\roaming\mozilla\firefox\profiles\r8hp02zg.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\users\paresse appropriée\appdata\roaming\mozilla\firefox\profiles\r8hp02zg.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\users\paresse appropriã©e\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\paresse appropriã©e\appdata\roaming\mozilla\firefox\profiles\r8hp02zg.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: d:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\program files\opera\program\plugins\NPSibelius.dll
FF - plugin: d:\program files\opera\program\plugins\NPSibelius.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
d:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2010-8-15 11608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-2-19 73728]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\avira\antivir desktop\sched.exe [2010-8-15 108289]
R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2010-8-15 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-15 56816]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-7-29 20072]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbguard.exe [2010-4-16 81920]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-5-2 13336]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;d:\program files\icecast2 win32\icecastService.exe [2010-4-8 417792]
R2 Mintpad Service;Mintpad Service;c:\windows\system32\mppspsv.exe [2010-2-21 107384]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbserver.exe [2010-4-16 2736128]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-7-16 21176]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-7-19 259440]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]

=============== Created Last 30 ================

2010-08-17 10:54:04 20 ----a-w- c:\users\paresse appropriée\defogger_reenable
2010-08-17 09:59:14 0 d-----w- c:\program files\DAEMON Tools Toolbar
2010-08-17 09:46:32 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-17 09:40:01 0 d-----w- C:\Device
2010-08-16 07:04:26 0 d-----w- c:\users\paress~1\appdata\roaming\WinPatrol
2010-08-16 07:04:18 0 d-----w- c:\program files\BillP Studios
2010-08-16 06:36:48 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-16 06:36:48 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 06:24:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 06:24:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 06:24:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 17:32:30 0 d-----w- c:\program files\SystemRequirementsLab
2010-08-15 13:30:39 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-15 13:30:38 0 d-----w- c:\programdata\Avira
2010-08-15 11:49:12 98816 ----a-w- c:\windows\sed.exe
2010-08-15 11:49:12 77312 ----a-w- c:\windows\MBR.exe
2010-08-15 11:49:12 256512 ----a-w- c:\windows\PEV.exe
2010-08-15 11:49:12 161792 ----a-w- c:\windows\SWREG.exe
2010-08-15 10:45:35 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-15 10:38:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-13 10:25:04 0 d-----w- c:\program files\HP
2010-08-11 12:09:05 0 d-----w- c:\programdata\TmForever
2010-08-08 10:24:10 0 d-----w- c:\program files\MSXML 4.0
2010-08-05 08:56:40 0 d-----w- c:\program files\Sunbelt Software
2010-08-05 08:55:17 0 d-----w- c:\programdata\Sunbelt
2010-08-05 08:47:52 81984 ----a-w- c:\windows\system32\bdod.bin
2010-08-05 08:28:02 0 d-----w- c:\program files\common files\Softwin
2010-07-30 17:53:06 14604 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-07-29 12:07:03 797216 ----a-w- c:\windows\system32\nvcplui.exe
2010-07-29 12:07:03 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2010-07-29 12:07:03 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-07-29 11:38:39 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-29 11:07:09 20072 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2010-07-29 09:50:03 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-29 09:50:03 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-29 09:50:03 0 d-----w- c:\program files\OpenAL
2010-07-29 09:24:09 0 d-----w- c:\program files\common files\Futuremark Shared
2010-07-28 11:48:41 0 d-----w- c:\programdata\FLEXnet
2010-07-28 11:48:38 0 d-----w- c:\users\paress~1\appdata\roaming\No Company Name
2010-07-28 11:41:10 1364 ----a-w- c:\windows\system32\drivers\hosts
2010-07-28 11:23:56 0 d-----w- c:\programdata\eSellerate
2010-07-28 11:23:55 0 d-----w- c:\programdata\SmartSound Software Inc
2010-07-28 11:23:46 0 d-----w- c:\program files\SmartSound Software
2010-07-28 11:22:30 0 d-----w- c:\program files\common files\Macrovision Shared
2010-07-28 11:08:49 0 d-----w- c:\program files\Windows Installer Clean Up
2010-07-28 11:08:10 0 d-----w- c:\program files\MSECACHE
2010-07-21 22:20:30 52 ----a-w- c:\windows\system32\ashttpstats.csv
2010-07-21 19:23:18 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-07-21 19:00:07 385 ----a-w- c:\windows\system32\user_gensett.xml
2010-07-21 18:47:26 0 d-----w- c:\program files\common files\BitDefender
2010-07-21 17:57:43 0 d-----w- C:\ToolBar SD
2010-07-20 20:20:24 0 d-----w- c:\users\paress~1\appdata\roaming\Malwarebytes
2010-07-20 20:20:09 0 d-----w- c:\programdata\Malwarebytes
2010-07-19 17:29:29 0 d-----w- c:\programdata\Trymedia
2010-07-19 14:54:52 0 d-----w- c:\users\paress~1\appdata\roaming\649EDB46F980E6973A8464ED21CD6C91

==================== Find3M ====================

2010-08-17 10:54:41 2621440 ----a-w- c:\users\paresse appropriée\NTUSER.DAT
2010-08-17 09:59:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-06 10:58:46 21176 ----a-w- c:\windows\system32\JRSKD24.SYS
2010-08-06 10:58:46 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-07-21 18:36:54 173648 ----a-w- c:\windows\system32\drivers\rdyboost.sys
2010-07-16 11:32:23 677176 ----a-w- c:\windows\system32\CKSetup32.exe
2010-07-16 11:32:23 124216 ----a-r- c:\windows\system32\CKAgent.exe
2010-07-15 01:54:24 542096 ----a-w- c:\windows\system32\NJUninst.exe
2010-06-22 13:52:47 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-22 13:52:47 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-20 17:21:28 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-06 12:31:12 34155 ----a-w- c:\windows\DIIUnin.dat
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-19 17:49:22 249856 ------w- c:\windows\Setup1.exe
2010-05-19 17:49:21 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-02-20 09:10:39 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:02:19.84 ===============

Attached Files


Edited by Orange Blossom, 18 August 2010 - 12:01 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:54 PM

Posted 24 August 2010 - 08:01 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 Kolqhoz

Kolqhoz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 25 August 2010 - 08:01 PM

Hi, I guess it's my turn to apologize for the delay ^^

I couldn't fix the problem by myself for now but I did some things I detail further in the post (after the dds log in fact).

As requested here is the new DDS log file and the gmer/attach files :


DDS (Ver_10-03-17.01) - NTFSx86
Run by Paresse Appropri‚e at 2:42:01.82 on Thu 08/26/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1250 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Auslogics\Auslogics BoostSpeed\DiskDefrag.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\HP\HP Wireless Vector Mouse\TSR\xDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
d:\Program Files\Icecast2 Win32\icecastService.exe
C:\Windows\system32\mppspsv.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Paresse Appropriée\Desktop\gmer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Paresse Appropriée\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [Auslogics BoostSpeed] d:\program files\auslogics\auslogics boostspeed\boostspeed.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Daemon] c:\program files\hp\hp wireless vector mouse\tsr\xDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RivaTunerStartupDaemon] "d:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /S
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: ??? ?? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /SEARCH.HTML
IE: ??? ????? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /BOOKMARK.HTML
IE: ??? ??? ?? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /BLOG.HTML
IE: ??? ?? ?? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /DIC.HTML
IE: ??? ????? ???? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /OPENCAST.HTML
IE: ??? ?? ?? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /JKTRANS.HTML
DPF: {1A65149A-82B3-4633-9E3D-4DC37FB93FB9} - hxxp://www.mintpass.com/sapphire/bin/sapphire.CAB
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38}
DPF: {78730E49-511E-4AE3-8E4F-84E2EA240397} - hxxp://www.mintpass.com/sapphire/bin/sapphire.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxps://members.hangame.com/common/HanSetup1030.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\paress~1\appdata\roaming\mozilla\firefox\profiles\r8hp02zg.default\
FF - prefs.js: browser.search.selectedEngine - WR English-French
FF - component: c:\users\paresse appropriée\appdata\roaming\mozilla\firefox\profiles\r8hp02zg.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\users\paresse appropriée\appdata\roaming\mozilla\firefox\profiles\r8hp02zg.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\users\paresse appropriã©e\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\paresse appropriã©e\appdata\roaming\mozilla\firefox\profiles\r8hp02zg.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: d:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\program files\opera\program\plugins\NPSibelius.dll
FF - plugin: d:\program files\opera\program\plugins\NPSibelius.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: d:\program files\videolan2\vlc\npvlc.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
d:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2010-8-15 11608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-2-19 73728]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\avira\antivir desktop\sched.exe [2010-8-15 108289]
R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2010-8-15 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-15 56816]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-7-29 20072]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbguard.exe [2010-4-16 81920]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;d:\program files\icecast2 win32\icecastService.exe [2010-4-8 417792]
R2 Mintpad Service;Mintpad Service;c:\windows\system32\mppspsv.exe [2010-2-21 107384]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbserver.exe [2010-4-16 2736128]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-5-31 6638080]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-5-2 13336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-7-16 21176]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-7-19 259440]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]

=============== Created Last 30 ================

2010-08-23 17:49:31 0 d-----w- c:\users\paresse appropriée\Tracing
2010-08-23 17:45:41 0 d-----w- c:\windows\PCHEALTH
2010-08-23 17:43:48 3181568 ----a-w- c:\windows\system32\mf.dll
2010-08-23 17:43:48 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-08-23 17:43:47 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-08-23 17:42:18 0 d-----w- c:\program files\common files\Windows Live
2010-08-17 20:12:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-08-17 20:12:01 0 d-----w- c:\program files\Synaptics
2010-08-17 20:11:45 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2010-08-17 20:11:44 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2010-08-17 20:11:44 193456 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-08-17 20:11:44 163840 ----a-w- c:\windows\system32\SynCOM.dll
2010-08-17 20:11:44 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-08-17 20:11:44 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-08-17 20:11:42 0 d-----w- C:\dell
2010-08-17 10:54:04 40 ----a-w- c:\users\paresse appropriée\defogger_reenable
2010-08-17 09:59:14 0 d-----w- c:\program files\DAEMON Tools Toolbar
2010-08-17 09:46:32 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-17 09:40:01 0 d-----w- C:\Device
2010-08-16 07:04:26 0 d-----w- c:\users\paress~1\appdata\roaming\WinPatrol
2010-08-16 07:04:18 0 d-----w- c:\program files\BillP Studios
2010-08-16 06:36:48 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-16 06:36:48 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 06:24:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 06:24:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 06:24:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 17:32:30 0 d-----w- c:\program files\SystemRequirementsLab
2010-08-15 13:30:39 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-15 13:30:38 0 d-----w- c:\programdata\Avira
2010-08-15 11:49:12 98816 ----a-w- c:\windows\sed.exe
2010-08-15 11:49:12 77312 ----a-w- c:\windows\MBR.exe
2010-08-15 11:49:12 256512 ----a-w- c:\windows\PEV.exe
2010-08-15 11:49:12 161792 ----a-w- c:\windows\SWREG.exe
2010-08-15 10:45:35 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-15 10:38:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-13 10:25:04 0 d-----w- c:\program files\HP
2010-08-11 12:09:05 0 d-----w- c:\programdata\TmForever
2010-08-10 17:44:38 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-08-08 10:24:10 0 d-----w- c:\program files\MSXML 4.0
2010-08-05 08:56:40 0 d-----w- c:\program files\Sunbelt Software
2010-08-05 08:55:17 0 d-----w- c:\programdata\Sunbelt
2010-08-05 08:47:52 81984 ----a-w- c:\windows\system32\bdod.bin
2010-08-05 08:28:02 0 d-----w- c:\program files\common files\Softwin
2010-07-30 17:53:06 14604 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-07-29 19:39:20 209280 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-07-29 12:07:03 797216 ----a-w- c:\windows\system32\nvcplui.exe
2010-07-29 12:07:03 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2010-07-29 12:07:03 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-07-29 11:38:39 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-29 11:07:09 20072 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2010-07-29 09:50:03 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-29 09:50:03 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-29 09:50:03 0 d-----w- c:\program files\OpenAL
2010-07-29 09:24:09 0 d-----w- c:\program files\common files\Futuremark Shared
2010-07-28 11:48:41 0 d-----w- c:\programdata\FLEXnet
2010-07-28 11:48:38 0 d-----w- c:\users\paress~1\appdata\roaming\No Company Name
2010-07-28 11:41:10 1364 ----a-w- c:\windows\system32\drivers\hosts
2010-07-28 11:23:56 0 d-----w- c:\programdata\eSellerate
2010-07-28 11:23:55 0 d-----w- c:\programdata\SmartSound Software Inc
2010-07-28 11:23:46 0 d-----w- c:\program files\SmartSound Software
2010-07-28 11:22:30 0 d-----w- c:\program files\common files\Macrovision Shared
2010-07-28 11:08:49 0 d-----w- c:\program files\Windows Installer Clean Up
2010-07-28 11:08:10 0 d-----w- c:\program files\MSECACHE

==================== Find3M ====================

2010-08-26 00:40:36 2621440 ----a-w- c:\users\paresse appropriée\NTUSER.DAT
2010-08-18 10:59:30 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-06 10:58:46 21176 ----a-w- c:\windows\system32\JRSKD24.SYS
2010-08-06 10:58:46 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-07-21 18:36:54 173648 ----a-w- c:\windows\system32\drivers\rdyboost.sys
2010-07-16 11:32:23 677176 ----a-w- c:\windows\system32\CKSetup32.exe
2010-07-16 11:32:23 124216 ----a-r- c:\windows\system32\CKAgent.exe
2010-07-15 01:54:24 542096 ----a-w- c:\windows\system32\NJUninst.exe
2010-06-20 17:21:28 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-06 12:31:12 34155 ----a-w- c:\windows\DIIUnin.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-02-20 09:10:39 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 2:43:54.58 =============

My problem didn't change since the last time, when I'm surfing on the Internet (I use mozilla firefox) once in a while a tab would open and redirect me to a custom, suspicious search engine and run a search using terms I just searched on google. Usually no results appear on this page so i cannot click any URL or download any program.

I also heard there was an issue with a java script located on x:\program files\mozilla firefox\extensions\{letters-numbers-numbers-numbers-letters}\chrome\content\a_directory_name\a_file_name.xul (mine is named ffjcext.xul) and I followed instructions on the Internet saying I shall replace the *.XUL file by a dummy XUL file and it indeed lowered the rate and the numbers of popup tabs.

Hope you can help me, Thanks in advance.

Attached Files


Edited by Kolqhoz, 25 August 2010 - 08:01 PM.


#4 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:54 AM

Posted 26 August 2010 - 06:53 AM

Hello Kolqhoz

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains.

If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Again, keep in mind that it may take a couple of days or more before I can reply but once we get started the process should speed up.

Thank you for your patience!!


PW

#5 Kolqhoz

Kolqhoz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 26 August 2010 - 06:57 PM

Hi pwgib an thank you for examining my logs. Don't hesitate to tell it to me if I do anything wrong, I am aware the forum is very busy and I would like my post to be as debugger/antimalware friendly as possible smile.gif

Thanks in advance for the work you do.

#6 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:54 AM

Posted 27 August 2010 - 10:44 AM

Hello Kolqhoz ,

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still wish to proceed with the cleaning process please do the following

======================

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes on copyright laws in many countries over the world and you are putting yourself at risk of of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

If you decide to keep this program please refrain from using it until we get your computer clean.

Step 1.

I see you have Combofix installed. You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

I need to see latest Combofix and Qoobox logs

If you do not have ComboFix.txt on your desktop please navigate to C:\ComboFix.txt and post the report in your next reply.

Next,
  • Click on Start, then Run.
  • Copy and Paste the green bold text below in to the Run Box:
cmd /c dir /a /s C:\QooBox >log.txt&start log.txt
  • Then click on OK.
  • A Text File will open up, please Copy and Paste the contents in your next reply.
Step 2.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3.

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Step 4.
  1. Please download mbrcheck from Here
  2. Save that file to your desktop and double click on it to run it.
  3. It will show a Black screen with some data on it then hit any key to continue.
  4. Once it finishes there will be a log produced on your desktop that is labeled mbrcheck*.txt (where the * is date)
  5. Please post the contents of that log in your next reply.
In your next reply please include the following:

TDSSKiller log
ComboFix.txt
Qoobox.txt
RKUnHooker report
MbrCheck.txt


How is your computer running? Any redirects or popups?

Thanks!!
PW

#7 Kolqhoz

Kolqhoz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 28 August 2010 - 05:44 AM

Here is the combofix log you requested.


Unfortunately I couldn't find Qoobox.txt file and the command line you asked me to put in the run box led to an error : "couldn't find log.txt" and closed command prompt.

EDIT : to answer your question for now I didn't get any popups or redirections with mozilla firefox open in background for approximately 2 hours and a half


ComboFix 10-08-16.03 - Paresse Appropriée 08/17/2010 11:28:57.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1285 [GMT 2:00]
Running from: c:\users\Paresse Appropriée\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Naver
c:\program files\Naver\NaverCommon\msvcp71.dll
c:\program files\Naver\NaverCommon\msvcr71.dll
c:\program files\Naver\NaverCommon\NaverAdminAPISvc.exe
c:\program files\Naver\NaverCommon\NaverAdminAPIUpgrader.exe
c:\program files\Naver\NaverCommon\NaverAdminProc.dll
c:\program files\Naver\NaverCommon\NaverAgent\Inst.ini
c:\program files\Naver\NaverCommon\NaverAgent\NaverAdminAPI.dll
c:\program files\Naver\NaverCommon\NaverAgent\NaverAdminAPI.exe
c:\program files\Naver\NaverCommon\NaverAgent\NaverAgent.exe
c:\program files\Naver\NaverCommon\NaverAgent\Uninst_Agent.exe
c:\program files\Naver\NaverCommon\Uninstall.exe
c:\program files\Naver\NaverToolbar\DB_1_7.DAT
c:\program files\Naver\NaverToolbar\fixIE.exe
c:\program files\Naver\NaverToolbar\hangametetris\7souls.ico
c:\program files\Naver\NaverToolbar\hangametetris\blog.ico
c:\program files\Naver\NaverToolbar\hangametetris\bookmark.ico
c:\program files\Naver\NaverToolbar\hangametetris\bookmark.JPG
c:\program files\Naver\NaverToolbar\hangametetris\bout.ico
c:\program files\Naver\NaverToolbar\hangametetris\c9.ico
c:\program files\Naver\NaverToolbar\hangametetris\capturebrowser.ico
c:\program files\Naver\NaverToolbar\hangametetris\capturebrowser.jpg
c:\program files\Naver\NaverToolbar\hangametetris\cleaninternet.ico
c:\program files\Naver\NaverToolbar\hangametetris\cleaninternet.jpg
c:\program files\Naver\NaverToolbar\hangametetris\clinic.ico
c:\program files\Naver\NaverToolbar\hangametetris\config.ico
c:\program files\Naver\NaverToolbar\hangametetris\dic.ico
c:\program files\Naver\NaverToolbar\hangametetris\double.ico
c:\program files\Naver\NaverToolbar\hangametetris\flashgame.ico
c:\program files\Naver\NaverToolbar\hangametetris\gamepack.ico
c:\program files\Naver\NaverToolbar\hangametetris\gametalk.ico
c:\program files\Naver\NaverToolbar\hangametetris\gametalk.jpg
c:\program files\Naver\NaverToolbar\hangametetris\gmahjong.ico
c:\program files\Naver\NaverToolbar\hangametetris\golf.ico
c:\program files\Naver\NaverToolbar\hangametetris\gunster.ico
c:\program files\Naver\NaverToolbar\hangametetris\gzs.ico
c:\program files\Naver\NaverToolbar\hangametetris\hangamebi.ico
c:\program files\Naver\NaverToolbar\hangametetris\hon.ico
c:\program files\Naver\NaverToolbar\hangametetris\lasvagas.ico
c:\program files\Naver\NaverToolbar\hangametetris\login.ico
c:\program files\Naver\NaverToolbar\hangametetris\logo.bmp
c:\program files\Naver\NaverToolbar\hangametetris\logout.ico
c:\program files\Naver\NaverToolbar\hangametetris\magu.ico
c:\program files\Naver\NaverToolbar\hangametetris\mhf.ico
c:\program files\Naver\NaverToolbar\hangametetris\move.ico
c:\program files\Naver\NaverToolbar\hangametetris\msduelgo.ico
c:\program files\Naver\NaverToolbar\hangametetris\myblog.ico
c:\program files\Naver\NaverToolbar\hangametetris\new.ico
c:\program files\Naver\NaverToolbar\hangametetris\newgostop.ico
c:\program files\Naver\NaverToolbar\hangametetris\opencast.ico
c:\program files\Naver\NaverToolbar\hangametetris\opencast.jpg
c:\program files\Naver\NaverToolbar\hangametetris\pcclinic.jpg
c:\program files\Naver\NaverToolbar\hangametetris\Popojoy.ico
c:\program files\Naver\NaverToolbar\hangametetris\popup.ico
c:\program files\Naver\NaverToolbar\hangametetris\popup2.ico
c:\program files\Naver\NaverToolbar\hangametetris\r2.ico
c:\program files\Naver\NaverToolbar\hangametetris\real.ico
c:\program files\Naver\NaverToolbar\hangametetris\search.ico
c:\program files\Naver\NaverToolbar\hangametetris\seven.ico
c:\program files\Naver\NaverToolbar\hangametetris\shortadr.ico
c:\program files\Naver\NaverToolbar\hangametetris\shotcut.ico
c:\program files\Naver\NaverToolbar\hangametetris\solitaire.ico
c:\program files\Naver\NaverToolbar\hangametetris\TalesRunner.ico
c:\program files\Naver\NaverToolbar\hangametetris\tetris.ico
c:\program files\Naver\NaverToolbar\hangametetris\theme.xml
c:\program files\Naver\NaverToolbar\hangametetris\toolbarcleaner.ico
c:\program files\Naver\NaverToolbar\hangametetris\toolbarcleaner.jpg
c:\program files\Naver\NaverToolbar\hangametetris\transjapan.ico
c:\program files\Naver\NaverToolbar\hangametetris\virus.ico
c:\program files\Naver\NaverToolbar\hangametetris\yut.ico
c:\program files\Naver\NaverToolbar\hangametetris\z9.ico
c:\program files\Naver\NaverToolbar\hangametetris\zoom.ico
c:\program files\Naver\NaverToolbar\InstlInfo.ini
c:\program files\Naver\NaverToolbar\juniver\artist.ico
c:\program files\Naver\NaverToolbar\juniver\babystudy.ico
c:\program files\Naver\NaverToolbar\juniver\blog.ico
c:\program files\Naver\NaverToolbar\juniver\bookmark.ico
c:\program files\Naver\NaverToolbar\juniver\bookmark.JPG
c:\program files\Naver\NaverToolbar\juniver\capturebrowser.ico
c:\program files\Naver\NaverToolbar\juniver\capturebrowser.jpg
c:\program files\Naver\NaverToolbar\juniver\cleaninternet.ico
c:\program files\Naver\NaverToolbar\juniver\cleaninternet.jpg
c:\program files\Naver\NaverToolbar\juniver\clinic.ico
c:\program files\Naver\NaverToolbar\juniver\comic.ico
c:\program files\Naver\NaverToolbar\juniver\config.ico
c:\program files\Naver\NaverToolbar\juniver\dic.ico
c:\program files\Naver\NaverToolbar\juniver\dongwha.ico
c:\program files\Naver\NaverToolbar\juniver\farm_01.ico
c:\program files\Naver\NaverToolbar\juniver\farm_02.ico
c:\program files\Naver\NaverToolbar\juniver\flash.ico
c:\program files\Naver\NaverToolbar\juniver\gabe.ico
c:\program files\Naver\NaverToolbar\juniver\gallery.ico
c:\program files\Naver\NaverToolbar\juniver\game.ico
c:\program files\Naver\NaverToolbar\juniver\gametalk.ico
c:\program files\Naver\NaverToolbar\juniver\gametalk.jpg
c:\program files\Naver\NaverToolbar\juniver\homework.ico
c:\program files\Naver\NaverToolbar\juniver\jr.ico
c:\program files\Naver\NaverToolbar\juniver\kidsong.ico
c:\program files\Naver\NaverToolbar\juniver\login.ico
c:\program files\Naver\NaverToolbar\juniver\logo.bmp
c:\program files\Naver\NaverToolbar\juniver\logout.ico
c:\program files\Naver\NaverToolbar\juniver\move.ico
c:\program files\Naver\NaverToolbar\juniver\opencast.ico
c:\program files\Naver\NaverToolbar\juniver\opencast.jpg
c:\program files\Naver\NaverToolbar\juniver\panyroom.ico
c:\program files\Naver\NaverToolbar\juniver\parents.ico
c:\program files\Naver\NaverToolbar\juniver\pcclinic.jpg
c:\program files\Naver\NaverToolbar\juniver\popup.ico
c:\program files\Naver\NaverToolbar\juniver\popup2.ico
c:\program files\Naver\NaverToolbar\juniver\real.ico
c:\program files\Naver\NaverToolbar\juniver\search.ico
c:\program files\Naver\NaverToolbar\juniver\shotcut.ico
c:\program files\Naver\NaverToolbar\juniver\theme.xml
c:\program files\Naver\NaverToolbar\juniver\toolbarcleaner.ico
c:\program files\Naver\NaverToolbar\juniver\toolbarcleaner.jpg
c:\program files\Naver\NaverToolbar\juniver\transjapan.ico
c:\program files\Naver\NaverToolbar\juniver\tv.ico
c:\program files\Naver\NaverToolbar\juniver\virus.ico
c:\program files\Naver\NaverToolbar\juniver\zoom.ico
c:\program files\Naver\NaverToolbar\naver\blog.ico
c:\program files\Naver\NaverToolbar\naver\bookmark.ico
c:\program files\Naver\NaverToolbar\naver\bookmark.JPG
c:\program files\Naver\NaverToolbar\naver\capturebrowser.ico
c:\program files\Naver\NaverToolbar\naver\capturebrowser.jpg
c:\program files\Naver\NaverToolbar\naver\cleaninternet.ico
c:\program files\Naver\NaverToolbar\naver\cleaninternet.jpg
c:\program files\Naver\NaverToolbar\naver\clinic.ico
c:\program files\Naver\NaverToolbar\naver\config.ico
c:\program files\Naver\NaverToolbar\naver\dic.ico
c:\program files\Naver\NaverToolbar\naver\gametalk.ico
c:\program files\Naver\NaverToolbar\naver\gametalk.jpg
c:\program files\Naver\NaverToolbar\naver\login.ico
c:\program files\Naver\NaverToolbar\naver\logo.bmp
c:\program files\Naver\NaverToolbar\naver\logout.ico
c:\program files\Naver\NaverToolbar\naver\move.ico
c:\program files\Naver\NaverToolbar\naver\naver.ico
c:\program files\Naver\NaverToolbar\naver\opencast.ico
c:\program files\Naver\NaverToolbar\naver\opencast.jpg
c:\program files\Naver\NaverToolbar\naver\pcclinic.jpg
c:\program files\Naver\NaverToolbar\naver\popup.ico
c:\program files\Naver\NaverToolbar\naver\popup2.ico
c:\program files\Naver\NaverToolbar\naver\real.ico
c:\program files\Naver\NaverToolbar\naver\search.ico
c:\program files\Naver\NaverToolbar\naver\shotcut.ico
c:\program files\Naver\NaverToolbar\naver\theme.xml
c:\program files\Naver\NaverToolbar\naver\toolbarcleaner.ico
c:\program files\Naver\NaverToolbar\naver\toolbarcleaner.jpg
c:\program files\Naver\NaverToolbar\naver\transjapan.ico
c:\program files\Naver\NaverToolbar\naver\virus.ico
c:\program files\Naver\NaverToolbar\naver\zoom.ico
c:\program files\Naver\NaverToolbar\NaverAdminAPI.dll
c:\program files\Naver\NaverToolbar\NaverAdminAPI.exe
c:\program files\Naver\NaverToolbar\NaverTB_3_5_3_40.dll
c:\program files\Naver\NaverToolbar\NTC_1_0_0_5.exe
c:\program files\Naver\NaverToolbar\PostInst.exe
c:\program files\Naver\NaverToolbar\SearchEngines\bing_com.xml
c:\program files\Naver\NaverToolbar\SearchEngines\daum_net.xml
c:\program files\Naver\NaverToolbar\SearchEngines\nate_com.xml
c:\program files\Naver\NaverToolbar\SearchEngines\naver_com.xml
c:\program files\Naver\NaverToolbar\SearchEngines\paran_com.xml
c:\program files\Naver\NaverToolbar\SearchEngines\yahoo_com.xml
c:\program files\Naver\NaverToolbar\TBInfo.ini
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\st325614.dll

c:\windows\system32\drivers\mountmgr.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Naver Updater
-------\Service_Naver Updater


((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-17 09:40 . 2010-08-17 09:40 -------- d-----w- C:\Device
2010-08-17 09:39 . 2010-08-17 09:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-16 07:04 . 2010-08-16 07:04 -------- d-----w- c:\program files\BillP Studios
2010-08-16 06:36 . 2010-08-16 08:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 06:36 . 2010-08-16 08:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-16 06:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 06:24 . 2010-08-16 06:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 06:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-15 17:32 . 2010-08-15 17:32 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-15 13:30 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-15 13:30 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-15 13:30 . 2010-08-15 13:30 -------- d-----w- c:\programdata\Avira
2010-08-15 10:45 . 2010-08-15 10:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-15 10:41 . 2010-08-15 10:41 -------- d-----w- c:\program files\Common Files\Java
2010-08-15 10:38 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-13 10:25 . 2010-08-13 10:25 -------- d-----w- c:\program files\HP
2010-08-11 12:09 . 2010-08-11 12:30 -------- d-----w- c:\programdata\TmForever
2010-08-08 10:24 . 2010-08-08 10:24 -------- d-----w- c:\program files\MSXML 4.0
2010-08-05 08:56 . 2010-08-05 08:56 -------- d-----w- c:\program files\Sunbelt Software
2010-08-05 08:55 . 2010-08-05 08:55 -------- d-----w- c:\programdata\Sunbelt
2010-08-05 08:47 . 2010-08-05 09:01 81984 ----a-w- c:\windows\system32\bdod.bin
2010-08-05 08:28 . 2010-08-05 09:02 -------- d-----w- c:\program files\Common Files\Softwin
2010-07-30 17:53 . 2003-08-11 08:07 14604 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-07-29 12:07 . 2009-01-30 07:12 797216 ----a-w- c:\windows\system32\nvcplui.exe
2010-07-29 12:07 . 2009-01-30 07:12 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-07-29 11:38 . 2009-11-21 02:34 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-29 11:07 . 2010-05-11 10:00 20072 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2010-07-29 09:50 . 2010-07-29 09:50 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-29 09:50 . 2010-07-29 09:50 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-29 09:50 . 2010-07-29 09:50 -------- d-----w- c:\program files\OpenAL
2010-07-29 09:24 . 2010-07-29 09:24 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-07-28 11:48 . 2010-07-28 11:52 -------- d-----w- c:\programdata\FLEXnet
2010-07-28 11:23 . 2010-07-28 11:23 -------- d-----w- c:\programdata\eSellerate
2010-07-28 11:23 . 2010-07-28 11:24 -------- d-----w- c:\programdata\SmartSound Software Inc
2010-07-28 11:23 . 2010-07-28 11:23 -------- d-----w- c:\program files\SmartSound Software
2010-07-28 11:22 . 2010-07-28 11:22 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-28 11:08 . 2010-07-28 11:08 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-07-28 11:08 . 2010-07-28 11:08 -------- d-----w- c:\program files\MSECACHE
2010-07-28 09:21 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-07-28 09:21 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-07-28 09:21 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-07-21 19:23 . 2010-07-21 19:24 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-07-21 18:47 . 2010-08-05 08:30 -------- d-----w- c:\program files\Common Files\BitDefender
2010-07-21 17:57 . 2010-07-21 17:57 -------- d-----w- C:\ToolBar SD
2010-07-20 20:20 . 2010-07-20 20:20 -------- d-----w- c:\programdata\Malwarebytes
2010-07-19 17:29 . 2010-07-19 17:29 -------- d-----w- c:\programdata\Trymedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 15:03 . 2010-02-24 20:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-15 10:41 . 2010-02-20 09:14 -------- d-----w- c:\program files\Java
2010-08-13 10:24 . 2010-02-19 10:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-06 10:58 . 2010-07-16 11:32 21176 ----a-w- c:\windows\system32\JRSKD24.SYS
2010-08-06 10:58 . 2010-07-16 11:32 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-07-30 16:45 . 2010-05-01 22:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-30 16:45 . 2010-04-03 11:02 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-29 16:51 . 2010-02-27 22:40 -------- d-----w- c:\programdata\Soulseek
2010-07-29 14:18 . 2010-02-19 10:41 -------- d-----w- c:\programdata\NVIDIA
2010-07-29 12:07 . 2010-02-19 10:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-29 11:51 . 2010-02-19 12:04 -------- d-----w- c:\programdata\ma-config.com
2010-07-29 11:51 . 2010-02-19 12:04 -------- d-----w- c:\program files\ma-config.com
2010-07-29 11:37 . 2010-02-19 10:40 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-28 11:45 . 2010-07-28 11:41 1364 ----a-w- c:\windows\system32\drivers\hosts
2010-07-21 18:36 . 2009-07-13 23:22 173648 ----a-w- c:\windows\system32\drivers\rdyboost.sys
2010-07-19 17:45 . 2010-04-06 17:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-07-19 17:45 . 2010-04-06 17:17 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-07-19 17:45 . 2010-05-19 08:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-07-19 17:44 . 2010-04-06 17:16 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-17 11:09 . 2010-07-17 11:06 1391104 ----a-w- C:\apploc.msi
2010-07-16 21:43 . 2010-07-16 21:43 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-07-16 11:32 . 2010-07-16 11:32 124216 ----a-r- c:\windows\system32\CKAgent.exe
2010-07-16 11:32 . 2010-07-16 11:32 677176 ----a-w- c:\windows\system32\CKSetup32.exe
2010-07-15 01:54 . 2010-07-15 01:54 542096 ----a-w- c:\windows\system32\NJUninst.exe
2010-07-13 09:38 . 2010-07-01 14:05 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-13 09:38 . 2010-07-01 14:04 -------- d-----w- c:\programdata\DivX
2010-07-13 09:38 . 2010-07-01 14:04 -------- d-----w- c:\program files\DivX
2010-07-12 09:47 . 2010-04-23 08:58 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-07-12 09:47 . 2010-05-01 08:27 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-07-12 09:47 . 2010-06-03 05:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-07-12 09:46 . 2010-06-19 09:09 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-07-10 15:03 . 2010-07-10 14:53 -------- d-----w- c:\program files\Common Files\Steam
2010-06-29 11:03 . 2010-04-23 21:15 -------- d-----w- c:\program files\TI Education
2010-06-25 18:43 . 2010-06-25 18:43 -------- d-----w- c:\programdata\Sports Interactive
2010-06-22 14:18 . 2010-06-22 14:18 -------- d-----w- c:\programdata\Tages
2010-06-22 13:52 . 2010-06-22 13:52 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-22 13:52 . 2010-06-22 13:52 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-20 17:21 . 2010-05-07 09:24 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-20 17:20 . 2010-06-20 17:20 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-06 12:31 . 2010-04-02 08:27 34155 ----a-w- c:\windows\DIIUnin.dat
2010-05-27 07:24 . 2010-06-11 08:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 08:34 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 05:18 . 2010-06-11 08:34 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-19 17:49 . 2010-05-19 17:49 249856 ------w- c:\windows\Setup1.exe
2010-05-19 17:49 . 2010-05-19 17:49 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2006-05-03 09:06 . 2010-07-28 09:21 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2010-07-28 09:21 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2010-07-28 09:21 216064 --sh--r- c:\windows\System32\nbDX.dll
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auslogics BoostSpeed"="d:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe" [2009-11-04 480368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-11-20 87144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Daemon"="c:\program files\HP\HP Wireless Vector Mouse\TSR\xDaemon.exe" [2008-07-18 352256]
"RivaTunerStartupDaemon"="d:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 cpuz130;cpuz130;c:\users\PARESS~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-08-06 21176]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-07-19 259440]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-04-26 3826032]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-08-15 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-05-11 20072]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 Icecast-trunk;Icecast-trunk Streaming Media Server;d:\program files\Icecast2 Win32\icecastService.exe [2008-05-24 417792]
S2 Mintpad Service;Mintpad Service;c:\windows\system32\mppspsv.exe [2010-02-21 107384]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder

2010-08-11 c:\windows\Tasks\Auslogics Console Defragmentation.job
- d:\program files\Auslogics\Auslogics BoostSpeed\cdefrag.exe [2010-02-28 10:08]

2010-08-17 c:\windows\Tasks\Auslogics Disk Defrag Start On Logon.job
- d:\program files\Auslogics\Auslogics BoostSpeed\DiskDefrag.exe [2010-02-28 10:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.naver.com
IE: ??? ?? - c:\program files\naver\NaverToolbar\NaverTB_3_5_3_40.dll /SEARCH.HTML
IE: ??? ????? - c:\program files\naver\NaverToolbar\NaverTB_3_5_3_40.dll /BOOKMARK.HTML
IE: ??? ??? ?? - c:\program files\naver\NaverToolbar\NaverTB_3_5_3_40.dll /BLOG.HTML
IE: ??? ?? ?? - c:\program files\naver\NaverToolbar\NaverTB_3_5_3_40.dll /DIC.HTML
IE: ??? ????? ???? - c:\program files\naver\NaverToolbar\NaverTB_3_5_3_40.dll /OPENCAST.HTML
IE: ??? ?? ?? - c:\program files\naver\NaverToolbar\NaverTB_3_5_3_40.dll /JKTRANS.HTML
DPF: {1A65149A-82B3-4633-9E3D-4DC37FB93FB9} - hxxp://www.mintpass.com/sapphire/bin/sapphire.CAB
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38}
DPF: {78730E49-511E-4AE3-8E4F-84E2EA240397} - hxxp://www.mintpass.com/sapphire/bin/sapphire.CAB
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxps://members.hangame.com/common/HanSetup1030.cab
FF - ProfilePath - c:\users\Paresse Appropriée\AppData\Roaming\Mozilla\Firefox\Profiles\r8hp02zg.default\
FF - component: c:\users\Paresse Appropriée\AppData\Roaming\Mozilla\Firefox\Profiles\r8hp02zg.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: d:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\program files\Opera\program\plugins\NPSibelius.dll
FF - plugin: d:\program files\Opera\program\plugins\NPSibelius.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
AddRemove-NaverUpdater - c:\program files\Naver\NaverCommon\Uninstall.exe
AddRemove-Unofficial Oblivion Patch_is1 - h:\elder scrolls - oblivion\Unofficial Oblivion Patch\unins000.exe



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85B9EEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84ec6140
QueryNameProcedure -> 0x84ec6018
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2919384447-1011665479-2549125033-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{289C46F5-FDC1-7786-7CCB-962A42A6990A}*]
"hakcldkhjdnollme"=hex:6a,61,6d,66,66,63,66,68,63,6a,6a,66,68,61,6f,66,69,6a,
66,64,00,fc
"iamdjabnfolnmkhhli"=hex:63,61,70,66,6b,6b,00,00
"iaadjflgkjmjagcmii"=hex:69,61,67,70,6f,69,6d,65,68,67,61,69,62,6d,64,70,67,68,
00,00
"dbjcncbegaohdhpbafbnpilpdnkeoibchhejdnkj"=hex:68,61,64,6b,63,65,63,67,61,65,
61,63,6a,6a,66,62,00,00
"jbjcncbegaohdhpbafbnoffodpnnajommbbhddfnmngbbimmidib"=hex:68,61,64,6b,63,65,
63,67,61,65,61,63,6a,6a,66,62,00,00
"dbjcncbegaohdhpbafbnigipplnjebokcfnjegpg"=hex:62,61,6b,65,00,00

[HKEY_USERS\S-1-5-21-2919384447-1011665479-2549125033-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:ed,7e,91,9c,73,04,89,2d,0d,76,fa,aa,be,fb,00,78,38,b0,07,39,7a,
f9,af,fd,5d,12,22,63,c2,60,e9,5b,e7,2d,97,4d,b0,4a,69,19,d2,0e,24,35,50,09,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2672)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-08-17 11:47:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-17 09:47

Pre-Run: 14,687,744,000 bytes free
Post-Run: 14,318,501,888 bytes free

- - End Of File - - D2B54062343FC2C462862A1FABCBF94F

Here is the TDSSkiller log as requested :

2010/08/28 12:24:20.0489 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42
2010/08/28 12:24:20.0489 ================================================================================
2010/08/28 12:24:20.0490 SystemInfo:
2010/08/28 12:24:20.0490
2010/08/28 12:24:20.0490 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/28 12:24:20.0490 Product type: Workstation
2010/08/28 12:24:20.0490 ComputerName: PARESSEAPPROPRI
2010/08/28 12:24:20.0492 UserName: Paresse Appropriée
2010/08/28 12:24:20.0492 Windows directory: C:\Windows
2010/08/28 12:24:20.0492 System windows directory: C:\Windows
2010/08/28 12:24:20.0492 Processor architecture: Intel x86
2010/08/28 12:24:20.0492 Number of processors: 2
2010/08/28 12:24:20.0492 Page size: 0x1000
2010/08/28 12:24:20.0492 Boot type: Normal boot
2010/08/28 12:24:20.0492 ================================================================================
2010/08/28 12:24:21.0338 Initialize success
2010/08/28 12:24:24.0539 ================================================================================
2010/08/28 12:24:24.0539 Scan started
2010/08/28 12:24:24.0539 Mode: Manual;
2010/08/28 12:24:24.0539 ================================================================================
2010/08/28 12:24:25.0597 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/28 12:24:25.0661 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/28 12:24:25.0793 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/28 12:24:25.0907 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/28 12:24:26.0031 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/28 12:24:26.0130 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/08/28 12:24:26.0189 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/28 12:24:26.0248 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/08/28 12:24:26.0294 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/28 12:24:26.0341 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/08/28 12:24:26.0376 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/28 12:24:26.0409 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/28 12:24:26.0506 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/28 12:24:26.0551 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/28 12:24:26.0606 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/28 12:24:26.0660 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/28 12:24:26.0748 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/08/28 12:24:26.0837 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/08/28 12:24:26.0910 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/28 12:24:26.0974 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/28 12:24:27.0042 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/28 12:24:27.0117 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2010/08/28 12:24:27.0252 avgio (f1d43170fdd7399ee17ea32d4f868b0c) D:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/08/28 12:24:27.0349 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/08/28 12:24:27.0417 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys
2010/08/28 12:24:27.0518 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/08/28 12:24:27.0598 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/28 12:24:27.0661 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2010/08/28 12:24:27.0847 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/08/28 12:24:27.0907 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/28 12:24:27.0963 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/28 12:24:28.0002 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/28 12:24:28.0067 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/28 12:24:28.0132 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/08/28 12:24:28.0231 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/28 12:24:28.0287 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/28 12:24:28.0343 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/28 12:24:28.0402 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/28 12:24:28.0662 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/28 12:24:28.0726 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/28 12:24:28.0798 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/28 12:24:28.0874 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/08/28 12:24:28.0935 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/28 12:24:28.0969 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/28 12:24:29.0013 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/08/28 12:24:29.0101 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/28 12:24:29.0189 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/28 12:24:29.0427 cpuz133 (743c403d20a89db5ed84c874768b7119) C:\Windows\system32\drivers\cpuz133_x32.sys
2010/08/28 12:24:29.0498 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/28 12:24:29.0581 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/08/28 12:24:29.0774 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/08/28 12:24:29.0840 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/08/28 12:24:29.0874 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/08/28 12:24:30.0004 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
2010/08/28 12:24:30.0123 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/08/28 12:24:30.0224 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/28 12:24:30.0423 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/08/28 12:24:30.0756 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/08/28 12:24:30.0846 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/28 12:24:30.0954 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/28 12:24:31.0046 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/08/28 12:24:31.0126 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/08/28 12:24:31.0219 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/28 12:24:31.0309 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/08/28 12:24:31.0367 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/08/28 12:24:31.0457 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/28 12:24:31.0538 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/08/28 12:24:31.0617 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/08/28 12:24:31.0689 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/28 12:24:31.0740 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/28 12:24:31.0796 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/28 12:24:31.0863 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/28 12:24:31.0927 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/08/28 12:24:32.0003 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/28 12:24:32.0041 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/28 12:24:32.0078 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/28 12:24:32.0133 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/28 12:24:32.0198 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/28 12:24:32.0265 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/28 12:24:32.0336 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/08/28 12:24:32.0409 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/28 12:24:32.0486 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/28 12:24:32.0570 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
2010/08/28 12:24:32.0641 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/28 12:24:32.0709 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/28 12:24:32.0844 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/28 12:24:32.0908 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/28 12:24:32.0975 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/28 12:24:33.0028 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/28 12:24:33.0101 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/08/28 12:24:33.0141 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/08/28 12:24:33.0195 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/28 12:24:33.0276 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/28 12:24:33.0406 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/28 12:24:33.0466 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/28 12:24:33.0531 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/28 12:24:33.0600 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/28 12:24:33.0715 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2010/08/28 12:24:33.0774 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/28 12:24:33.0869 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/28 12:24:33.0927 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/28 12:24:33.0997 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/28 12:24:34.0076 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/28 12:24:34.0145 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/08/28 12:24:34.0238 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/28 12:24:34.0313 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/28 12:24:34.0423 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/08/28 12:24:34.0458 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/28 12:24:34.0495 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/28 12:24:34.0541 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/28 12:24:34.0608 mountmgr (e93f7180238144bf1d18a0a835495d3c) C:\Windows\system32\drivers\mountmgr.sys
2010/08/28 12:24:34.0615 Suspicious file (Forged): C:\Windows\system32\drivers\mountmgr.sys. Real md5: e93f7180238144bf1d18a0a835495d3c, Fake md5: 1a3c17e6a5baf17ba9fe3d26ef42230f
2010/08/28 12:24:34.0625 mountmgr - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/28 12:24:34.0678 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/28 12:24:34.0745 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/28 12:24:34.0832 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/08/28 12:24:34.0915 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/28 12:24:34.0983 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/28 12:24:35.0043 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/28 12:24:35.0095 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/28 12:24:35.0141 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/28 12:24:35.0204 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/08/28 12:24:35.0237 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/28 12:24:35.0272 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/28 12:24:35.0331 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/28 12:24:35.0368 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/28 12:24:35.0409 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/08/28 12:24:35.0463 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/08/28 12:24:35.0544 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/28 12:24:35.0590 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/08/28 12:24:35.0640 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/28 12:24:35.0714 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/08/28 12:24:35.0781 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/28 12:24:35.0892 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/08/28 12:24:35.0939 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/28 12:24:36.0003 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/28 12:24:36.0037 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/28 12:24:36.0109 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/28 12:24:36.0193 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/08/28 12:24:36.0267 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/28 12:24:36.0318 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/28 12:24:36.0418 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys
2010/08/28 12:24:36.0611 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/08/28 12:24:37.0008 netw5v32 (72466acb50784545689ead2473003cb5) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/08/28 12:24:37.0365 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/28 12:24:37.0424 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/08/28 12:24:37.0532 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/28 12:24:37.0641 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/08/28 12:24:37.0778 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/08/28 12:24:38.0217 nvlddmkm (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/28 12:24:38.0717 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/28 12:24:38.0788 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/28 12:24:38.0878 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/28 12:24:38.0962 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2010/08/28 12:24:39.0041 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2010/08/28 12:24:39.0100 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/28 12:24:39.0184 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/08/28 12:24:39.0252 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/08/28 12:24:39.0335 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/08/28 12:24:39.0412 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/08/28 12:24:39.0451 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/28 12:24:39.0506 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/28 12:24:39.0552 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/08/28 12:24:39.0603 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/08/28 12:24:39.0795 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\Windows\system32\drivers\pfc.sys
2010/08/28 12:24:39.0942 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/28 12:24:40.0009 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/08/28 12:24:40.0104 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/28 12:24:40.0210 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/28 12:24:40.0387 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/28 12:24:40.0475 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/28 12:24:40.0544 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/28 12:24:40.0610 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/28 12:24:40.0661 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/28 12:24:40.0728 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/28 12:24:40.0765 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/28 12:24:40.0810 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/28 12:24:40.0917 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/28 12:24:40.0985 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/28 12:24:41.0081 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/08/28 12:24:41.0147 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/28 12:24:41.0197 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/28 12:24:41.0243 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/08/28 12:24:41.0313 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/08/28 12:24:41.0461 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/08/28 12:24:41.0535 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/08/28 12:24:41.0590 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/08/28 12:24:41.0706 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) d:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
2010/08/28 12:24:41.0862 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/28 12:24:41.0920 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/08/28 12:24:41.0982 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/28 12:24:42.0090 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/28 12:24:42.0166 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2010/08/28 12:24:42.0220 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/28 12:24:42.0342 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/28 12:24:42.0403 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/08/28 12:24:42.0470 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/28 12:24:42.0625 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\Windows\system32\drivers\sfdrv01.sys
2010/08/28 12:24:42.0681 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/28 12:24:42.0729 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/28 12:24:42.0772 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/28 12:24:42.0832 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\Windows\system32\drivers\sfhlp02.sys
2010/08/28 12:24:42.0891 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/28 12:24:42.0947 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\Windows\system32\drivers\sfsync02.sys
2010/08/28 12:24:43.0036 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/08/28 12:24:43.0103 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/28 12:24:43.0169 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/28 12:24:43.0222 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/08/28 12:24:43.0299 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/08/28 12:24:43.0445 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2010/08/28 12:24:43.0824 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/28 12:24:43.0975 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/08/28 12:24:44.0056 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/08/28 12:24:44.0191 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/08/28 12:24:44.0312 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/28 12:24:44.0381 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/08/28 12:24:44.0462 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/28 12:24:44.0524 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2010/08/28 12:24:44.0631 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/08/28 12:24:44.0693 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/08/28 12:24:44.0746 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/28 12:24:44.0825 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/28 12:24:45.0009 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/08/28 12:24:45.0215 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/28 12:24:45.0295 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/28 12:24:45.0403 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/08/28 12:24:45.0456 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/08/28 12:24:45.0514 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/28 12:24:45.0569 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/28 12:24:45.0652 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\Windows\system32\drivers\tiehdusb.sys
2010/08/28 12:24:45.0722 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/28 12:24:45.0815 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/28 12:24:45.0865 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/28 12:24:45.0938 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/28 12:24:46.0039 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/28 12:24:46.0105 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/28 12:24:46.0164 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/28 12:24:46.0303 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/28 12:24:46.0346 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/28 12:24:46.0416 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/28 12:24:46.0454 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/28 12:24:46.0564 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/28 12:24:46.0625 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/28 12:24:46.0706 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/28 12:24:46.0783 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/28 12:24:46.0856 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/28 12:24:46.0927 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/28 12:24:47.0021 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2010/08/28 12:24:47.0092 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/28 12:24:47.0170 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/28 12:24:47.0234 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/08/28 12:24:47.0324 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/28 12:24:47.0408 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/08/28 12:24:47.0464 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/08/28 12:24:47.0504 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/28 12:24:47.0563 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/08/28 12:24:47.0614 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/08/28 12:24:47.0664 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/28 12:24:47.0711 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/08/28 12:24:47.0768 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/28 12:24:47.0839 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/28 12:24:47.0909 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/08/28 12:24:47.0971 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/08/28 12:24:48.0051 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/28 12:24:48.0091 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/28 12:24:48.0120 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/28 12:24:48.0243 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/08/28 12:24:48.0327 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/28 12:24:48.0458 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/28 12:24:48.0492 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/08/28 12:24:48.0671 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/28 12:24:48.0792 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/28 12:24:48.0888 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/28 12:24:48.0990 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/08/28 12:24:49.0065 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/28 12:24:49.0157 ================================================================================
2010/08/28 12:24:49.0157 Scan finished
2010/08/28 12:24:49.0157 ================================================================================
2010/08/28 12:24:49.0172 Detected object count: 1
2010/08/28 12:25:02.0115 mountmgr (e93f7180238144bf1d18a0a835495d3c) C:\Windows\system32\drivers\mountmgr.sys
2010/08/28 12:25:02.0116 Suspicious file (Forged): C:\Windows\system32\drivers\mountmgr.sys. Real md5: e93f7180238144bf1d18a0a835495d3c, Fake md5: 1a3c17e6a5baf17ba9fe3d26ef42230f
2010/08/28 12:25:04.0882 Backup copy found, using it..
2010/08/28 12:25:04.0914 C:\Windows\system32\drivers\mountmgr.sys - will be cured after reboot
2010/08/28 12:25:04.0914 Rootkit.Win32.TDSS.tdl3(mountmgr) - User select action: Cure
2010/08/28 12:25:17.0194 Deinitialize success

The RKUnhooker log :

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x9043D000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11509760 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 195.62 )
0x92207000 C:\Windows\system32\DRIVERS\netw5v32.sys 6680576 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x82C1A000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82C1A000 PnpManager 4259840 bytes
0x82C1A000 RAW 4259840 bytes
0x82C1A000 WMIxWDM 4259840 bytes
0x966A0000 Win32k 2400256 bytes
0x966A0000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8E026000 C:\Windows\System32\Drivers\dump_iaStor.sys 1789952 bytes
0x89038000 C:\Windows\system32\DRIVERS\iaStor.sys 1789952 bytes (Intel Corporation, Intel Rapid Storage Technology driver - x86)
0x89626000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x89228000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x91CDF000 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8F24B000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x89428000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x92E07000 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8330F000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9E93F000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x98CA6000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8323C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x88E15000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xA6622000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x8E575000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x89395000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8E415000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x91C05000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)
0x928DE000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x9E88A000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x9E83B000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x90FA7000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x88F56000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x88E94000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x98C3D000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8F3BA000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x9E8F3000 C:\Windows\system32\DRIVERS\atksgt.sys 274432 bytes
0x832CD000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E50F000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x897A9000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x894DF000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x91CA2000 C:\Windows\system32\DRIVERS\VSTAZL3.SYS 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x98D9A000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x92F43000 C:\Windows\system32\DRIVERS\OEM02Dev.sys 237568 bytes (Creative Technology Ltd., Video Capture Device Driver)
0x90F63000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8302A000 ACPI_HAL 225280 bytes
0x8302A000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x833CA000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F378000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8956F000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8E46F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8976F000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x91C5A000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x92947000 C:\Windows\system32\DRIVERS\SynTP.sys 188416 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x89542000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x92877000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x89357000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x90F39000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x88EF8000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8F352000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x895B2000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8951D000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x89000000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x98D77000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8F302000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x98D2B000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8F218000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89400000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8E000000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9040F000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E4A8000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x96930000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x83200000 C:\Windows\system32\DRIVERS\avipbb.sys 114688 bytes (Avira GmbH, Avira Driver for RootKit Detection)
0x92F7F000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x98DD5000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x92FAE000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x98D4C000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x91C89000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x928A3000 C:\Windows\system32\DRIVERS\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8E5D9000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x9292F000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x929C0000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x929E3000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F324000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F33B000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x88FE6000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x92F10000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x88FB6000 C:\Windows\system32\drivers\tsk1692.tmp 90112 bytes
0x92F9A000 C:\Windows\system32\DRIVERS\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver)
0x928CA000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x92EE9000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x89382000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x98C93000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E4E6000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x929AE000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8F239000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x98D65000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x92866000 C:\Windows\system32\DRIVERS\bcm4sbxp.sys 69632 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0x895A1000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x92F27000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88FD5000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8F200000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88F22000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x832B4000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8E4C7000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x833BA000 C:\Windows\system32\drivers\klmdb.sys 65536 bytes
0x92FC8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x89612000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x98C83000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8E4F9000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x88F46000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x90400000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8E5F1000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8E4D8000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x89214000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88FA8000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x893F2000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x928BC000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0x8F3AC000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x88E86000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x929A1000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x92F03000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x92984000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x92EBC000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x92977000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9E9E0000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x895E3000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8E569000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x895D7000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x88F3B000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x92EDE000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x92ED3000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x92F38000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x89209000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x929D8000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x88E00000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x90F9C000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x90FF2000 C:\Windows\system32\DRIVERS\VClone.sys 45056 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)
0x88EED000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x92EC9000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x89023000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8E55A000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E550000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9042E000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9E9D6000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8902D000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x891ED000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x89200000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA668C000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x96900000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x897A0000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x92998000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x88EDC000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x832C5000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x88F33000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x897F8000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BC8000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x88EE5000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8E1F7000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x895F0000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x895F8000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x897F0000 C:\Windows\System32\drivers\sfhlp02.sys 32768 bytes (Protection Technology, StarForce Protection Helper Driver)
0x897E8000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8E1F0000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x92EFC000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x88FA1000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8E01F000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8E4A1000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8E509000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x8E564000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0x9E93A000 C:\Windows\system32\DRIVERS\lirsgt.sys 20480 bytes
0x92994000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9E936000 C:\Windows\system32\drivers\cpuz133_x32.sys 16384 bytes (Windows ® Win 7 DDK provider, CPUID Driver)
0x92991000 C:\Windows\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0x9E9ED000 d:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys 12288 bytes
0x8E400000 D:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0x90F37000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 195.62 )
0x92F7D000 C:\Windows\system32\DRIVERS\OEM02Vfx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter
Driver (Win2K based))
0x929FB000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x92975000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x00600000 Hidden Image-->IAStorUtil.dll [ EPROCESS 0x9AD08A90 ] PID: 724, 151552 bytes
0x00740000 Hidden Image-->IsdiInterop.dll [ EPROCESS 0x9AD08A90 ] PID: 724, 73728 bytes
0x00720000 Hidden Image-->IAStorDataMgr.dll [ EPROCESS 0x9AD08A90 ] PID: 724, 77824 bytes

and the mbrcheck log :

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Vostro 1500
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 211):
0x82C1A000 \SystemRoot\system32\ntkrnlpa.exe
0x8302A000 \SystemRoot\system32\halmacpi.dll
0x80BC8000 \SystemRoot\system32\kdcom.dll
0x8323C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x832B4000 \SystemRoot\system32\PSHED.dll
0x832C5000 \SystemRoot\system32\BOOTVID.dll
0x832CD000 \SystemRoot\system32\CLFS.SYS
0x8330F000 \SystemRoot\system32\CI.dll
0x833BA000 \SystemRoot\system32\drivers\klmdb.sys
0x88E15000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88E86000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88E94000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x88EDC000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x88EE5000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x88EED000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x88EF8000 \SystemRoot\system32\DRIVERS\pci.sys
0x88F22000 \SystemRoot\System32\drivers\partmgr.sys
0x88F33000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88F3B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88F46000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x88F56000 \SystemRoot\System32\drivers\volmgrx.sys
0x88FA1000 \SystemRoot\system32\DRIVERS\intelide.sys
0x88FA8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x88FB6000 \SystemRoot\system32\drivers\tsk1692.tmp
0x89038000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x891ED000 \SystemRoot\system32\DRIVERS\atapi.sys
0x89000000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x89023000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8902D000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x833CA000 \SystemRoot\system32\drivers\fltmgr.sys
0x88FD5000 \SystemRoot\system32\drivers\fileinfo.sys
0x89228000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89357000 \SystemRoot\System32\Drivers\msrpc.sys
0x89382000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89395000 \SystemRoot\System32\Drivers\cng.sys
0x893F2000 \SystemRoot\System32\drivers\pcw.sys
0x89200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x89428000 \SystemRoot\system32\drivers\ndis.sys
0x894DF000 \SystemRoot\system32\drivers\NETIO.SYS
0x8951D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89626000 \SystemRoot\System32\drivers\tcpip.sys
0x8976F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x897A0000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x897A9000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x897E8000 \SystemRoot\System32\Drivers\spldr.sys
0x897F0000 \SystemRoot\System32\drivers\sfhlp02.sys
0x89542000 \SystemRoot\System32\drivers\rdyboost.sys
0x89612000 \SystemRoot\System32\Drivers\mup.sys
0x897F8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8956F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x895A1000 \SystemRoot\system32\DRIVERS\disk.sys
0x895B2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8E000000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E01F000 \SystemRoot\System32\Drivers\Null.SYS
0x8E1F0000 \SystemRoot\System32\Drivers\Beep.SYS
0x895D7000 \SystemRoot\System32\drivers\vga.sys
0x89400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x895E3000 \SystemRoot\System32\drivers\watchdog.sys
0x8E1F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x895F0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x895F8000 \SystemRoot\system32\drivers\rdprefmp.sys
0x89209000 \SystemRoot\System32\Drivers\Msfs.SYS
0x89214000 \SystemRoot\System32\Drivers\Npfs.SYS
0x88FE6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x88E00000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E415000 \SystemRoot\system32\drivers\afd.sys
0x8E46F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E4A1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8E4A8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E4C7000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8E4D8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E4E6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E4F9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E509000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8E50F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E550000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E55A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E564000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8E569000 \SystemRoot\System32\drivers\discache.sys
0x8E575000 \SystemRoot\system32\drivers\csc.sys
0x8E5D9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E5F1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x83200000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8E400000 \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F218000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F239000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9043D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90F37000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x90F39000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8F24B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90F63000 \SystemRoot\System32\drivers\dxgmms1.sys
0x90F9C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90FA7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90400000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9040F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92207000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x92866000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x92877000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x928A3000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x928BC000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x928CA000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x928DE000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x9292F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x92947000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x92975000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92977000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x92984000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x92991000 \SystemRoot\system32\drivers\pfc.sys
0x92994000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x92998000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x929A1000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x929AE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x929C0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x929D8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F302000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x929E3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F324000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F33B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9042E000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x90FF2000 \SystemRoot\system32\DRIVERS\VClone.sys
0x8F352000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x929FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F378000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F3AC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F3BA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F200000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91C05000 \SystemRoot\system32\drivers\stwrt.sys
0x91C5A000 \SystemRoot\system32\drivers\portcls.sys
0x91C89000 \SystemRoot\system32\drivers\drmk.sys
0x91CA2000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
0x91CDF000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x92E07000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x92EBC000 \SystemRoot\system32\drivers\modem.sys
0x966A0000 \SystemRoot\System32\win32k.sys
0x92EC9000 \SystemRoot\System32\drivers\Dxapi.sys
0x92ED3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x92EDE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x92EE9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x92EFC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92F03000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92F10000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E026000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x92F27000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x92F38000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92F43000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x92F7D000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x96900000 \SystemRoot\System32\TSDDD.dll
0x96930000 \SystemRoot\System32\cdd.dll
0x92F7F000 \SystemRoot\system32\drivers\luafv.sys
0x92F9A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x92FAE000 \SystemRoot\system32\drivers\WudfPf.sys
0x92FC8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x98C3D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x98C83000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x98C93000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x98CA6000 \SystemRoot\system32\drivers\HTTP.sys
0x98D2B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98D4C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x98D65000 \SystemRoot\System32\drivers\mpsdrv.sys
0x98D77000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x98D9A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x98DD5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E83B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E88A000 \SystemRoot\System32\DRIVERS\srv.sys
0x9E8F3000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9E936000 \??\C:\Windows\system32\drivers\cpuz133_x32.sys
0x9E93A000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9E93F000 \SystemRoot\system32\drivers\peauth.sys
0x9E9D6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9E9E0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E9ED000 \??\d:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
0xA6622000 \SystemRoot\system32\drivers\spsys.sys
0x77610000 \Windows\System32\ntdll.dll
0x48230000 \Windows\System32\smss.exe
0x77850000 \Windows\System32\apisetschema.dll
0x00B30000 \Windows\System32\autochk.exe
0x777C0000 \Windows\System32\comdlg32.dll
0x777A0000 \Windows\System32\imm32.dll
0x77570000 \Windows\System32\usp10.dll
0x77470000 \Windows\System32\wininet.dll
0x773E0000 \Windows\System32\clbcatq.dll
0x77790000 \Windows\System32\normaliz.dll
0x77340000 \Windows\System32\advapi32.dll
0x772E0000 \Windows\System32\difxapi.dll
0x77290000 \Windows\System32\Wldap32.dll
0x770F0000 \Windows\System32\setupapi.dll
0x77020000 \Windows\System32\user32.dll
0x77780000 \Windows\System32\psapi.dll
0x77750000 \Windows\System32\imagehlp.dll
0x76FD0000 \Windows\System32\gdi32.dll
0x76FC0000 \Windows\System32\nsi.dll
0x76E60000 \Windows\System32\ole32.dll
0x76E40000 \Windows\System32\sechost.dll
0x76D90000 \Windows\System32\msvcrt.dll
0x76CE0000 \Windows\System32\rpcrt4.dll
0x76AE0000 \Windows\System32\iertutil.dll
0x76AD0000 \Windows\System32\lpk.dll
0x76A90000 \Windows\System32\ws2_32.dll
0x76A00000 \Windows\System32\oleaut32.dll
0x768C0000 \Windows\System32\urlmon.dll
0x767E0000 \Windows\System32\kernel32.dll
0x75B90000 \Windows\System32\shell32.dll
0x75B30000 \Windows\System32\shlwapi.dll
0x75A60000 \Windows\System32\msctf.dll
0x75940000 \Windows\System32\crypt32.dll
0x758F0000 \Windows\System32\KernelBase.dll
0x758D0000 \Windows\System32\devobj.dll
0x75840000 \Windows\System32\comctl32.dll
0x75810000 \Windows\System32\cfgmgr32.dll
0x757E0000 \Windows\System32\wintrust.dll
0x757D0000 \Windows\System32\msasn1.dll

Processes (total 62):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
480 csrss.exe
548 C:\Windows\System32\wininit.exe
560 csrss.exe
604 C:\Windows\System32\services.exe
620 C:\Windows\System32\lsass.exe
628 C:\Windows\System32\lsm.exe
736 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\nvvsvc.exe
864 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\audiodg.exe
1104 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\winlogon.exe
1288 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\spoolsv.exe
1432 D:\Program Files\Avira\AntiVir Desktop\sched.exe
1452 D:\Program Files\Avira\AntiVir Desktop\avguard.exe
1476 C:\Windows\System32\svchost.exe
1772 C:\Windows\System32\nvvsvc.exe
1892 C:\Windows\System32\taskhost.exe
1972 C:\Windows\System32\taskeng.exe
308 C:\Windows\System32\dwm.exe
488 C:\Windows\explorer.exe
680 D:\Program Files\Auslogics\Auslogics BoostSpeed\DiskDefrag.exe
1208 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
1276 C:\Program Files\HP\HP Wireless Vector Mouse\TSR\xDaemon.exe
1312 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1616 D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1944 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
1952 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2088 D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
2364 D:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
2436 C:\Windows\System32\AEstSrv.exe
2472 C:\Windows\System32\svchost.exe
2520 C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
2560 D:\Program Files\Icecast2 Win32\icecastService.exe
2628 C:\Windows\System32\mppspsv.exe
2672 C:\Windows\System32\stacsv.exe
2864 C:\Windows\System32\svchost.exe
2944 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3104 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3224 C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
3280 C:\Windows\System32\SearchIndexer.exe
3524 C:\Windows\System32\taskhost.exe
3608 C:\Windows\System32\svchost.exe
3760 C:\Program Files\Windows Media Player\wmpnetwk.exe
3936 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
724 C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
3520 C:\Windows\System32\sppsvc.exe
3272 C:\Windows\servicing\TrustedInstaller.exe
2964 D:\Program Files\Mozilla Firefox\firefox.exe
2740 C:\Windows\System32\SearchProtocolHost.exe
3316 C:\Windows\System32\SearchFilterHost.exe
2460 dllhost.exe
1412 dllhost.exe
1856 C:\Users\Paresse Appropriée\Desktop\MBRCheck.exe
316 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`87600000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`da700000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`07600000 (NTFS)

PhysicalDrive0 Model Number: ST9160821AS, Rev: 3.CDE

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Hope it helps I didn't realize my situation was this severe...

Thanks in advance.

Edited by Kolqhoz, 28 August 2010 - 08:25 AM.


#8 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:54 AM

Posted 29 August 2010 - 10:28 AM

Hello Kolqhoz,

I haven't forgotten you. I'm still analyzing your logs and will post a fix when I can.

Thanks!!
PW

#9 Kolqhoz

Kolqhoz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 29 August 2010 - 01:43 PM

Thank you for giving some news (even if I wasn't worried at all smile.gif) I don't know if you have seen my edit on the post upwards but I'm done with these redirections and popups. I know it doesn't mean my pc is clean but it's still a relief.

Thank in advance, keep up the good work !

#10 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:54 AM

Posted 30 August 2010 - 03:26 PM

Hello Kolqhoz,

QUOTE
I don't know if you have seen my edit on the post upwards but I'm done with these redirections and popups. I know it doesn't mean my pc is clean but it's still a relief


We're getting there but you still have some problems that we will take care of. smile.gif

I notice that your antivirus program is located on the D: drive while Windows is on the C: drive. Do you have Avira set to provide real time protection for the C: drive?

I see you have run Defogger. Please make sure that emulation is still set to Disable.

Step 1.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista and Windows 7).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Step 2.

We need to run a Combofix Script. Please delete the copy of Combofix from your desktop.

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <<----Important
3. Open notepad and copy/paste the text in the codebox below into it:

CODE
DDS::
uStart Page = hxxp://www.naver.com
IE: ??? ?? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /SEARCH.HTML
IE: ??? ????? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /BOOKMARK.HTML
IE: ??? ??? ?? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /BLOG.HTML
IE: ??? ?? ?? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /DIC.HTML
IE: ??? ????? ???? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /OPENCAST.HTML
IE: ??? ?? ?? - c:\program files\naver\navertoolbar\NaverTB_3_5_3_40.dll /JKTRANS.HTML
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38}

Folder::
c:\program files\Naver

RegNull::
[HKEY_USERS\S-1-5-21-2919384447-1011665479-2549125033-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{289C46F5-FDC1-7786-7CCB-962A42A6990A}*]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

If Combofix prompts you to update the program please allow it to do so.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 3.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply please answer my question about Avira and include the following:

GooredFix.txt
ComboFix.txt
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized


Thanks!!
PW

#11 Kolqhoz

Kolqhoz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 30 August 2010 - 08:14 PM

Hello pwgib,

Here are the log files you requested. I checked if Avira real-time protection was enabled on disk drive C: and it indeed was. I basically install new programs on disk D: out of habit and to avoid corrupting and defragmenting disk C: do you think I should reinstall Avira on disk C: ?

Gooredfix log :

GooredFix by jpshortstuff (03.07.10.1)
Log created at 02:43 on 31/08/2010 (Paresse Appropriée)
Firefox version 3.6 (fr)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

C:\Users\Paresse Appropriée\Application Data\Mozilla\Firefox\Profiles\r8hp02zg.default\extensions\
piclens@cooliris.com [10:54 26/07/2010]
{6E1A2A2E-AE2A-4A26-A812-46F54288379E} [11:13 26/07/2010]
{71328583-3CA7-4809-B4BA-570A85818FBB} [14:55 07/04/2010]
{b41cb5f0-2e52-11de-8c30-0800200c9a66} [11:13 26/07/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [12:23 18/08/2010]
{d9284e50-81fc-11da-a72b-0800200c9a66} [09:13 22/08/2010]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [16:40 30/07/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-


And the Combofix log file :

ComboFix 10-08-29.04 - Paresse Appropriée 08/31/2010 2:53.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1459 [GMT 2:00]
Running from: c:\users\Paresse Appropriée\Desktop\ComboFix.exe
Command switches used :: c:\users\Paresse Appropriée\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-31 )))))))))))))))))))))))))))))))
.

2010-08-31 01:01 . 2010-08-31 01:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-31 01:01 . 2010-08-31 01:01 -------- d-----w- c:\users\Paresse Appropri‚e\AppData\Local\temp
2010-08-31 01:01 . 2010-08-31 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-31 01:01 . 2010-08-31 01:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-08-31 00:52 . 2010-08-31 00:52 -------- d-----w- C:\32788R22FWJFW
2010-08-23 17:45 . 2010-08-23 17:45 -------- d-----w- c:\windows\PCHEALTH
2010-08-23 17:45 . 2010-08-23 17:46 -------- d-----w- c:\program files\Windows Live
2010-08-23 17:43 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-08-23 17:43 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-08-23 17:43 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-08-23 17:42 . 2010-08-23 17:42 -------- d-----w- c:\program files\Common Files\Windows Live
2010-08-17 20:12 . 2010-08-17 20:12 -------- d-----w- c:\program files\Synaptics
2010-08-17 20:11 . 2006-03-09 07:58 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2010-08-17 20:11 . 2007-10-26 12:39 193456 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-08-17 20:11 . 2007-10-26 12:38 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-08-17 20:11 . 2007-10-26 12:09 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-08-17 20:11 . 2007-10-26 12:01 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2010-08-17 20:11 . 2007-10-26 12:01 163840 ----a-w- c:\windows\system32\SynCOM.dll
2010-08-17 20:11 . 2010-08-17 20:11 -------- d-----w- C:\dell
2010-08-17 09:59 . 2010-08-26 09:10 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-08-17 09:40 . 2010-08-17 09:40 -------- d-----w- C:\Device
2010-08-16 07:04 . 2010-08-16 07:04 -------- d-----w- c:\program files\BillP Studios
2010-08-16 06:36 . 2010-08-16 08:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 06:36 . 2010-08-16 08:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-16 06:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 06:24 . 2010-08-16 06:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 06:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-15 17:32 . 2010-08-15 17:32 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-15 13:30 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-15 13:30 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-15 13:30 . 2010-08-15 13:30 -------- d-----w- c:\programdata\Avira
2010-08-15 10:45 . 2010-08-15 10:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-15 10:41 . 2010-08-15 10:41 -------- d-----w- c:\program files\Common Files\Java
2010-08-15 10:38 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-13 10:25 . 2010-08-13 10:25 -------- d-----w- c:\program files\HP
2010-08-11 12:09 . 2010-08-11 12:30 -------- d-----w- c:\programdata\TmForever
2010-08-10 17:44 . 2010-08-10 17:44 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-08-08 10:24 . 2010-08-08 10:24 -------- d-----w- c:\program files\MSXML 4.0
2010-08-05 08:56 . 2010-08-05 08:56 -------- d-----w- c:\program files\Sunbelt Software
2010-08-05 08:55 . 2010-08-05 08:55 -------- d-----w- c:\programdata\Sunbelt
2010-08-05 08:47 . 2010-08-05 09:01 81984 ----a-w- c:\windows\system32\bdod.bin
2010-08-05 08:28 . 2010-08-05 09:02 -------- d-----w- c:\program files\Common Files\Softwin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 10:27 . 2009-07-13 23:11 78416 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2010-08-26 09:34 . 2010-02-24 20:35 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-24 08:51 . 2010-02-19 10:51 -------- d-----w- c:\program files\Intel
2010-08-17 20:12 . 2010-08-17 20:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-08-15 10:41 . 2010-02-20 09:14 -------- d-----w- c:\program files\Java
2010-08-13 10:24 . 2010-02-19 10:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-06 10:58 . 2010-07-16 11:32 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-08-05 08:30 . 2010-07-21 18:47 -------- d-----w- c:\program files\Common Files\BitDefender
2010-07-30 16:45 . 2010-05-01 22:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-30 16:45 . 2010-04-03 11:02 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-29 19:39 . 2010-07-29 19:39 209280 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-07-29 16:51 . 2010-02-27 22:40 -------- d-----w- c:\programdata\Soulseek
2010-07-29 14:18 . 2010-02-19 10:41 -------- d-----w- c:\programdata\NVIDIA
2010-07-29 12:07 . 2010-02-19 10:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-29 11:51 . 2010-02-19 12:04 -------- d-----w- c:\programdata\ma-config.com
2010-07-29 11:51 . 2010-02-19 12:04 -------- d-----w- c:\program files\ma-config.com
2010-07-29 11:37 . 2010-02-19 10:40 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-29 09:50 . 2010-07-29 09:50 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-29 09:50 . 2010-07-29 09:50 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-29 09:50 . 2010-07-29 09:50 -------- d-----w- c:\program files\OpenAL
2010-07-29 09:24 . 2010-07-29 09:24 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-07-29 06:30 . 2010-08-29 19:33 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-29 19:33 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 11:52 . 2010-07-28 11:48 -------- d-----w- c:\programdata\FLEXnet
2010-07-28 11:45 . 2010-07-28 11:41 1364 ----a-w- c:\windows\system32\drivers\hosts
2010-07-28 11:24 . 2010-07-28 11:23 -------- d-----w- c:\programdata\SmartSound Software Inc
2010-07-28 11:23 . 2010-07-28 11:23 -------- d-----w- c:\programdata\eSellerate
2010-07-28 11:23 . 2010-07-28 11:23 -------- d-----w- c:\program files\SmartSound Software
2010-07-28 11:22 . 2010-07-28 11:22 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-28 11:08 . 2010-07-28 11:08 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-07-28 11:08 . 2010-07-28 11:08 -------- d-----w- c:\program files\MSECACHE
2010-07-21 19:24 . 2010-07-21 19:23 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-07-21 18:36 . 2009-07-13 23:22 173648 ----a-w- c:\windows\system32\drivers\rdyboost.sys
2010-07-20 20:20 . 2010-07-20 20:20 -------- d-----w- c:\programdata\Malwarebytes
2010-07-19 17:45 . 2010-04-06 17:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-07-19 17:45 . 2010-04-06 17:17 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-07-19 17:45 . 2010-05-19 08:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-07-19 17:44 . 2010-04-06 17:16 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-19 17:29 . 2010-07-19 17:29 -------- d-----w- c:\programdata\Trymedia
2010-07-17 11:09 . 2010-07-17 11:06 1391104 ----a-w- C:\apploc.msi
2010-07-16 21:43 . 2010-07-16 21:43 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-07-16 11:32 . 2010-07-16 11:32 124216 ----a-r- c:\windows\system32\CKAgent.exe
2010-07-16 11:32 . 2010-07-16 11:32 677176 ----a-w- c:\windows\system32\CKSetup32.exe
2010-07-15 01:54 . 2010-07-15 01:54 542096 ----a-w- c:\windows\system32\NJUninst.exe
2010-07-13 09:38 . 2010-07-01 14:05 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-13 09:38 . 2010-07-01 14:04 -------- d-----w- c:\programdata\DivX
2010-07-13 09:38 . 2010-07-01 14:04 -------- d-----w- c:\program files\DivX
2010-07-12 09:47 . 2010-04-23 08:58 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-07-12 09:47 . 2010-05-01 08:27 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-07-12 09:47 . 2010-06-03 05:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-07-12 09:46 . 2010-06-19 09:09 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-07-10 15:03 . 2010-07-10 14:53 -------- d-----w- c:\program files\Common Files\Steam
2010-06-30 06:25 . 2010-08-29 19:33 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:33 . 2010-06-24 09:33 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-06-22 13:52 . 2010-06-22 13:52 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-22 13:52 . 2010-06-22 13:52 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-22 02:47 . 2010-08-29 19:33 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-29 19:33 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-29 19:33 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-20 17:21 . 2010-05-07 09:24 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-19 06:33 . 2010-08-29 19:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-29 19:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-29 19:33 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-29 19:33 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-29 19:33 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-14 06:12 . 2010-08-29 19:33 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-08 06:02 . 2010-08-29 19:33 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-06 12:31 . 2010-04-02 08:27 34155 ----a-w- c:\windows\DIIUnin.dat
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2006-05-03 09:06 . 2010-07-28 09:21 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2010-07-28 09:21 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2010-07-28 09:21 216064 --sh--r- c:\windows\System32\nbDX.dll
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-17_09.43.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-23 17:46 . 2010-08-23 17:46 51008 c:\windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a\vcomp90.dll
+ 2010-08-29 19:33 . 2010-07-29 06:17 82944 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.1.7600.20767_none_6d1a5a1e52cef174\iccvid.dll
+ 2010-08-29 19:33 . 2010-07-29 06:30 82944 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.1.7600.16646_none_6ca55ce139a20071\iccvid.dll
+ 2010-08-29 19:33 . 2010-06-19 06:27 37376 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.1.7600.20738_none_0dae9d2b64c07c9d\rtutils.dll
+ 2010-08-29 19:33 . 2010-06-19 06:23 37376 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.1.7600.16617_none_0d399fee4b938b9a\rtutils.dll
+ 2009-07-14 00:04 . 2009-07-14 01:14 50176 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7600.20717_none_9d0cd7e486f8464a\rrinstaller.exe
+ 2009-07-14 00:03 . 2009-07-14 01:14 23040 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7600.20717_none_9d0cd7e486f8464a\mfpmp.exe
+ 2009-07-14 00:04 . 2009-07-14 01:14 50176 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7600.16597_none_9c2cb9d36e1b88e1\rrinstaller.exe
+ 2009-07-14 00:03 . 2009-07-14 01:14 23040 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7600.16597_none_9c2cb9d36e1b88e1\mfpmp.exe
+ 2010-08-29 19:33 . 2010-06-30 06:12 12800 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.20745_none_17936e91cc14b92e\msfeedssync.exe
+ 2010-08-29 19:33 . 2010-06-30 06:15 64512 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.20745_none_17936e91cc14b92e\msfeedsbs.dll
+ 2010-08-29 19:33 . 2010-06-30 06:19 12800 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.16625_none_171f719eb2e6e182\msfeedssync.exe
+ 2010-08-29 19:33 . 2010-06-30 06:22 64512 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.16625_none_171f719eb2e6e182\msfeedsbs.dll
+ 2010-08-29 19:33 . 2010-06-30 06:18 68608 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\WininetPlugin.dll
+ 2010-08-29 19:33 . 2010-06-30 06:15 48128 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\jsproxy.dll
+ 2010-08-29 19:33 . 2010-06-30 06:25 68608 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\WininetPlugin.dll
+ 2010-08-29 19:33 . 2010-06-30 06:21 48128 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\jsproxy.dll
+ 2010-02-19 11:58 . 2010-08-30 08:33 43436 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-30 08:33 43934 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-19 11:58 . 2010-08-30 08:33 15934 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2919384447-1011665479-2549125033-1000_UserData.bin
- 2009-07-13 23:42 . 2009-07-14 01:14 12800 c:\windows\System32\msfeedssync.exe
+ 2010-08-29 19:33 . 2010-06-30 06:19 12800 c:\windows\System32\msfeedssync.exe
+ 2010-08-29 19:33 . 2010-06-30 06:22 64512 c:\windows\System32\msfeedsbs.dll
- 2010-06-11 08:34 . 2010-05-06 12:41 64512 c:\windows\System32\msfeedsbs.dll
+ 2010-08-29 19:33 . 2010-06-30 06:25 68608 c:\windows\System32\migration\WininetPlugin.dll
- 2010-06-11 08:34 . 2010-05-21 05:18 68608 c:\windows\System32\migration\WininetPlugin.dll
- 2010-06-11 08:34 . 2010-05-21 05:14 48128 c:\windows\System32\jsproxy.dll
+ 2010-08-29 19:33 . 2010-06-30 06:21 48128 c:\windows\System32\jsproxy.dll
+ 2009-09-28 18:20 . 2009-09-28 18:20 89256 c:\windows\System32\ElbyCDIO.dll
+ 2009-07-14 04:50 . 2010-08-26 09:51 86016 c:\windows\System32\DriverStore\infpub.dat
- 2009-07-14 04:50 . 2010-07-29 12:21 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2009-08-09 21:25 . 2009-08-09 21:25 29696 c:\windows\System32\DriverStore\FileRepository\vclone.inf_x86_neutral_adcf5f25d1862403\Vista32\VClone.sys
+ 2010-08-17 20:11 . 2007-10-26 12:39 95528 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\SynTPHelper.exe
+ 2009-08-09 21:25 . 2009-08-09 21:25 29696 c:\windows\System32\drivers\VClone.sys
+ 2009-12-17 22:25 . 2009-12-17 22:25 26024 c:\windows\System32\drivers\ElbyCDIO.sys
- 2010-05-01 22:13 . 2009-12-14 10:33 53248 c:\windows\System32\CSVer.dll
+ 2010-05-01 22:13 . 2010-02-23 13:34 53248 c:\windows\System32\CSVer.dll
+ 2010-02-19 19:24 . 2010-08-30 09:05 81920 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-19 16:31 . 2010-08-28 10:14 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2010-07-19 16:31 . 2010-08-17 09:27 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-08-21 12:01 . 2010-08-21 12:01 66594 c:\windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\9.0\UserCache.bin
+ 2010-08-21 12:01 . 2010-08-21 12:01 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010082120100822\index.dat
+ 2010-02-19 10:56 . 2010-08-30 08:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-19 10:56 . 2010-08-17 09:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-08-30 18:16 77856 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-02-19 10:56 . 2010-08-17 09:44 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-19 10:56 . 2010-08-30 08:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-19 10:56 . 2010-08-30 08:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-19 10:56 . 2010-08-17 09:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-19 10:56 . 2010-08-31 00:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-19 10:56 . 2010-08-17 09:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-19 12:02 . 2010-08-17 09:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-19 12:02 . 2010-08-29 18:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-19 12:02 . 2010-08-29 18:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-02-19 12:02 . 2010-08-17 09:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-02-19 12:02 . 2010-08-29 18:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-19 12:02 . 2010-08-17 09:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-19 10:56 . 2010-08-17 09:42 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-19 10:56 . 2010-08-31 00:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-19 10:56 . 2010-08-17 09:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-19 10:56 . 2010-08-31 00:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-23 17:45 . 2010-08-23 17:45 71680 c:\windows\Installer\1ef35cd.msi
+ 2010-08-23 17:46 . 2010-08-23 17:46 80395 c:\windows\Installer\{19DD26A7-F0DD-472E-887F-44128C31163C}\MsblIco.Exe
+ 2010-08-30 08:33 . 2010-08-30 08:33 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a06f86c78df5896fab27ef63a467f757\UIAutomationProvider.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\101740bb080b93dcd57cca0b49561b5b\System.Windows.Presentation.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\55d21368f4ac5f01a2b5b3c2a06ef811\System.Web.DynamicData.Design.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\4f643751eda6cafe890f0884a6ec7392\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\89a9ddc116df21673f60cc7d1ed63e4b\System.AddIn.Contract.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\cda6307ec359333afe51ed90f61db564\PresentationFontCache.ni.exe
+ 2010-08-30 08:33 . 2010-08-30 08:33 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\e117973434189b11c49b65513d458a41\PresentationCFFRasterizer.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\80feaa74c880469ddc54e7708b2e8d7e\napcrypt.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\70c3c3c19342043f2cc3a206aa74e37a\Microsoft.WSMan.Runtime.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\9b6716c352f7004b86f4c35b4513a13f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\976de9ec4c99b0ef317a57d76f3a1fbc\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\82d40129a13601e4838e17aca1db8ec0\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\6bdeaf57d38696f68d160e90cdb6beaa\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\4b6134d905d751a3042b7518fa25bc21\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\327d654b6c42b863acc07646977bf20a\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\00a681c820369841bd03932d449cb706\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2010-08-30 10:16 . 2010-08-30 10:16 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\246d74010afa232d3853e4f49c7a38eb\Microsoft.Vsa.ni.dll
+ 2010-08-30 08:32 . 2010-08-30 08:32 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\190adbaf753e7744782406a71e7dcd7e\Microsoft.VisualC.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\e6619ce4e08b438c7caaf39f49be7e96\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\17022567749e35fb5d6b77df4de5c1db\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 95232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5cd3613c86a19852e91eb066f36bafe2\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\380c330cdccc21935d6a4800ed5acf8b\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\37320799550691a787e6574b6899d0ee\Microsoft.Build.Framework.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\27dbf2aba276101442ddbe86a8665057\Microsoft.Build.Framework.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft-Windows-H#\1db5517b40ec21e3dda4e810be9e6444\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\LoadMxf\217c55606e2aaa5d8654a6535702e5ce\LoadMxf.ni.exe
+ 2010-08-30 10:16 . 2010-08-30 10:16 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\32bf66429119de00e4ca0bcdb7491570\IAStorDataMgrSvc.ni.exe
+ 2010-08-30 10:17 . 2010-08-30 10:17 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\ef5fbf785736915b65eb5ce54e301b4d\ehiUserXp.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 18432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUPnP\fddbfe6c3475fe8642eaf22d8a41f146\ehiUPnP.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiTVMSMusic\d633e90dafd83c1230be7aa2482a2bfc\ehiTVMSMusic.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 82432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiiTv\a2869c539b5d125e3b84e911bf97fd0a\ehiiTv.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 33792 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiBmlDataCarousel\2afc39edbeea505de69abb56de685162\ehiBmlDataCarousel.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiActivScp\898393e003597d87610c03ba3e12b42b\ehiActivScp.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a0fb35ff977ffedbdb27f7262c979d3e\dfsvc.ni.exe
+ 2010-08-30 10:16 . 2010-08-30 10:16 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\9f333ba813d7225dfb064e1b90f0b857\AuditPolicyGPManagedStubs.Interop.ni.dll
+ 2010-08-30 08:33 . 2010-08-30 08:33 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b2e6d33df15f6ca262db09558982e0f2\Accessibility.ni.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.20728_none_891219a11113f34b\msxml3r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.16605_none_889b1bcff7e8cf9a\msxml3r.dll
+ 2009-07-14 00:03 . 2009-07-14 01:06 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7600.20717_none_9d0cd7e486f8464a\mferror.dll
+ 2009-07-14 00:03 . 2009-07-14 01:06 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7600.16597_none_9c2cb9d36e1b88e1\mferror.dll
+ 2010-02-19 11:55 . 2010-08-28 10:25 6268 c:\windows\System32\wdi\ERCQueuedResolutions.dat
- 2010-08-17 09:27 . 2010-08-17 09:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-30 08:31 . 2010-08-30 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-30 08:31 . 2010-08-30 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-17 09:27 . 2010-08-17 09:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-29 19:33 . 2010-05-20 22:43 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.1.7600.20717_none_d1a2369ed0d2b389\SOS.dll
+ 2010-08-29 19:33 . 2010-05-20 22:49 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.1.7600.16597_none_e877dfd2b7241dea\SOS.dll
+ 2010-08-29 19:33 . 2010-05-20 22:43 995672 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.1.7600.20717_none_e8d3eedddcddd774\mscordacwks.dll
+ 2010-08-29 19:33 . 2010-05-20 22:49 995160 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.1.7600.16597_none_ffa99811c32f41d5\mscordacwks.dll
+ 2010-08-29 19:33 . 2010-07-29 06:17 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.1.7600.20767_none_6d1a5a1e52cef174\ir32_32.dll
+ 2010-08-29 19:33 . 2010-07-29 06:30 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.1.7600.16646_none_6ca55ce139a20071\ir32_32.dll
+ 2010-08-29 19:33 . 2010-06-22 02:45 307200 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.20740_none_da72d04d70d0f1ff\srv2.sys
+ 2010-08-29 19:33 . 2010-06-22 02:47 307200 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16619_none_da12a5e05792e271\srv2.sys
+ 2010-08-29 19:33 . 2010-06-22 02:45 311296 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20740_none_da7da03970c8d60e\srv.sys
+ 2010-08-29 19:33 . 2010-06-22 02:47 310784 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16619_none_da1d75cc578ac680\srv.sys
+ 2010-08-29 19:33 . 2010-06-22 02:44 113664 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20740_none_045c65128a7c54f0\srvnet.sys
+ 2010-08-29 19:33 . 2010-06-22 02:47 113664 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16619_none_03fc3aa5713e4562\srvnet.sys
+ 2010-08-29 19:33 . 2010-06-16 05:58 224256 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.20735_none_22ac534acf8b77bc\schannel.dll
+ 2010-08-29 19:33 . 2010-06-16 05:48 224256 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16612_none_22355579b660540b\schannel.dll
+ 2010-08-23 17:43 . 2010-05-23 10:10 196608 c:\windows\winsxs\x86_microsoft-windows-mfreadwrite_31bf3856ad364e35_6.1.7600.20717_none_ba0390ac923b09e5\mfreadwrite.dll
+ 2010-08-23 17:43 . 2010-05-23 10:11 196608 c:\windows\winsxs\x86_microsoft-windows-mfreadwrite_31bf3856ad364e35_6.1.7600.16597_none_b923729b795e4c7c\mfreadwrite.dll
+ 2009-07-14 00:03 . 2009-07-14 01:15 103424 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7600.20717_none_9d0cd7e486f8464a\mfps.dll
+ 2009-07-14 00:03 . 2009-07-14 01:15 103424 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7600.16597_none_9c2cb9d36e1b88e1\mfps.dll
+ 2010-08-29 19:33 . 2010-06-30 06:14 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.20745_none_7fe7ec279f71beb2\ieui.dll
+ 2010-08-29 19:33 . 2010-06-30 06:21 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.16625_none_7f73ef348643e706\ieui.dll
+ 2010-08-29 19:33 . 2010-06-30 06:14 163328 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.7600.20745_none_ab7463e73be351ce\ieproxy.dll
+ 2010-08-29 19:33 . 2010-06-30 06:21 163328 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.7600.16625_none_ab0066f422b57a22\ieproxy.dll
+ 2010-08-29 19:33 . 2010-06-30 06:14 859648 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.7600.20745_none_56ea8c5831291390\iedvtool.dll
+ 2010-08-29 19:33 . 2010-06-30 06:21 859648 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.7600.16625_none_56768f6517fb3be4\iedvtool.dll
+ 2010-08-29 19:33 . 2010-06-30 06:14 186368 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.7600.20745_none_58090436e3608fb1\iepeers.dll
+ 2010-08-29 19:33 . 2010-06-30 06:21 185856 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.7600.16625_none_57950743ca32b805\iepeers.dll
+ 2010-08-29 19:33 . 2010-06-30 06:14 381440 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.7600.20745_none_8f95ec0148cfe816\iedkcs32.dll
+ 2010-08-29 19:33 . 2010-06-30 06:21 381440 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.7600.16625_none_8f21ef0e2fa2106a\iedkcs32.dll
+ 2010-08-29 19:33 . 2010-06-30 06:18 980480 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\wininet.dll
+ 2010-08-29 19:33 . 2010-06-30 06:25 978432 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\wininet.dll
+ 2010-08-29 19:33 . 2010-06-30 06:15 606208 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.7600.20745_none_fc0b262c6dc5602b\mstime.dll
+ 2010-08-29 19:33 . 2010-06-30 06:22 606208 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.7600.16625_none_fb9729395497887f\mstime.dll
+ 2010-02-19 23:29 . 2010-08-31 00:34 453732 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-02-19 16:23 . 2010-08-28 10:11 288982 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:05 . 2010-08-16 06:19 615360 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-17 18:25 615360 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-08-16 06:19 103702 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-08-17 18:25 103702 c:\windows\System32\perfc009.dat
+ 2009-09-15 10:18 . 2009-09-15 10:18 675840 c:\windows\System32\NETw5c32.dll
+ 2010-08-29 19:33 . 2010-06-30 06:22 606208 c:\windows\System32\mstime.dll
- 2010-06-11 08:34 . 2010-05-06 12:41 606208 c:\windows\System32\mstime.dll
- 2009-07-13 23:26 . 2009-07-14 01:15 176640 c:\windows\System32\ieui.dll
+ 2010-08-29 19:33 . 2010-06-30 06:21 176640 c:\windows\System32\ieui.dll
+ 2010-08-29 19:33 . 2010-06-30 06:21 185856 c:\windows\System32\iepeers.dll
+ 2010-08-29 19:33 . 2010-06-30 06:21 381440 c:\windows\System32\iedkcs32.dll
- 2010-06-11 08:34 . 2010-05-06 12:41 381440 c:\windows\System32\iedkcs32.dll
+ 2009-07-14 04:33 . 2010-08-30 08:31 338384 c:\windows\System32\FNTCACHE.DAT
- 2009-07-14 04:33 . 2010-07-30 17:59 338384 c:\windows\System32\FNTCACHE.DAT
+ 2009-08-14 11:15 . 2009-08-14 11:15 134312 c:\windows\System32\ElbyVCD.dll
+ 2009-07-14 04:50 . 2010-08-26 09:51 143360 c:\windows\System32\DriverStore\infstrng.dat
- 2009-07-14 04:50 . 2010-07-29 12:21 143360 c:\windows\System32\DriverStore\infstrng.dat
- 2009-07-14 04:50 . 2010-07-29 12:06 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2009-07-14 04:50 . 2010-08-26 09:51 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2010-08-17 20:11 . 2007-10-26 12:16 327680 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\Tutorial.exe
+ 2010-08-17 20:11 . 2007-10-26 11:56 241664 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\SynZMetr.exe
+ 2010-08-17 20:11 . 2007-10-26 12:10 942080 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\SynTPCpl.dll
+ 2010-08-17 20:11 . 2007-10-26 12:09 102400 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\SynTPCOM.dll
+ 2010-08-17 20:11 . 2007-10-26 12:38 110592 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\SynTPCo4.dll
+ 2010-08-17 20:11 . 2007-10-26 12:09 147456 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\SynTPAPI.dll
+ 2010-08-17 20:11 . 2007-10-26 12:39 193456 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\SynTP.sys
+ 2010-08-17 20:11 . 2007-10-26 11:55 233472 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\SynMood.exe
+ 2010-08-17 20:11 . 2007-10-26 12:38 626688 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\SynISDLL.dll
+ 2010-08-17 20:11 . 2007-10-26 12:01 196608 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\SynCtrl.dll
+ 2010-08-17 20:11 . 2007-10-26 12:01 163840 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\SynCOM.dll
+ 2010-08-17 20:11 . 2007-10-26 12:39 124200 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\InstNT.exe
+ 2009-09-15 10:18 . 2009-09-15 10:18 675840 c:\windows\System32\DriverStore\FileRepository\netw5v32.inf_x86_neutral_623f5ad76a7ab25e\NETw5c32.dll
+ 2009-09-15 10:18 . 2009-09-15 10:18 675840 c:\windows\System32\DriverStore\FileRepository\netw5s32.inf_x86_neutral_4d01512e952160fd\NETw5c32.dll
+ 2010-02-19 19:28 . 2010-08-29 19:32 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-02-19 19:28 . 2010-08-17 09:27 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:41 . 2010-08-30 09:05 163840 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:47 . 2010-08-30 08:23 315112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-13 20:46 . 2009-06-10 21:23 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-08-29 19:33 . 2010-05-20 22:49 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-08-29 19:33 . 2010-05-20 22:49 995160 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 995160 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-08-23 17:43 . 2010-08-23 17:43 461312 c:\windows\Installer\1ef35b5.msi
+ 2010-08-23 17:43 . 2010-08-23 17:43 147456 c:\windows\Installer\1ef35b1.msi
+ 2010-08-30 10:22 . 2010-08-30 10:22 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\1eab6ceaf2bc688df423255ff9490d60\WsatConfig.ni.exe
+ 2010-08-30 10:22 . 2010-08-30 10:22 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\d3ab00af09cebaa9eeef352712b6f6bf\WindowsFormsIntegration.ni.dll
+ 2010-08-30 08:33 . 2010-08-30 08:33 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f050ef6d97c0102333ded4d8d58ffa4e\UIAutomationTypes.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\b3fbd794181d7b93b807a5e74991b0f9\UIAutomationClient.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\3118353bd1e1ba3f065418d837bd479e\TaskScheduler.ni.dll
+ 2010-08-30 10:21 . 2010-08-30 10:21 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\cc523d58068d01f874b18e665d49eb67\System.Xml.Linq.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\2f84c918be2ff7e390120c18237443c9\System.Web.Routing.ni.dll
+ 2010-08-30 08:35 . 2010-08-30 08:35 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\be061062b2a6666ead57322f7fb7206f\System.Web.RegularExpressions.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\601a34c1001a27c2da41d78b6b5b40a3\System.Web.Extensions.Design.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\19fefac6b36bd2522901f7703e001fce\System.Web.Entity.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\62d687b818bd0195618e632016c7dbf7\System.Web.Entity.Design.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ca2575f5c34b0abf8e8e23b7f390e611\System.Web.DynamicData.ni.dll
+ 2010-08-30 10:21 . 2010-08-30 10:21 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\8b4af536857e71fca6a33bc24b8b89d2\System.Web.Abstractions.ni.dll
+ 2010-08-30 08:34 . 2010-08-30 08:34 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\c744f0f95227e75796b8689801740d4b\System.Transactions.ni.dll
+ 2010-08-30 08:35 . 2010-08-30 08:35 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6b8b76b26be7d7f4c3d1cb644811a2ef\System.ServiceProcess.ni.dll
+ 2010-08-30 08:33 . 2010-08-30 08:33 680960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5025c0c5e7134226b2fc0c4bdabf67ef\System.Security.ni.dll
+ 2010-08-30 08:33 . 2010-08-30 08:33 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d35d360c6e410684be7ea9fd0a8e6b53\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-30 08:34 . 2010-08-30 08:34 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6728ef6a4c4b41eec6af6f48a7109457\System.Runtime.Remoting.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\c9c7532609177f639fac55991c882d1f\System.Net.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\50583e3d9a03c78b8107b826068f4541\System.Messaging.ni.dll
+ 2010-08-30 10:16 . 2010-08-30 10:16 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\758e0ce53c80a7ad7cf76a4910d27762\System.Management.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\9d42bf7e1d49e083bf8ca3dc44ee2b19\System.Management.Instrumentation.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8dd494a51a34de9bb8dc459287fe01bc\System.IO.Log.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\1a8dbe792bff04609faff69f9327630f\System.IdentityModel.Selectors.ni.dll
+ 2010-08-30 08:34 . 2010-08-30 08:34 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7e94064464380c8a5d7315c8b5d312aa\System.EnterpriseServices.Wrapper.dll
+ 2010-08-30 08:34 . 2010-08-30 08:34 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7e94064464380c8a5d7315c8b5d312aa\System.EnterpriseServices.ni.dll
+ 2010-08-30 08:35 . 2010-08-30 08:35 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\0964202aa721ad3fc6f4d3d9d93dbf52\System.Drawing.Design.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 887808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\cd5561592e50ed277e3b1a45d529c1a4\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-30 08:35 . 2010-08-30 08:35 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\689d9df56dfa4978b2593c43d4e94cdd\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1d2e67b4b6908a0119966021363b7dc\System.Data.Services.Design.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b7d5d32033299d1e34180f80aeb71748\System.Data.Services.Client.ni.dll
+ 2010-08-30 10:21 . 2010-08-30 10:21 762880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f9230f56cf1a71f9af2e9b4e8f823d1a\System.Data.Entity.Design.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b35e8ee9e538de0ce43719f73aca5833\System.Data.DataSetExtensions.ni.dll
+ 2010-08-30 08:32 . 2010-08-30 08:32 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
+ 2010-08-30 08:35 . 2010-08-30 08:35 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\69cfb623bd8b1bc7dbad276f82019dcb\System.Configuration.Install.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\85b263ee17ce8086d74c45fed21c1180\System.AddIn.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\999b0b3c1e99cdf46f6afbb7daf1ae49\sysglobl.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\cb96e1d6de2c7a0c2d518761d6d139b2\SMSvcHost.ni.exe
+ 2010-08-30 10:17 . 2010-08-30 10:17 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9de488bf62eebca425759ea94d9a70e8\SMDiagnostics.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 295424 c:\windows\assembly\NativeImages_v2.0.50727_32\SecurityAuditPolici#\b22968de990db604cf987f597aac524f\SecurityAuditPoliciesSnapIn.ni.dll
+ 2010-08-30 08:35 . 2010-08-30 08:35 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\caa7dd69e03dada6747085a5f2d4fb0c\PresentationFramework.Aero.ni.dll
+ 2010-08-30 08:35 . 2010-08-30 08:35 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9da2c4ccbf8dead2507879555e600ab7\PresentationFramework.Classic.ni.dll
+ 2010-08-30 08:35 . 2010-08-30 08:35 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\645eac5513e6a5587dd3f334d9fab4c2\PresentationFramework.Royale.ni.dll
+ 2010-08-30 08:35 . 2010-08-30 08:35 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aa86db18e6c85f0b6144ca8b6de9b52\PresentationFramework.Luna.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\c26b8bd37831c8ec8e74365a91492fc5\napsnap.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\31d4aa4ab7644c761f3282fef4dbc5e7\napinit.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\05238736304f9b2c5f451607ab71ae18\naphlpr.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\b6e1a1590a2fcf08ed4145fb92357391\MSBuild.ni.exe
+ 2010-08-30 10:18 . 2010-08-30 10:18 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\02600010d899e4abfd49e6dd18b94738\MMCFxCommon.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 531456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\ea8b88af652eb8082578cdca393a4bcf\Microsoft.WSMan.Management.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\528fb7c1f755e446a1ed500d1b58ebd4\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 837120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\e9ca451725c058a979a37b4308b7d2ce\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 157184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\b45fa2234d221f9bb7c55a384f1cdb82\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 187392 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\9ca8aced3602f7862c36210108c54edc\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 210944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\4409b5849787db4963bf7e7aa63db009\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f6348b0de59c9de42d5d6ae71d511763\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c16b32cadfcc2b5caf6259693655a740\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b9a59377784c8283d217f4ca65b3ac9b\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b83901768935aa231c768dd1a72dcdb7\Microsoft.PowerShell.Security.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2f2d57e89dbdc62cffb0e7a0e15bf58b\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 849920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\e6f9e2231f38135bca640268cb97bbf1\Microsoft.MediaCenter.Shell.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 740864 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\bcb5dd83610f0529b940f33563b96f0f\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 142848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\b7e12ed754808f347bf1f8e7590deb4d\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 229888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\65af99930cf1daa25032d2e98200d543\Microsoft.MediaCenter.iTv.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4c122ac7c1a47fd0d98038a6f2fa84fb\Microsoft.MediaCenter.Playback.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 105472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\3f77b7a25454bea3881ba1e01f5dffdb\Microsoft.MediaCenter.Mheg.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\3d79f49402afb52ffec9478cfc4fc733\Microsoft.MediaCenter.Interop.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 705024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\1182b73e6af790734c8c32f9365d56aa\Microsoft.MediaCenter.Sports.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\117653722679370f9b5da66807886739\Microsoft.ManagementConsole.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 286208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\340d7608310f04d472cdf49db6b10fec\Microsoft.GroupPolicy.Interop.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 455168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\21c923e0332038ee12e3d8504ac37b16\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\757d1a493508c965f98e23807e226f72\Microsoft.Build.Utilities.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6466be199d39a2af445708e711095775\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8f3a62f35106a0a83f7b1be20142f5b6\Microsoft.Build.Engine.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0f63bf412ade976b62296fe9b9bec6f4\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 316928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\d0afb1b00eeb64c2789a9ba31ead05d2\Microsoft.ApplicationId.Framework.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 587264 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\b866336e70f648e81968c22e3feb1410\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 250880 c:\windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\1f8f66772bddf57999819178e765fe94\Mcx2Dvcs.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 380928 c:\windows\assembly\NativeImages_v2.0.50727_32\mcupdate\98b32dd223378a9b5c65e9add10c4322\mcupdate.ni.exe
+ 2010-08-30 10:17 . 2010-08-30 10:17 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\8db5f1bdfd98e7697887a3d9e46e593c\mcstoredb.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 371712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcplayerinterop\69018b8888fd8696818d14ab91c698c5\mcplayerinterop.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\mcGlidHostObj\02d6d4f62eb24848dec52aff09a02fa9\mcGlidHostObj.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 107520 c:\windows\assembly\NativeImages_v2.0.50727_32\MCESidebarCtrl\66bc300ccbab3d26bc35c123be665ee1\MCESidebarCtrl.ni.dll
+ 2010-08-30 10:16 . 2010-08-30 10:16 170496 c:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\be6fde9e4dbe4483b2d9882741988b89\IsdiInterop.ni.dll
+ 2010-08-30 10:16 . 2010-08-30 10:16 452608 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0664a6848ef021d7b6dd973ee06c537e\IAStorUtil.ni.dll
+ 2010-08-30 10:16 . 2010-08-30 10:16 176640 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\c53463dfea629fc197674ad280b74be7\IAStorDataMgr.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\a19346462fbc57a1f768822f8a426509\EventViewer.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\7feb48c52ec5dd79f2723e5db45a3b42\ehRecObj.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 202752 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\383bac4c0ccf08b1d29cee81bed3ceac\ehiWUapi.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 340480 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\57ac449b151cd332165d5b6bfd74c0ad\ehiwmp.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\7b090f44759f417f0e110a5c1365fdf2\ehiVidCtl.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\ada5e4f7f382d574dd0b1ebdd1dcd8b6\ehiProxy.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\1cdffc23520c3688e9ac6fafdf18f0ae\ehiExtens.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 257536 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\118280a4259f58ab46f2583c0563bff6\ehExtHost.ni.exe
+ 2010-08-30 10:17 . 2010-08-30 10:17 223744 c:\windows\assembly\NativeImages_v2.0.50727_32\ehCIR\9f4a441b157b4ee850a46392791d6cdc\ehCIR.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\149c74602e3720d5e12fd34691793f45\CustomMarshalers.ni.dll
+ 2010-08-30 10:16 . 2010-08-30 10:16 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\0026d2a5ef652dd0f2ffafc5c6be0e5a\ComSvcConfig.ni.exe
+ 2010-08-30 10:16 . 2010-08-30 10:16 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\f5a64e44170e235bc89a46b4129deaad\BDATunePIA.ni.dll
+ 2010-08-30 10:16 . 2010-08-30 10:16 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\9950d80cbdcff8521c7a46d5da53a68b\AspNetMMCExt.ni.dll
+ 2010-08-29 19:33 . 2010-05-20 22:43 5822800 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.1.7600.20717_none_f00fcbf704dccba1\mscorwks.dll
+ 2010-08-29 19:33 . 2010-05-20 22:49 5816656 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.1.7600.16597_none_06e5752aeb2e3602\mscorwks.dll
+ 2010-08-29 19:33 . 2010-05-20 22:43 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7600.20717_none_8568fd099755671c\mscorlib.dll
+ 2010-08-29 19:33 . 2010-05-20 22:49 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7600.16597_none_9c3ea63d7da6d17d\mscorlib.dll
+ 2010-08-23 17:43 . 2010-05-23 10:11 1619456 c:\windows\winsxs\x86_microsoft-windows-wmvdecod_31bf3856ad364e35_6.1.7600.20717_none_c3382cfa5a86be34\WMVDECOD.DLL
+ 2010-08-23 17:43 . 2010-05-23 10:15 1619456 c:\windows\winsxs\x86_microsoft-windows-wmvdecod_31bf3856ad364e35_6.1.7600.16597_none_c2580ee941aa00cb\WMVDECOD.DLL
+ 2010-08-29 19:33 . 2010-06-19 04:13 2327552 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20738_none_b98c82d514ccb6c0\win32k.sys
+ 2010-08-29 19:33 . 2010-06-19 04:07 2326016 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16617_none_b9178597fb9fc5bd\win32k.sys
+ 2010-08-29 19:33 . 2010-06-14 06:06 1288576 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
+ 2010-08-29 19:33 . 2010-06-14 06:12 1286016 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
+ 2010-08-29 19:33 . 2010-06-19 06:37 3909512 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntoskrnl.exe
+ 2010-08-29 19:33 . 2010-06-19 06:37 3964800 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntkrnlpa.exe
+ 2010-08-29 19:33 . 2010-06-19 06:33 3899784 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntoskrnl.exe
+ 2010-08-29 19:33 . 2010-06-19 06:33 3955080 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntkrnlpa.exe
+ 2010-08-29 19:33 . 2010-06-08 05:00 1233920 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.20728_none_891219a11113f34b\msxml3.dll
+ 2010-08-29 19:33 . 2010-06-08 06:02 1233920 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.16605_none_889b1bcff7e8cf9a\msxml3.dll
+ 2010-08-23 17:43 . 2010-05-23 10:10 3181568 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7600.20717_none_9d0cd7e486f8464a\mf.dll
+ 2010-08-23 17:43 . 2010-05-23 10:11 3181568 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7600.16597_none_9c2cb9d36e1b88e1\mf.dll
+ 2010-08-29 19:33 . 2010-06-30 06:15 5972992 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_2e889224137c3085\mshtml.dll
+ 2010-08-29 19:33 . 2010-06-30 06:22 5971456 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_2e149530fa4e58d9\mshtml.dll
+ 2010-08-29 19:33 . 2010-06-30 06:18 1227264 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7600.20745_none_d0289763c81ca0bc\urlmon.dll
+ 2010-08-29 19:33 . 2010-06-30 06:25 1226240 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7600.16625_none_cfb49a70aeeec910\urlmon.dll
+ 2010-08-29 19:33 . 2010-06-30 06:25 1226240 c:\windows\System32\urlmon.dll
- 2009-07-14 02:03 . 2010-08-15 15:47 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-08-31 00:44 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-09-15 10:19 . 2009-09-15 10:19 2756608 c:\windows\System32\NETw5r32.dll
- 2009-06-02 21:20 . 2008-06-20 17:33 2756608 c:\windows\System32\NETw5r32.dll
+ 2010-08-29 19:33 . 2010-06-30 06:22 5971456 c:\windows\System32\mshtml.dll
+ 2010-08-17 20:11 . 2006-03-09 07:58 1060424 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\WdfCoInstaller01000.dll
+ 2010-08-17 20:11 . 2007-10-26 12:16 4898816 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\SynTPRes.dll
+ 2010-08-17 20:11 . 2007-10-26 12:39 1029416 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\SynTPEnh.exe
+ 2010-08-17 20:11 . 2007-10-26 12:02 4866048 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_ebae3f58d31de02e\DellTpad.exe
+ 2010-05-31 09:58 . 2010-05-31 09:58 6638080 c:\windows\System32\DriverStore\FileRepository\netw5v32.inf_x86_neutral_623f5ad76a7ab25e\NETw5v32.sys
+ 2009-09-15 10:19 . 2009-09-15 10:19 2756608 c:\windows\System32\DriverStore\FileRepository\netw5v32.inf_x86_neutral_623f5ad76a7ab25e\NETw5r32.dll
+ 2010-05-31 10:04 . 2010-05-31 10:04 6766080 c:\windows\System32\DriverStore\FileRepository\netw5s32.inf_x86_neutral_4d01512e952160fd\NETw5s32.sys
+ 2009-09-15 10:19 . 2009-09-15 10:19 2756608 c:\windows\System32\DriverStore\FileRepository\netw5s32.inf_x86_neutral_4d01512e952160fd\NETw5r32.dll
+ 2010-05-31 09:58 . 2010-05-31 09:58 6638080 c:\windows\System32\drivers\NETw5v32.sys
+ 2010-02-19 19:24 . 2010-08-30 09:05 1916928 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:34 . 2010-08-30 08:33 4452719 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:34 . 2010-08-09 18:56 4452719 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-07-09 22:54 . 2010-08-30 08:23 2097128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2919384447-1011665479-2549125033-1000-8192.dat
+ 2010-08-29 19:33 . 2010-05-20 22:49 5816656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-08-29 19:33 . 2010-05-20 22:49 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-08-23 17:46 . 2010-08-23 17:46 6148608 c:\windows\Installer\1ef35d9.msi
+ 2010-08-23 17:45 . 2010-08-23 17:45 1077248 c:\windows\Installer\1ef35d5.msi
+ 2010-08-23 17:45 . 2010-08-23 17:45 1473536 c:\windows\Installer\1ef35d1.msi
+ 2010-08-23 17:44 . 2010-08-23 17:44 8321024 c:\windows\Installer\1ef35c5.msi
+ 2010-08-23 17:44 . 2010-08-23 17:44 1063936 c:\windows\Installer\1ef35c1.msi
+ 2010-08-23 17:44 . 2010-08-23 17:44 2314240 c:\windows\Installer\1ef35bd.msi
+ 2010-08-23 17:44 . 2010-08-23 17:44 3986944 c:\windows\Installer\1ef35b9.msi
+ 2010-08-23 17:43 . 2010-08-23 17:43 1850368 c:\windows\Installer\1ef35ad.msi
+ 2010-08-23 17:43 . 2010-08-23 17:43 4680704 c:\windows\Installer\1ef35a9.msi
+ 2010-08-23 17:43 . 2010-08-23 17:43 9612288 c:\windows\Installer\1ef35a5.msi
+ 2010-08-23 17:43 . 2010-08-23 17:43 7366656 c:\windows\Installer\1ef35a1.msi
+ 2010-08-23 17:42 . 2010-08-23 17:42 5480448 c:\windows\Installer\1ef359d.msi
+ 2010-08-30 08:33 . 2010-08-30 08:33 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3c0fbe23fa37ca50fea3dbe200b40f7a\WindowsBase.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\316d55123fabfb1b92b6364d294ccf65\UIAutomationClientsideProviders.ni.dll
+ 2010-08-30 08:32 . 2010-08-30 08:32 7949312 c:\windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
+ 2010-08-30 08:32 . 2010-08-30 08:32 5452800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\db5e1eda18f1fe201916f197f88cf819\System.WorkflowServices.ni.dll
+ 2010-08-30 08:36 . 2010-08-30 08:36 1914880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6cbcd0f5f64db318f682ee3be29df125\System.Workflow.Runtime.ni.dll
+ 2010-08-30 08:36 . 2010-08-30 08:36 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\7f793e614c5430e51ed902a5c71c2982\System.Workflow.ComponentModel.ni.dll
+ 2010-08-30 08:35 . 2010-08-30 08:35 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\54c2b168fd76ce84666c0a5241a9d0fa\System.Workflow.Activities.ni.dll
+ 2010-08-30 08:35 . 2010-08-30 08:35 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ee24fe21a061801bb923bdc23c96388d\System.Web.Services.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\50766874720f812ab8f37c45940b1640\System.Web.Mobile.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 2400768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\0119cf02155b33d89fca6687c3e03705\System.Web.Extensions.ni.dll
+ 2010-08-30 10:22 . 2010-08-30 10:22 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\d9d7b2b31f2139f7f8ec4679a21bcdb0\System.Speech.ni.dll
+ 2010-08-30 10:21 . 2010-08-30 10:21 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5f1a3bdc51fdea45f367be500582ab41\System.ServiceModel.Web.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\86d34fbd2a7c582105eb53cbbd55c29e\System.Runtime.Serialization.ni.dll
+ 2010-08-30 08:34 . 2010-08-30 08:34 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\86e1b89eec4df3c10e5ed8bf20b80ebd\System.Printing.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 8871936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\1f989227a5dc6c495b2062f59be3610e\System.Management.Automation.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 1072128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1fe7db1174c0c3269ce34d949e201ad0\System.IdentityModel.ni.dll
+ 2010-08-30 08:33 . 2010-08-30 08:33 1586688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll
+ 2010-08-30 08:34 . 2010-08-30 08:34 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\86d99a77ba6496b2300d9e347373fdd9\System.DirectoryServices.ni.dll
+ 2010-08-30 08:33 . 2010-08-30 08:33 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\17acef277a65333d0cd2003266af184d\System.Deployment.ni.dll
+ 2010-08-30 08:34 . 2010-08-30 08:34 6618624 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\935ac020241e59cab3287d5eb38c592d\System.Data.ni.dll
+ 2010-08-30 08:33 . 2010-08-30 08:33 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f7e995e1a099c38dacf8f2aac311e14b\System.Data.SqlXml.ni.dll
+ 2010-08-30 10:21 . 2010-08-30 10:21 1328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\77726e357d83ad9a52bfa585f13b05cb\System.Data.Services.ni.dll
+ 2010-08-30 08:35 . 2010-08-30 08:35 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\bb7f3d86b4b443ee73293fa666a5f7ab\System.Data.OracleClient.ni.dll
+ 2010-08-30 10:21 . 2010-08-30 10:21 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\6e6ded3ee35572638262578c00afd4dc\System.Data.Linq.ni.dll
+ 2010-08-30 10:21 . 2010-08-30 10:21 9921024 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6e9445f6c035f07b31a86296f4e2be3f\System.Data.Entity.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\b1a619266964bede98b18ef83eb1c559\System.Core.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 1351168 c:\windows\assembly\NativeImages_v2.0.50727_32\SrpUxSnapIn\8b59d5d58aeeaa4c89e252b559c91a6d\SrpUxSnapIn.ni.dll
+ 2010-08-30 08:34 . 2010-08-30 08:34 2147328 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\05460c4c17dba17e4c3c81ae4a42bf8a\ReachFramework.ni.dll
+ 2010-08-30 08:34 . 2010-08-30 08:34 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a7cea5d83f3ae698470a1393a30242db\PresentationUI.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 1449984 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\a3bcad5eb6d5b5dd1942f2ce44a67b5b\PresentationBuildTasks.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\4295b54ee21bfef1e972e14000ed2039\Narrator.ni.exe
+ 2010-08-30 10:20 . 2010-08-30 10:20 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\87b1ca611b5c770217555e9d78ff726f\MMCEx.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\9a681a81acd5e696d4315ebfa51a359a\MIGUIControls.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\72d87531f055ba39b1fc43d6efbd2a0e\Microsoft.VisualBasic.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\976f7d50a8d1d8bbe74b11679e784185\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ddabdd83f2727a3d37001ca299cf8a87\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 1705472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9b72e5e5525c410c2964199aa4bf4dd0\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2010-08-30 10:20 . 2010-08-30 10:20 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\60fc2cef7a33dd1b62b6c23bb713b942\Microsoft.PowerShell.Editor.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 1125376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\6e56e6ce312a5b8f3953edb6a34edd96\Microsoft.MediaCenter.Bml.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\65ad4440cc44e031d7f3c3035e47ac4d\Microsoft.MediaCenter.UI.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\049a14f41fb305aa47e5c91d43f0d613\Microsoft.MediaCenter.ni.dll
+ 2010-08-30 10:16 . 2010-08-30 10:16 2332672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\0972a4acf48e3732ede5a7f13745f517\Microsoft.JScript.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\5196e176b6eade8e55e30404f6842a48\Microsoft.Ink.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 4071424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\4c9171427e1e274dafad232787ad0689\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a6e90a53a09e50dda9122b432f48e275\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\0d33e9ce3f1f04cf48bff4c2dfb9f4eb\Microsoft.Build.Tasks.ni.dll
+ 2010-08-30 10:19 . 2010-08-30 10:19 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ff7ebb17690b1ccc7ee8c6cfa2d107b8\Microsoft.Build.Engine.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 2031104 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\b177c57b6d37399f5695495c433f5aee\mcstore.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 3317248 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\3c3b667ce7e131de010af3338fffbaff\mcepg.ni.dll
+ 2010-08-29 19:33 . 2010-05-20 22:49 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-08-29 19:33 . 2010-06-30 06:14 10986496 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.20745_none_7fe7ec279f71beb2\ieframe.dll
+ 2010-08-29 19:33 . 2010-06-30 06:21 10985472 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.16625_none_7f73ef348643e706\ieframe.dll
+ 2009-07-14 07:18 . 2010-08-29 19:50 27549672 c:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin
+ 2010-02-19 16:35 . 2010-08-03 18:09 35962312 c:\windows\System32\MRT.exe
+ 2010-08-29 19:33 . 2010-06-30 06:21 10985472 c:\windows\System32\ieframe.dll
+ 2010-08-23 17:45 . 2010-08-23 17:45 21329920 c:\windows\Installer\1ef35c9.msi
+ 2010-08-18 22:32 . 2010-08-18 22:32 14008320 c:\windows\Installer\1c6a742.msi
+ 2010-08-24 08:47 . 2010-06-15 08:15 41095168 c:\windows\Installer\_{D16A2127-B927-4379-B153-3DEC091E4EEB}\Intel PROSet Wireless.msi
+ 2010-08-30 08:33 . 2010-08-30 08:33 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll
+ 2010-08-30 08:35 . 2010-08-30 08:35 11804160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\064483cd86ddba6c78dd32732f6fd351\System.Web.ni.dll
+ 2010-08-30 10:17 . 2010-08-30 10:17 17400320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\5a355674c42773b646b5238853a2015d\System.ServiceModel.ni.dll
+ 2010-08-30 08:35 . 2010-08-30 08:35 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\cadfe0acc38aa5a20b52ddf22917688c\System.Design.ni.dll
+ 2010-08-30 08:34 . 2010-08-30 08:34 14322688 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e58e5346c3d0c341258f7c276a99121\PresentationFramework.ni.dll
+ 2010-08-30 08:33 . 2010-08-30 08:33 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74f3fc09a810d9b704a80ee8c18d9d04\PresentationCore.ni.dll
+ 2010-08-30 08:32 . 2010-08-30 08:32 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
+ 2010-08-30 10:18 . 2010-08-30 10:18 18682880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\128d45b2b670b1450ad6f25f47cead02\ehshell.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auslogics BoostSpeed"="d:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe" [2009-11-04 480368]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-08-10 4217720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-11-20 87144]
"Daemon"="c:\program files\HP\HP Wireless Vector Mouse\TSR\xDaemon.exe" [2008-07-18 352256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"RivaTunerStartupDaemon"="d:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R0 sptd;sptd;c:\windows\\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;d:\program files\Icecast2 Win32\icecastService.exe [2008-05-24 417792]
R3 cpuz130;cpuz130;c:\users\PARESS~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-07-19 259440]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-04-26 3826032]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-05-11 20072]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 Mintpad Service;Mintpad Service;c:\windows\system32\mppspsv.exe [2010-02-21 107384]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-05-31 6638080]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\Auslogics Console Defragmentation.job
- d:\program files\Auslogics\Auslogics BoostSpeed\cdefrag.exe [2010-02-28 10:08]

2010-08-30 c:\windows\Tasks\Auslogics Disk Defrag Start On Logon.job
- d:\program files\Auslogics\Auslogics BoostSpeed\DiskDefrag.exe [2010-02-28 10:08]
.
.
------- Supplementary Scan -------
.
IE: ??? ?? - c:\program files\naver\NaverToolbar\NaverTB_3_5_3_40.dll /SEARCH.HTML
IE: ??? ????? - c:\program files\naver\NaverToolbar\NaverTB_3_5_3_40.dll /BOOKMARK.HTML
IE: ??? ??? ?? - c:\program files\naver\NaverToolbar\NaverTB_3_5_3_40.dll /BLOG.HTML
IE: ??? ?? ?? - c:\program files\naver\NaverToolbar\NaverTB_3_5_3_40.dll /DIC.HTML
IE: ??? ????? ???? - c:\program files\naver\NaverToolbar\NaverTB_3_5_3_40.dll /OPENCAST.HTML
IE: ??? ?? ?? - c:\program files\naver\NaverToolbar\NaverTB_3_5_3_40.dll /JKTRANS.HTML
DPF: {1A65149A-82B3-4633-9E3D-4DC37FB93FB9} - hxxp://www.mintpass.com/sapphire/bin/sapphire.CAB
DPF: {78730E49-511E-4AE3-8E4F-84E2EA240397} - hxxp://www.mintpass.com/sapphire/bin/sapphire.CAB
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxps://members.hangame.com/common/HanSetup1030.cab
FF - ProfilePath - c:\users\Paresse Appropriée\AppData\Roaming\Mozilla\Firefox\Profiles\r8hp02zg.default\
FF - prefs.js: browser.search.selectedEngine - WR English-French
FF - component: c:\users\Paresse Appropriée\AppData\Roaming\Mozilla\Firefox\Profiles\r8hp02zg.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: d:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\program files\Opera\program\plugins\NPSibelius.dll
FF - plugin: d:\program files\Opera\program\plugins\NPSibelius.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\program files\VideoLAN2\VLC\npvlc.dll

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2919384447-1011665479-2549125033-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:ed,7e,91,9c,73,04,89,2d,0d,76,fa,aa,be,fb,00,78,38,b0,07,39,7a,
f9,af,fd,5d,12,22,63,c2,60,e9,5b,e7,2d,97,4d,b0,4a,69,19,d2,0e,24,35,50,09,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-08-31 03:03:44
ComboFix-quarantined-files.txt 2010-08-31 01:03
ComboFix2.txt 2010-08-17 09:47

Pre-Run: 13,557,108,736 bytes free
Post-Run: 13,435,744,256 bytes free

- - End Of File - - 8444D5D7311946425701124DB705E72D


The OTL Files : OTL.txt

OTL logfile created on: 8/31/2010 3:07:06 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Paresse Appropriée\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 12.57 Gb Free Space | 42.91% Space Free | Partition Type: NTFS
Drive D: | 109.63 Gb Total Space | 7.66 Gb Free Space | 6.98% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.26 Gb Free Space | 62.63% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 506.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARESSEAPPROPRI
Current User Name: Paresse Appropriée
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/31 03:06:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Paresse Appropriée\Desktop\OTL.exe
PRC - [2010/07/29 21:39:20 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010/07/29 21:39:20 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010/07/26 20:23:11 | 000,014,808 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/26 20:23:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/02/21 11:58:41 | 000,107,384 | ---- | M] (Quarkpoint Co.) -- C:\Windows\System32\mppspsv.exe
PRC - [2009/11/04 12:08:52 | 000,480,368 | ---- | M] (Auslogics) -- D:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
PRC - [2009/11/04 12:08:52 | 000,330,352 | ---- | M] (Auslogics) -- D:\Program Files\Auslogics\Auslogics BoostSpeed\DiskDefrag.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/22 17:54:14 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2009/07/22 17:53:44 | 002,736,128 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
PRC - [2009/07/21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/06/17 13:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/05/13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe


========== Modules (SafeList) ==========

MOD - [2010/08/31 03:06:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Paresse Appropriée\Desktop\OTL.exe
MOD - [2009/07/14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/07/29 21:39:20 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/07/28 13:22:30 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/19 14:59:54 | 000,259,440 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2010/07/10 17:01:11 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/24 14:59:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/26 23:25:27 | 003,826,032 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/21 11:58:41 | 000,107,384 | ---- | M] (Quarkpoint Co.) [Auto | Running] -- C:\Windows\System32\mppspsv.exe -- (Mintpad Service)
SRV - [2009/07/22 17:54:14 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009/07/22 17:53:44 | 002,736,128 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2009/07/21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/05/24 15:02:50 | 000,417,792 | ---- | M] () [Auto | Stopped] -- d:\Program Files\Icecast2 Win32\icecastService.exe -- (Icecast-trunk)
SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSKD24.SYS -- (JRSKD24)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PARESS~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\PARESS~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - [2010/07/21 20:36:54 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2010/06/22 15:52:47 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/06/22 15:52:47 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/05/31 11:58:34 | 006,638,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel®
DRV - [2010/05/11 12:00:34 | 000,020,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/05/01 14:05:04 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/03/03 19:33:26 | 000,435,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/12/18 00:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/08/22 20:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- d:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/08/09 23:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/07/14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpipmi.sys.bak -- (AcpiPmi)
DRV - [2009/07/14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 00:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/14 00:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/14 00:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/07/14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/07/14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/05/11 10:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/10/26 14:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/10/10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/03/05 19:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/10/30 10:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2005/08/10 16:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/08/11 10:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2919384447-1011665479-2549125033-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2919384447-1011665479-2549125033-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 49 E5 2D 17 20 CB 01 [binary data]
IE - HKU\S-1-5-21-2919384447-1011665479-2549125033-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "WR English-French"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.3.7
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {6E1A2A2E-AE2A-4A26-A812-46F54288379E}:3.6.0
FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2010/07/26 20:23:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: d:\Program Files\Mozilla Firefox\plugins [2010/08/15 12:38:14 | 000,000,000 | ---D | M]

[2010/02/19 12:45:08 | 000,000,000 | ---D | M] -- C:\Users\Paresse Appropriée\AppData\Roaming\Mozilla\Extensions
[2010/08/30 16:49:15 | 000,000,000 | ---D | M] -- C:\Users\Paresse Appropriée\AppData\Roaming\Mozilla\Firefox\Profiles\r8hp02zg.default\extensions
[2010/07/26 13:13:08 | 000,000,000 | ---D | M] (Full Flat) -- C:\Users\Paresse Appropriée\AppData\Roaming\Mozilla\Firefox\Profiles\r8hp02zg.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}
[2010/04/07 16:55:53 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\Paresse Appropriée\AppData\Roaming\Mozilla\Firefox\Profiles\r8hp02zg.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010/07/26 13:13:40 | 000,000,000 | ---D | M] (Black Stratini) -- C:\Users\Paresse Appropriée\AppData\Roaming\Mozilla\Firefox\Profiles\r8hp02zg.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
[2010/08/18 14:23:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Paresse Appropriée\AppData\Roaming\Mozilla\Firefox\Profiles\r8hp02zg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/22 11:13:15 | 000,000,000 | ---D | M] (Yoono) -- C:\Users\Paresse Appropriée\AppData\Roaming\Mozilla\Firefox\Profiles\r8hp02zg.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2010/07/30 18:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paresse Appropriée\AppData\Roaming\Mozilla\Firefox\Profiles\r8hp02zg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/26 12:54:21 | 000,000,000 | ---D | M] -- C:\Users\Paresse Appropriée\AppData\Roaming\Mozilla\Firefox\Profiles\r8hp02zg.default\extensions\piclens@cooliris.com
[2010/08/25 11:35:02 | 000,002,600 | ---- | M] () -- C:\Users\Paresse Appropriée\AppData\Roaming\Mozilla\Firefox\Profiles\r8hp02zg.default\searchplugins\wr-english-french.xml

O1 HOSTS File: ([2010/08/17 11:42:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-2919384447-1011665479-2549125033-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Daemon] C:\Program Files\HP\HP Wireless Vector Mouse\TSR\xDaemon.exe ()
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] D:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] d:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2919384447-1011665479-2549125033-1000..\Run: [Auslogics BoostSpeed] D:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe (Auslogics)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2919384447-1011665479-2549125033-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2919384447-1011665479-2549125033-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {1A65149A-82B3-4633-9E3D-4DC37FB93FB9} http://www.mintpass.com/sapphire/bin/sapphire.CAB (SapphireAx Class)
O16 - DPF: {78730E49-511E-4AE3-8E4F-84E2EA240397} http://www.mintpass.com/sapphire/bin/sapphire.CAB (SListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} https://members.hangame.com/common/HanSetup1030.cab (HanSetupCtrl1010 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/16 14:58:36 | 000,000,000 | ---D | M] - D:\autotele -- [ NTFS ]
O32 - AutoRun File - [2001/04/18 17:23:00 | 000,000,041 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2919384447-1011665479-2549125033-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-2919384447-1011665479-2549125033-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/08/31 03:06:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Paresse Appropriée\Desktop\OTL.exe
[2010/08/31 03:03:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/31 03:03:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/31 02:52:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/31 02:52:00 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/31 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\Paresse Appropriée\Desktop\GooredFix Backups
[2010/08/31 02:42:53 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Paresse Appropriée\Desktop\GooredFix.exe
[2010/08/29 21:33:43 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/29 21:33:43 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/29 21:33:43 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/29 21:33:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/29 21:33:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/29 21:33:42 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/29 21:33:42 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/29 21:33:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/29 21:33:41 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/08/29 21:33:41 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/29 21:33:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/29 21:33:36 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/29 21:33:25 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/29 21:33:25 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/28 12:24:06 | 001,207,120 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Paresse Appropriée\Desktop\TDSSKiller.exe
[2010/08/24 00:10:27 | 000,000,000 | ---D | C] -- C:\Users\Paresse Appropriée\AppData\Roaming\vlc
[2010/08/23 19:49:31 | 000,000,000 | ---D | C] -- C:\Users\Paresse Appropriée\Tracing
[2010/08/23 19:45:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/08/23 19:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/08/23 19:43:48 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/08/23 19:43:48 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2010/08/23 19:43:47 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2010/08/23 19:42:18 | 000,000,000 | ---D | C] -- C:\Users\Paresse Appropriée\AppData\Local\Windows Live
[2010/08/23 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/08/17 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/08/17 22:11:44 | 000,196,608 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynCtrl.dll
[2010/08/17 22:11:44 | 000,193,456 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys
[2010/08/17 22:11:44 | 000,163,840 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynCOM.dll
[2010/08/17 22:11:44 | 000,147,456 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynTPAPI.dll
[2010/08/17 22:11:44 | 000,110,592 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynTPCo4.dll
[2010/08/17 22:11:42 | 000,000,000 | ---D | C] -- C:\dell
[2010/08/17 11:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010/08/17 11:40:01 | 000,000,000 | ---D | C] -- C:\Device
[2010/08/17 11:39:32 | 000,000,000 | ---D | C] -- C:\Users\Paresse Appropriée\AppData\Local\temp
[2010/08/16 09:04:26 | 000,000,000 | ---D | C] -- C:\Users\Paresse Appropriée\AppData\Roaming\WinPatrol
[2010/08/16 09:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/08/16 08:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/16 08:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/16 08:24:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/16 08:24:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/16 08:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/15 19:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/08/15 19:32:27 | 000,000,000 | ---D | C] -- C:\Users\Paresse Appropriée\AppData\Roaming\SystemRequirementsLab
[2010/08/15 15:50:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
[2010/08/15 15:30:39 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/08/15 15:30:39 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/08/15 15:30:39 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/08/15 15:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/08/15 13:49:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/15 13:49:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/15 13:49:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/15 13:48:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/15 13:45:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/15 12:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/15 12:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/15 12:41:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/15 12:41:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/15 12:41:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/08/15 12:38:14 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/08/15 11:40:08 | 000,000,000 | ---D | C] -- C:\Users\Paresse Appropriée\AppData\Local\Adobe
[2010/08/14 11:50:58 | 000,000,000 | ---D | C] -- C:\Users\Paresse Appropriée\AppData\Local\Apple
[2010/08/13 12:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/08/12 13:00:21 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Paresse Appropriée\Desktop\TFC.exe
[2010/08/12 12:39:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010/08/11 14:09:05 | 000,000,000 | ---D | C] -- C:\Users\Paresse Appropriée\Documents\TmForever
[2010/08/11 14:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever
[2010/08/10 19:44:38 | 000,049,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sirenacm.dll
[2010/08/08 12:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/08/05 10:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010/08/05 10:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2010/08/05 10:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Softwin

========== Files - Modified Within 30 Days ==========

[2010/08/31 03:07:05 | 002,883,584 | ---- | M] () -- C:\Users\Paresse Appropriée\NTUSER.DAT
[2010/08/31 03:06:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Paresse Appropriée\Desktop\OTL.exe
[2010/08/31 03:01:24 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/31 02:48:14 | 003,831,151 | R--- | M] () -- C:\Users\Paresse Appropriée\Desktop\ComboFix.exe
[2010/08/31 02:42:57 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Paresse Appropriée\Desktop\GooredFix.exe
[2010/08/31 02:16:03 | 000,020,096 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 02:16:03 | 000,020,096 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/30 10:31:52 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\Auslogics Disk Defrag Start On Logon.job
[2010/08/30 10:31:32 | 000,338,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/30 10:31:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/30 10:31:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/30 10:30:44 | 1609,187,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/30 10:23:04 | 001,490,361 | -H-- | M] () -- C:\Users\Paresse Appropriée\AppData\Local\IconCache.db
[2010/08/28 21:56:26 | 000,000,768 | ---- | M] () -- C:\Users\Paresse Appropriée\Desktop\StreamTorrent 1.0.lnk
[2010/08/28 12:37:47 | 000,080,384 | ---- | M] () -- C:\Users\Paresse Appropriée\Desktop\MBRCheck.exe
[2010/08/28 12:34:10 | 000,133,632 | ---- | M] () -- C:\Users\Paresse Appropriée\Desktop\RKUnhookerLE.EXE
[2010/08/27 08:54:52 | 001,207,120 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Paresse Appropriée\Desktop\TDSSKiller.exe
[2010/08/26 11:51:41 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010/08/26 11:45:31 | 000,000,043 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/08/26 11:34:05 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/08/26 02:36:38 | 000,000,040 | ---- | M] () -- C:\Users\Paresse Appropriée\defogger_reenable
[2010/08/25 08:00:18 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Auslogics Console Defragmentation.job
[2010/08/24 00:10:06 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/19 00:33:37 | 000,000,608 | ---- | M] () -- C:\Users\Paresse Appropriée\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/17 22:12:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/08/17 20:25:57 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/17 20:25:57 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/17 20:25:57 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/17 12:58:07 | 000,525,824 | ---- | M] () -- C:\Users\Paresse Appropriée\Desktop\dds.scr
[2010/08/17 12:53:51 | 000,050,477 | ---- | M] () -- C:\Users\Paresse Appropriée\Desktop\Defogger.exe
[2010/08/17 11:42:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/16 08:24:20 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/15 15:30:44 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/08/12 13:00:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Paresse Appropriée\Desktop\TFC.exe
[2010/08/11 14:04:13 | 000,000,709 | ---- | M] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2010/08/10 19:44:38 | 000,049,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sirenacm.dll
[2010/08/06 12:58:46 | 000,012,728 | ---- | M] (SoftForum Corporation) -- C:\Windows\System32\JRSUKD25.SYS
[2010/08/05 11:01:48 | 000,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin
[2010/08/05 10:36:05 | 000,000,435 | ---- | M] () -- C:\Windows\win.ini
[2010/08/05 10:29:17 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv

========== Files Created - No Company Name ==========

[2010/08/31 02:48:10 | 003,831,151 | R--- | C] () -- C:\Users\Paresse Appropriée\Desktop\ComboFix.exe
[2010/08/28 21:56:26 | 000,000,768 | ---- | C] () -- C:\Users\Paresse Appropriée\Desktop\StreamTorrent 1.0.lnk
[2010/08/28 12:37:47 | 000,080,384 | ---- | C] () -- C:\Users\Paresse Appropriée\Desktop\MBRCheck.exe
[2010/08/28 12:34:09 | 000,133,632 | ---- | C] () -- C:\Users\Paresse Appropriée\Desktop\RKUnhookerLE.EXE
[2010/08/26 11:51:41 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010/08/26 11:44:10 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/08/24 00:10:06 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/17 22:12:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/08/17 22:11:45 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010/08/17 13:00:03 | 000,293,376 | ---- | C] () -- C:\Users\Paresse Appropriée\Desktop\gmer.exe
[2010/08/17 12:58:05 | 000,525,824 | ---- | C] () -- C:\Users\Paresse Appropriée\Desktop\dds.scr
[2010/08/17 12:54:04 | 000,000,040 | ---- | C] () -- C:\Users\Paresse Appropriée\defogger_reenable
[2010/08/17 12:53:50 | 000,050,477 | ---- | C] () -- C:\Users\Paresse Appropriée\Desktop\Defogger.exe
[2010/08/16 08:24:20 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/15 15:30:44 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/08/15 13:49:12 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/15 13:49:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/15 13:49:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/15 13:49:12 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/15 13:49:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/11 14:04:13 | 000,000,709 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2010/08/05 10:47:52 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2010/06/22 15:52:47 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/06/22 15:52:47 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/06/06 13:45:43 | 000,002,876 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/05/19 22:21:51 | 000,017,408 | ---- | C] () -- C:\Users\Paresse Appropriée\AppData\Local\WebpageIcons.db
[2010/05/10 20:19:12 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/04/05 00:39:58 | 000,015,872 | ---- | C] () -- C:\Users\Paresse Appropriée\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/04 23:46:18 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/03/07 14:16:23 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2010/03/07 14:16:23 | 000,031,232 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2010/03/07 14:16:23 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2010/03/02 23:17:25 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/03/02 23:17:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/02/28 19:38:59 | 000,000,017 | ---- | C] () -- C:\Users\Paresse Appropriée\AppData\Local\resmon.resmoncfg
[2010/02/27 15:59:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/02/20 11:16:31 | 000,000,986 | ---- | C] () -- C:\Users\Paresse Appropriée\AppData\Roaming\MPQEditor.ini
[2010/02/19 12:51:59 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 01:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll
[2008/10/22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
< End of report >

And Extra.txt :

OTL Extras logfile created on: 8/31/2010 3:07:06 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Paresse Appropriée\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 12.57 Gb Free Space | 42.91% Space Free | Partition Type: NTFS
Drive D: | 109.63 Gb Total Space | 7.66 Gb Free Space | 6.98% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.26 Gb Free Space | 62.63% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 506.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARESSEAPPROPRI
Current User Name: Paresse Appropriée
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2919384447-1011665479-2549125033-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN2\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN2\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "d:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "d:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "d:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00450E05-6F4C-42E5-9598-02CF18378FEA}" = Windows Live ID Sign-in Assistant
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{19DD26A7-F0DD-472E-887F-44128C31163C}" = Windows Live Messenger
"{1F6EA8AD-BF95-45FE-9B71-35ECFA109EE1}" = Ma-Config.com
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3A81D825-184F-4ED4-9B1F-8E7E40B63617}" = Windows Live Photo Common Beta
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{41A15ABD-081B-43DC-91A5-8727265E8D77}" = Windows Live Photo Common
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D40C773-18B8-4521-8D3C-2C9DD6EF1303}" = Windows Live UX Platform Language Pack
"{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}" = OpenOffice.org 3.2
"{4F88F5D8-767A-4EB4-9AFA-A7CBCC69D767}" = Windows Live SOXE
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{52CDDA92-56B6-4BA5-BD8D-E13B186008CB}" = D3DX10
"{54488589-76BC-4A3F-AC4F-71EBAD657850}" = Windows Live Communications Platform
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{617182E1-79DE-4964-BD0F-108ABAC2DB13}" = HP Wireless Vector Mouse Driver
"{66069562-D3AF-4515-B1FD-7EE4DE5CE7D2}" = Windows Live PIMT Platform
"{672D0014-71A9-45EF-B10E-DEF7426961A6}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79347C9E-3647-4542-845A-62F3914083BA}" = Windows Live Messenger
"{7E432D8D-D78A-44A8-9FE8-B8942F7FD01F}" = Windows Live UX Platform
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91973772-A002-446D-8A67-B410553AD8F9}" = Windows Live SOXE Definitions
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.3 - Français
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies™ Stunts & Effects
"{C0A30BAA-295D-4F7F-8776-FD09FD57E2E2}" = Windows Live Installer
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F196BCB8-1F5D-4F56-AD51-9E911D507BAB}" = Windows Live Bêta
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnalogX AnonyMac" = AnalogX AnonyMac
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Diablo II" = Diablo II
"FBDBServer_2_1_is1" = Firebird 2.1.3.18185 (Win32)
"HanSetup" = ??? ?? ????
"Icecast2 Win32_is1" = Icecast 2.3.2
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.5
"knik_xeq" = XEQ Winamp plugin (remove only)
"LucasArts' Grim Fandango" = LucasArts' Grim Fandango
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 13" = Maple 13
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NaverToolbar" = ³×À̹ö Åø¹Ù
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Reason4_is1" = Reason 4.0
"ReCycle v2.1" = ReCycle v2.1
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Soulseek2" = SoulSeek 157 NS 13e
"ST6UNST #1" = Hero Editor V1.03
"StreamTorrent 1.0" = StreamTorrent 1.0
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SynTPDeinstKey" = Dell Touchpad
"TmNationsForever_is1" = TmNationsForever
"TodaeMCE_CulturePub" = Todae - Media Center - CulturePub
"TodaeMCE_Radio" = Todae - Media Center - Radio
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.3
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Bêta
"WinPatrol" = WinPatrol
"WinRAR archiver" = Logiciel d'archivage WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2919384447-1011665479-2549125033-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Applet Prox" = Applet Prox
"Facebook Plug-In" = Facebook Plug-In
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/14/2010 5:40:56 AM | Computer Name = ParesseAppropri | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 8/14/2010 5:40:56 AM | Computer Name = ParesseAppropri | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 8/14/2010 7:22:08 AM | Computer Name = ParesseAppropri | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 8/14/2010 7:22:08 AM | Computer Name = ParesseAppropri | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 8/14/2010 9:02:07 AM | Computer Name = ParesseAppropri | Source = EventSystem | ID = 4621
Description =

Error - 8/14/2010 5:45:51 PM | Computer Name = ParesseAppropri | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\common
files\adobe air\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\program
files\common files\adobe air\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 8/15/2010 6:37:28 AM | Computer Name = ParesseAppropri | Source = VSS | ID = 8193
Description =

Error - 8/15/2010 6:40:25 AM | Computer Name = ParesseAppropri | Source = VSS | ID = 8193
Description =

Error - 8/15/2010 7:26:10 AM | Computer Name = ParesseAppropri | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 8/15/2010 7:26:10 AM | Computer Name = ParesseAppropri | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

[ Media Center Events ]
Error - 7/11/2010 4:38:59 AM | Computer Name = ParesseAppropri | Source = MCUpdate | ID = 0
Description = 10:38:59 AM - Error connecting to the internet. 10:38:59 AM - Unable
to contact server..

Error - 7/11/2010 4:39:29 AM | Computer Name = ParesseAppropri | Source = MCUpdate | ID = 0
Description = 10:39:28 AM - Error connecting to the internet. 10:39:28 AM - Unable
to contact server..

Error - 7/19/2010 1:35:14 AM | Computer Name = ParesseAppropri | Source = MCUpdate | ID = 0
Description = 7:35:13 AM - Error connecting to the internet. 7:35:14 AM - Unable
to contact server..

Error - 7/19/2010 1:35:23 AM | Computer Name = ParesseAppropri | Source = MCUpdate | ID = 0
Description = 7:35:19 AM - Error connecting to the internet. 7:35:19 AM - Unable
to contact server..

Error - 7/19/2010 2:35:42 AM | Computer Name = ParesseAppropri | Source = MCUpdate | ID = 0
Description = 8:35:42 AM - Error connecting to the internet. 8:35:42 AM - Unable
to contact server..

Error - 7/19/2010 2:35:48 AM | Computer Name = ParesseAppropri | Source = MCUpdate | ID = 0
Description = 8:35:47 AM - Error connecting to the internet. 8:35:47 AM - Unable
to contact server..

Error - 7/19/2010 3:36:08 AM | Computer Name = ParesseAppropri | Source = MCUpdate | ID = 0
Description = 9:36:08 AM - Error connecting to the internet. 9:36:08 AM - Unable
to contact server..

Error - 7/19/2010 3:36:14 AM | Computer Name = ParesseAppropri | Source = MCUpdate | ID = 0
Description = 9:36:13 AM - Error connecting to the internet. 9:36:13 AM - Unable
to contact server..

Error - 7/19/2010 4:36:33 AM | Computer Name = ParesseAppropri | Source = MCUpdate | ID = 0
Description = 10:36:33 AM - Error connecting to the internet. 10:36:33 AM - Unable
to contact server..

Error - 7/19/2010 4:36:39 AM | Computer Name = ParesseAppropri | Source = MCUpdate | ID = 0
Description = 10:36:38 AM - Error connecting to the internet. 10:36:38 AM - Unable
to contact server..

[ System Events ]
Error - 7/28/2010 8:02:33 AM | Computer Name = ParesseAppropri | Source = Application Popup | ID = 875
Description = Driver sfdrv01.sys has been blocked from loading.

Error - 7/28/2010 8:02:56 AM | Computer Name = ParesseAppropri | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 7/28/2010 8:03:01 AM | Computer Name = ParesseAppropri | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfdrv01 sfsync02

Error - 7/28/2010 9:51:39 AM | Computer Name = ParesseAppropri | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 7/28/2010 12:19:08 PM | Computer Name = ParesseAppropri | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 7/28/2010 4:56:24 PM | Computer Name = ParesseAppropri | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 7/28/2010 5:01:36 PM | Computer Name = ParesseAppropri | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 7/29/2010 4:33:01 AM | Computer Name = ParesseAppropri | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 7/29/2010 4:56:23 AM | Computer Name = ParesseAppropri | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 7/29/2010 6:52:41 AM | Computer Name = ParesseAppropri | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >


All done !

Once again thanks in advance and for the tremendous work your doing here smile.gif

#12 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:54 AM

Posted 31 August 2010 - 09:03 PM

Hello Kolqhoz,

QUOTE
I checked if Avira real-time protection was enabled on disk drive C: and it indeed was
do you think I should reinstall Avira on disk C: ?

It is up to you. As long as you have full time protection on the drive Windows is installed on you should be good to go. I personally have Avira installed on my C: drive then set to scan all other drives/partitions.

Step. 1

I need you to uninstall some programs.

For Microsoft Windows 7

1. From the Start menu, select Control Panel.
2. In Large or Small icon view, click Programs and Features. If you're using Category view, under "Programs", click Uninstall a program.
3. Select the program you want to remove, and click Uninstall. Alternatively, right-click the program and select Uninstall.

Please uninstall these programs:

Java™ 6 Update 16
³×À̹ö Åø¹Ù

Step. 2

I see you have MBAM installed. thumbup2.gif
    Open MBAM
  • Click on the UpdateTab before performing a scan. Click on the Check for Updates button. If an update is found, the program will automatically update itself. After the update press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Step. 3

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
<<Note: If ESET finds nothing there will be no log produced

Step. 4

I would like to see another DDS.txt and Attach.txt logs. If DDS is no longer on your desktop
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

In your next reply please let me know about uninstalling those programs and include the following:

MBAM log
ESET report
DDS.txt <---- Will be maximized
Attach.txt <---- Will be minimized


How is your computer running now? Any problems?

Thanks!!
PW

#13 Kolqhoz

Kolqhoz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 01 September 2010 - 03:38 PM

Hi pwgib,

here is the MBAM Log :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4524

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/1/2010 8:54:42 PM
mbam-log-2010-09-01 (20-54-42).txt

Scan type: Quick scan
Objects scanned: 133198
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The DDS log file :


DDS (Ver_10-03-17.01) - NTFSx86
Run by Paresse Appropri‚e at 22:28:09.09 on Wed 09/01/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1128 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\HP\HP Wireless Vector Mouse\TSR\xDaemon.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\Program Files\Auslogics\Auslogics BoostSpeed\DiskDefrag.exe
D:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
d:\Program Files\Icecast2 Win32\icecastService.exe
C:\Windows\system32\mppspsv.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Paresse Appropriée\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Auslogics BoostSpeed] d:\program files\auslogics\auslogics boostspeed\boostspeed.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Daemon] c:\program files\hp\hp wireless vector mouse\tsr\xDaemon.exe
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RivaTunerStartupDaemon] "d:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /S
mRun: [VirtualCloneDrive] "d:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [DelJump] cmd.exe /C del /S /Q "c:\users\paresse appropriée\appdata\local\temp\008535d1\NJUninst.exe"
mRunOnce: [DelJumpDLL] cmd.exe /C del /S /Q "c:\program files\naver\NaverToolbar"
mRunOnce: [DelJumpUserInfo] cmd.exe /C del /S /Q "c:\users\paresse appropriée\appdata\locallow\naver\NaverToolbar"
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
DPF: {1A65149A-82B3-4633-9E3D-4DC37FB93FB9} - hxxp://www.mintpass.com/sapphire/bin/sapphire.CAB
DPF: {78730E49-511E-4AE3-8E4F-84E2EA240397} - hxxp://www.mintpass.com/sapphire/bin/sapphire.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxps://members.hangame.com/common/HanSetup1030.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\paress~1\appdata\roaming\mozilla\firefox\profiles\r8hp02zg.default\
FF - component: c:\users\paresse appropriée\appdata\roaming\mozilla\firefox\profiles\r8hp02zg.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\users\paresse appropriã©e\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\paresse appropriã©e\appdata\roaming\mozilla\firefox\profiles\r8hp02zg.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: d:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\program files\opera\program\plugins\NPSibelius.dll
FF - plugin: d:\program files\opera\program\plugins\NPSibelius.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: d:\program files\videolan2\vlc\npvlc.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
d:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2010-8-15 11608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-2-19 73728]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\avira\antivir desktop\sched.exe [2010-8-15 108289]
R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2010-8-15 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-15 56816]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-7-29 20072]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbguard.exe [2010-4-16 81920]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-5-2 13336]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;d:\program files\icecast2 win32\icecastService.exe [2010-4-8 417792]
R2 Mintpad Service;Mintpad Service;c:\windows\system32\mppspsv.exe [2010-2-21 107384]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbserver.exe [2010-4-16 2736128]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-5-31 6638080]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-7-19 259440]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]

=============== Created Last 30 ================

2010-09-01 18:57:00 0 d-----w- c:\program files\ESET
2010-09-01 16:13:45 269463701 ----a-w- c:\windows\MEMORY.DMP
2010-08-31 01:03:01 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-23 17:49:31 0 d-----w- c:\users\paresse appropriée\Tracing
2010-08-23 17:45:41 0 d-----w- c:\windows\PCHEALTH
2010-08-23 17:43:48 3181568 ----a-w- c:\windows\system32\mf.dll
2010-08-23 17:43:48 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-08-23 17:43:47 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-08-23 17:42:18 0 d-----w- c:\program files\common files\Windows Live
2010-08-17 20:12:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-08-17 20:12:01 0 d-----w- c:\program files\Synaptics
2010-08-17 20:11:45 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2010-08-17 20:11:44 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2010-08-17 20:11:44 193456 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-08-17 20:11:44 163840 ----a-w- c:\windows\system32\SynCOM.dll
2010-08-17 20:11:44 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-08-17 20:11:44 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-08-17 20:11:42 0 d-----w- C:\dell
2010-08-17 10:54:04 40 ----a-w- c:\users\paresse appropriée\defogger_reenable
2010-08-17 09:59:14 0 d-----w- c:\program files\DAEMON Tools Toolbar
2010-08-17 09:40:01 0 d-----w- C:\Device
2010-08-16 07:04:26 0 d-----w- c:\users\paress~1\appdata\roaming\WinPatrol
2010-08-16 07:04:18 0 d-----w- c:\program files\BillP Studios
2010-08-16 06:36:48 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-16 06:36:48 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 06:24:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 06:24:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 06:24:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 17:32:30 0 d-----w- c:\program files\SystemRequirementsLab
2010-08-15 13:30:39 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-15 13:30:38 0 d-----w- c:\programdata\Avira
2010-08-15 11:49:12 98816 ----a-w- c:\windows\sed.exe
2010-08-15 11:49:12 77312 ----a-w- c:\windows\MBR.exe
2010-08-15 11:49:12 256512 ----a-w- c:\windows\PEV.exe
2010-08-15 11:49:12 161792 ----a-w- c:\windows\SWREG.exe
2010-08-15 10:45:35 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-15 10:38:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-13 10:25:04 0 d-----w- c:\program files\HP
2010-08-11 12:09:05 0 d-----w- c:\programdata\TmForever
2010-08-10 17:44:38 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-08-08 10:24:10 0 d-----w- c:\program files\MSXML 4.0
2010-08-05 08:56:40 0 d-----w- c:\program files\Sunbelt Software
2010-08-05 08:55:17 0 d-----w- c:\programdata\Sunbelt
2010-08-05 08:47:52 81984 ----a-w- c:\windows\system32\bdod.bin
2010-08-05 08:28:02 0 d-----w- c:\program files\common files\Softwin

==================== Find3M ====================

2010-09-01 20:27:58 2883584 ----a-w- c:\users\paresse appropriée\NTUSER.DAT
2010-08-28 10:27:41 78416 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2010-08-26 09:34:05 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-06 10:58:46 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-07-29 19:39:20 209280 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-07-29 09:50:03 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-29 09:50:03 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 11:45:28 1364 ----a-w- c:\windows\system32\drivers\hosts
2010-07-21 18:36:54 173648 ----a-w- c:\windows\system32\drivers\rdyboost.sys
2010-07-16 11:32:23 677176 ----a-w- c:\windows\system32\CKSetup32.exe
2010-07-16 11:32:23 124216 ----a-r- c:\windows\system32\CKAgent.exe
2010-07-15 01:54:24 542096 ----a-w- c:\windows\system32\NJUninst.exe
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-20 17:21:28 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-06 12:31:12 34155 ----a-w- c:\windows\DIIUnin.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-06-02 17:19:00 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:28:43.17 ===============


ESET Online scan didn't find any threats on my computer.

My computer seems normal, no more popups or redirection, it even seemed to reboot a little faster and internet pages load faster too. I didn't get any errors or unloaded dlls errors while booting. All seems well at the moment but your expertise will provide further details I guess.

Anyway thank you for the job you've done so far and thank in advance for the job you haven't done yet smile.gif

Attached Files



#14 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:54 AM

Posted 02 September 2010 - 09:03 PM

Hello Kolqhoz,

Do you use the Naver Toolbar? Did you install it? Did you try to uninstall Naver Toolbar in Add/Remove programs?

Is there an entry for Naver Toolbar in Start | All Programs and if so is there an uninstaller listed?


Thanks!!
PW

#15 Kolqhoz

Kolqhoz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 03 September 2010 - 03:46 PM

Hi pwgib,

No I don't use the naver toolbar and there isn't any entry in the start|All programs nor in add/remove program lists. However I think I know where it could come from.

I installed a game called "Continent of the ninth" which is in bêta testing and I think the naver toolbar came along. The fact is that "Continent of the ninth" is a korean game (developped by Hangame) and naver is the biggest South Korean search engine, i think this may be linked ^^

Since I am used to Hangame games and I trust them (though I don't use the naver toolbar), do you think I should still uninstall it ? If yes, can you help me remove it ?

Thanks in advance smile.gif

Edit : Further research proved that naver and hangame merged into one big company : NHN (Next human network) so i guess this is no threat to care about (maybe, I'm only guessing ^^), maybe you could provide more details about the solemnity of the threat.

Edited by Kolqhoz, 03 September 2010 - 03:54 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users