Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just another Google redirect problem.


  • This topic is locked This topic is locked
9 replies to this topic

#1 mourn

mourn

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 01 December 2010 - 06:26 PM

Same issues everyone else is having with this malware, really. It seems to be fairly widespread-- my roommate has it, and the ratio of these requests to others on this forum seems quite high. I have no idea how I got it, but what I do know is that it's a nuisance to have to copy the URL Google provides rather than just following the link. Another interesting bit of information is that the redirects don't happen in Internet Explorer-- only in Firefox. (I'm using the latest non-beta, by the way.) Also, thanks for your help in advance. I really appreciate what you guys are doing here.
Anyway, to the good part:


DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by zonk at 17:07:22.82 on Wed 12/01/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2546 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
C:\Windows\system32\lxdwcoms.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\WinService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe
C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\zonk\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi0.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi0.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [ESEA Client] C:\Program Files (x86)\ESEA\ESEA Client\eseaclient.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\zonk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BTGUAR~1.LNK - C:\BTGUARD\settings.exe
StartupFolder: C:\Users\zonk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
mRun-x64: [lxdwmon.exe] "C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe"
mRun-x64: [EzPrint] "C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe"
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\9ty1byx7.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: XULRunner: {CF1C8366-321E-4B3A-B636-011BF7C4F4EE} - C:\Windows\system32\config\systemprofile\AppData\Local\{CF1C8366-321E-4B3A-B636-011BF7C4F4EE}\
FF - HiddenExtension: XULRunner: {E2FE3AE1-2265-4DCB-8581-0C96C474B4E2} - C:\Users\zonk\AppData\Local\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: XULRunner: {CF1C8366-321E-4B3A-B636-011BF7C4F4EE} - C:\Windows\system32\config\systemprofile\AppData\Local\{CF1C8366-321E-4B3A-B636-011BF7C4F4EE}
FF - Extension: XULRunner: {E2FE3AE1-2265-4DCB-8581-0C96C474B4E2} - C:\Users\zonk\AppData\Local\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2}

============= SERVICES / DRIVERS ===============

R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2010-3-27 25312]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-28 203264]
R2 HerculesDJControlMP3;Hercules DJ Control MP3;C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2010-11-28 20480]
R2 lxdw_device;lxdw_device;C:\Windows\system32\lxdwcoms.exe -service --> C:\Windows\system32\lxdwcoms.exe -service [?]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-8 5009920]
R2 SCM_Service;SCM_Service;C:\Windows\SysWOW64\WinService.exe [2010-3-27 180224]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-28 7883264]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-28 285696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-8-16 116240]
R3 Bulk;HDJBulk;C:\Windows\System32\drivers\HDJBulk.sys [2010-11-28 154112]
R3 HDJMidi;DJ Control MP3 e2 MIDI;C:\Windows\System32\drivers\HDJMidi.sys [2010-11-28 144896]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2010-2-20 58528]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe --> c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [?]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdwserv.exe [2010-4-27 33960]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2010-11-11 46136]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2010-2-20 955680]
S3 hxctlflt;hxctlflt;C:\Windows\System32\drivers\hxctlflt.sys [2009-2-8 111104]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\System32\drivers\motodrv.sys [2009-5-8 53632]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2010-3-27 340992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-11 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

=============== Created Last 30 ================

2010-12-01 20:04:12 -------- d-----w- C:\Program Files (x86)\ESET
2010-12-01 19:48:12 -------- d-----w- C:\_OTL
2010-12-01 06:55:37 388096 ----a-r- C:\Users\zonk\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-12-01 04:49:04 -------- d-----w- C:\Users\zonk\AppData\Roaming\Malwarebytes
2010-12-01 04:48:59 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-01 04:48:58 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-01 04:48:55 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-01 04:48:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-01 04:37:22 0 ----a-w- C:\Users\zonk\AppData\Local\Gkidupapoxulodi.bin
2010-12-01 03:46:12 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{B0329816-450A-470A-AF6C-4F8406E15B73}\mpengine.dll
2010-12-01 03:44:59 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2010-12-01 03:44:57 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-12-01 03:42:28 -------- d-----w- C:\Users\zonk\AppData\Local\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2}
2010-11-30 16:32:15 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{2268AB9D-4DD0-42F5-8489-3B5BC1200F1F}\mpengine.dll
2010-11-30 06:53:59 -------- d-----w- C:\Program Files (x86)\VirtualDJ
2010-11-30 02:22:53 -------- dc-h--w- C:\PROGRA~3\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}
2010-11-30 02:22:44 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
2010-11-30 02:22:37 -------- d-----w- C:\PROGRA~3\Native Instruments
2010-11-30 02:22:34 -------- dc-h--w- C:\PROGRA~3\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}
2010-11-30 02:21:43 -------- dc-h--w- C:\PROGRA~3\{1E8C7AE2-4367-4069-9771-8176841822C4}
2010-11-30 02:20:42 -------- dc-h--w- C:\PROGRA~3\{1E073424-A3F8-474B-A503-A99428594527}
2010-11-30 02:20:35 -------- dc-h--w- C:\PROGRA~3\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2010-11-30 02:20:33 -------- d-----w- C:\Program Files\Common Files\Native Instruments
2010-11-24 07:53:40 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 07:53:40 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-19 04:18:55 -------- d-----w- C:\Program Files\glassfish-3.0.1
2010-11-19 04:15:42 -------- d-----w- C:\Program Files\NetBeans 6.9.1
2010-11-17 19:32:38 -------- d-----w- C:\Program Files (x86)\JRE
2010-11-17 19:29:26 -------- d-----w- C:\Program Files (x86)\OpenOffice.org
2010-11-17 03:30:31 -------- d-----w- C:\Program Files (x86)\MixMeister BPM Analyzer
2010-11-11 20:50:29 -------- d-----w- C:\Users\zonk\AppData\Local\AMD
2010-11-11 20:50:00 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2010-11-11 01:16:02 -------- d-----w- C:\Program Files (x86)\AMD
2010-11-11 01:15:17 -------- d-----w- C:\Users\zonk\AppData\Local\Downloaded Installations
2010-11-10 18:49:36 135568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-11-09 22:53:56 -------- d-----w- C:\Users\zonk\AppData\Roaming\TS3Client
2010-11-09 22:53:49 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2010-11-09 06:44:05 -------- d-----w- C:\Users\zonk\AppData\Local\Activision
2010-11-07 23:14:23 -------- d-----w- C:\Program Files (x86)\CDisplay
2010-11-06 21:56:55 -------- d-----w- C:\PROGRA~3\Sunbelt
2010-11-06 21:56:54 -------- d-----w- C:\Users\zonk\AppData\Roaming\Sunbelt
2010-11-06 21:56:10 45656 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2010-11-06 21:56:10 27472 ----a-w- C:\Windows\System32\sbbd.exe
2010-11-06 21:56:06 -------- d-----w- C:\Program Files (x86)\Sunbelt Software
2010-11-06 21:18:34 -------- d-----w- C:\Users\zonk\AppData\Local\ODUI
2010-11-06 21:18:22 -------- d-----w- C:\Users\zonk\AppData\Roaming\Stardock
2010-11-06 21:18:17 -------- d-----w- C:\Users\zonk\AppData\Local\Stardock
2010-11-05 04:37:47 -------- d-----w- C:\Program Files\Eclipse
2010-11-03 23:49:49 -------- d-----w- C:\Users\zonk\AppData\Local\Microsoft Games

==================== Find3M ====================

2010-11-08 23:08:37 233960 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2010-11-08 23:08:37 233960 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-14 07:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 07:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2010-10-07 00:21:27 2601752 ----a-w- C:\Windows\SysWow64\pbsvc_moh.exe
2010-10-01 22:28:11 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-10-01 22:28:11 2373712 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2010-09-29 02:26:12 7883264 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-09-29 02:13:38 21344256 ----a-w- C:\Windows\System32\atio6axx.dll
2010-09-29 01:56:14 16201728 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-09-29 01:55:12 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-09-29 01:55:02 536576 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-09-29 01:54:02 628224 ----a-w- C:\Windows\System32\aticfx64.dll
2010-09-29 01:51:52 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-09-29 01:51:46 462336 ----a-w- C:\Windows\System32\atieclxx.exe
2010-09-29 01:51:08 203264 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-09-29 01:49:58 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-09-29 01:49:42 421376 ----a-w- C:\Windows\System32\atipdl64.dll
2010-09-29 01:49:34 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-09-29 01:49:24 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-09-29 01:49:18 12288 ----a-w- C:\Windows\System32\atimuixx.dll
2010-09-29 01:49:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-09-29 01:49:08 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-09-29 01:46:06 3953152 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-09-29 01:37:28 4660224 ----a-w- C:\Windows\System32\atidxx64.dll
2010-09-29 01:30:02 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-09-29 01:28:00 4077568 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-09-29 01:27:22 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-09-29 01:27:20 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-09-29 01:27:12 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-09-29 01:27:10 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-09-29 01:27:00 5470720 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-09-29 01:26:04 4407808 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-09-29 01:23:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-09-29 01:22:56 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-09-29 01:21:54 5240832 ----a-w- C:\Windows\System32\atiumd64.dll
2010-09-29 01:15:20 340480 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-09-29 01:15:12 241664 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-09-29 01:15:02 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-09-29 01:14:58 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-09-29 01:14:58 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-09-29 01:14:56 21504 ----a-w- C:\Windows\System32\atig6txx.dll
2010-09-29 01:14:52 19968 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-09-29 01:14:48 285696 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-09-29 01:14:06 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-09-29 01:14:00 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-09-29 01:13:54 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-09-29 01:13:44 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-09-29 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-09-29 01:09:32 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-09-29 01:09:32 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-09-29 01:09:24 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-09-29 01:09:24 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-09-15 09:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-14 03:08:39 11264 ------w- C:\Program Files (x86)\lp_plugin.exe
2010-09-14 03:08:34 940032 ------w- C:\Program Files (x86)\dbghelp.dll
2010-09-14 03:07:07 2330624 ------w- C:\Program Files (x86)\LaunchPad.exe
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 17:08:34.61 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:24 PM

Posted 08 December 2010 - 12:09 PM

Hi mourn, and welcome to Bleeping Computer.

Another interesting bit of information is that the redirects don't happen in Internet Explorer-- only in Firefox.

Malicious Add-ons for Firefox are visible in the DDS log...

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 mourn

mourn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 08 December 2010 - 02:42 PM

[OTL.txt]
OTL logfile created on: 12/8/2010 12:34:13 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\zonk\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 269.69 Gb Free Space | 38.61% Space Free | Partition Type: NTFS

Computer Name: ZONK-PC | User Name: zonk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/08 12:21:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\zonk\Desktop\OTL.exe
PRC - [2010/12/08 12:19:15 | 000,011,600 | ---- | M] (Microsoft Corporation) -- C:\Users\zonk\My Documents\Visual Studio 2010\Projects\WindowsFormsApplication1\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.vshost.exe
PRC - [2010/10/27 00:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/27 00:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/01 16:28:11 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/08/31 22:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/02/25 23:10:20 | 021,979,992 | ---- | M] () -- C:\Users\zonk\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/02/18 11:24:32 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009/12/23 15:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/09/09 11:04:46 | 000,131,752 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe
PRC - [2009/09/09 11:04:44 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe
PRC - [2007/09/13 15:35:08 | 001,261,568 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007/07/17 14:48:16 | 000,180,224 | ---- | M] () -- C:\Windows\SysWOW64\WinService.exe
PRC - [2007/02/08 01:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LComMgr\Communications_Helper.exe


========== Modules (SafeList) ==========

MOD - [2010/12/08 12:21:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\zonk\Desktop\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 19:16:20 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2009/07/13 19:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 19:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/07/13 19:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [Auto | Stopped] -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2010/09/28 19:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/12/08 12:25:45 | 005,009,920 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/08/19 09:47:30 | 001,044,136 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdwcoms.exe -- (lxdw_device)
SRV:64bit: - [2009/08/19 09:47:24 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdwserv.exe -- (lxdwCATSCustConnectService)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/21 12:16:02 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2010/11/08 11:10:52 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/01 16:28:11 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 15:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/12/15 14:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/08/19 09:47:13 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdwcoms.exe -- (lxdw_device)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/17 14:48:16 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\WinService.exe -- (SCM_Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys -- (LVcKap64)
DRV:64bit: - [2010/09/28 20:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/09/28 20:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/28 19:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/08/16 04:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/13 22:42:58 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/04 15:13:36 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/02 10:33:12 | 000,144,896 | ---- | M] (© Guillemot R&D, 2009. All rights reserved.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HDJMidi.sys -- (HDJMidi)
DRV:64bit: - [2009/10/02 10:33:06 | 000,154,112 | ---- | M] (© Guillemot R&D, 2009. All rights reserved.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HDJBulk.sys -- (Bulk)
DRV:64bit: - [2009/09/30 08:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/07 11:22:08 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\habu.sys -- (HabuFltr)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/10 12:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (androidusb)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 10:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/04/22 12:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/02/08 21:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2007/12/26 09:46:26 | 000,340,992 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187)
DRV:64bit: - [2007/02/03 10:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/03 10:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV:64bit: - [2007/01/19 02:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 CE 98 7F 0E 91 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CF1C8366-321E-4B3A-B636-011BF7C4F4EE}:1.9.1
FF - prefs.js..extensions.enabledItems: {E2FE3AE1-2265-4DCB-8581-0C96C474B4E2}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{CF1C8366-321E-4B3A-B636-011BF7C4F4EE}: C:\Windows\system32\config\systemprofile\AppData\Local\{CF1C8366-321E-4B3A-B636-011BF7C4F4EE}\ [2010/11/30 20:37:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2}: C:\Users\zonk\AppData\Local\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2} [2010/11/30 21:42:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/01 00:46:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/01 10:47:39 | 000,000,000 | ---D | M]

[2010/12/01 10:42:00 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\Mozilla\Extensions
[2010/12/08 12:01:57 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\9ty1byx7.default\extensions
[2010/12/07 16:14:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/11 19:13:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/28 13:23:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/20 12:46:46 | 000,423,309 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14590 more lines...
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [lxdwmon.exe] C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe ()
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ESEA Client] C:\Program Files (x86)\ESEA\ESEA Client\eseaclient.exe (E-Sports Entertainment LLC.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Users\zonk\AppData\Local\Temp\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O4 - Startup: C:\Users\zonk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BTGuard Updates.lnk = C:\BTGUARD\settings.exe ()
O4 - Startup: C:\Users\zonk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\zonk\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\zonk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/12/08 12:21:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\zonk\Desktop\OTL.exe
[2010/12/07 17:17:35 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\Microsoft Corporation
[2010/12/05 15:19:32 | 000,000,000 | R--D | C] -- C:\Users\zonk\Documents\My Dropbox
[2010/12/05 15:18:32 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\Dropbox
[2010/12/05 12:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2010/12/05 11:43:56 | 000,000,000 | ---D | C] -- C:\Users\zonk\Documents\BioWare
[2010/12/05 11:35:14 | 000,000,000 | ---D | C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP
[2010/12/05 11:35:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/12/05 11:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dragon Age
[2010/12/05 11:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010/12/01 14:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/12/01 13:48:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/01 10:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/12/01 10:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2010/12/01 00:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis
[2010/11/30 22:49:04 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\Malwarebytes
[2010/11/30 22:48:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/30 22:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/30 22:48:55 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/30 22:48:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/30 21:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/11/30 21:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/30 21:42:28 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Local\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2}
[2010/11/30 00:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2010/11/29 20:22:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}
[2010/11/29 20:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments
[2010/11/29 20:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2010/11/29 20:22:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}
[2010/11/29 20:21:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\{1E8C7AE2-4367-4069-9771-8176841822C4}
[2010/11/29 20:20:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{1E073424-A3F8-474B-A503-A99428594527}
[2010/11/29 20:20:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2010/11/29 20:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2010/11/28 20:39:06 | 000,000,000 | ---D | C] -- C:\Users\zonk\Documents\VirtualDJ
[2010/11/28 20:36:14 | 000,292,864 | ---- | C] (Hercules®) -- C:\Windows\SysNative\hdjapi.dll
[2010/11/28 20:36:14 | 000,121,344 | ---- | C] (Hercules®) -- C:\Windows\SysNative\hrfdongle.dll
[2010/11/28 20:36:14 | 000,091,136 | ---- | C] (Hercules®) -- C:\Windows\SysNative\HDJSeries.cpl
[2010/11/28 20:36:07 | 000,078,848 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\HerculesDJDevices.dll
[2010/11/28 20:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Guillemot
[2010/11/28 20:36:05 | 000,211,968 | ---- | C] (© Guillemot R&D, 2009. All rights reserved.) -- C:\Windows\SysNative\drivers\HDJAsioK.sys
[2010/11/28 20:36:05 | 000,154,112 | ---- | C] (© Guillemot R&D, 2009. All rights reserved.) -- C:\Windows\SysNative\drivers\HDJBulk.sys
[2010/11/28 20:36:05 | 000,144,896 | ---- | C] (© Guillemot R&D, 2009. All rights reserved.) -- C:\Windows\SysNative\drivers\HDJMidi.sys
[2010/11/28 20:36:05 | 000,027,648 | ---- | C] (© Guillemot R&D, 2009. All rights reserved.) -- C:\Windows\SysNative\drivers\HDJCtrl.sys
[2010/11/28 20:36:04 | 000,262,144 | ---- | C] (Hercules®) -- C:\Windows\SysWow64\HDJAPI.dll
[2010/11/28 20:36:04 | 000,106,496 | ---- | C] (Hercules®) -- C:\Windows\SysWow64\HRFDongle.dll
[2010/11/28 20:36:04 | 000,027,136 | ---- | C] (Hercules®) -- C:\Windows\SysWow64\HDJSAPI.dll
[2010/11/28 20:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Hercules
[2010/11/28 20:35:05 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\InstallShield
[2010/11/18 22:22:26 | 000,000,000 | ---D | C] -- C:\Users\zonk\Documents\NetBeansProjects
[2010/11/18 22:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\glassfish-3.0.1
[2010/11/18 22:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 6.9.1
[2010/11/17 13:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010/11/17 13:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org
[2010/11/16 21:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixMeister BPM Analyzer
[2010/11/15 12:28:08 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\ImgBurn
[2010/11/11 18:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/11/11 14:50:29 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Local\AMD
[2010/11/11 14:50:00 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2010/11/10 19:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2010/11/10 19:15:17 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Local\Downloaded Installations
[2010/11/09 16:53:56 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\TS3Client
[2010/11/09 16:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010/11/09 00:44:05 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Local\Activision
[2010/11/09 00:27:32 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010/11/09 00:27:32 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010/11/09 00:27:32 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010/11/09 00:27:32 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010/11/09 00:27:32 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/11/09 00:27:32 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010/11/09 00:27:31 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/11/09 00:27:31 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010/11/09 00:27:31 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/11/09 00:27:31 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010/11/09 00:27:31 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010/11/09 00:27:31 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010/11/09 00:27:30 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010/11/09 00:27:30 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010/11/09 00:27:30 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010/11/09 00:27:30 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010/11/09 00:27:29 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010/11/09 00:27:29 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/11/09 00:27:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/11/09 00:27:29 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010/11/09 00:27:29 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/11/09 00:27:29 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/11/09 00:27:29 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/11/09 00:27:29 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/11/09 00:27:28 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010/11/09 00:27:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/11/09 00:27:28 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010/11/09 00:27:28 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010/11/09 00:27:27 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/11/09 00:27:27 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/11/09 00:27:26 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/11/09 00:27:26 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010/11/09 00:27:26 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/11/09 00:27:26 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/09 00:27:26 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010/11/09 00:27:26 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/11/09 00:27:25 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010/11/09 00:27:25 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/11/09 00:27:25 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/11/09 00:27:25 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010/11/09 00:27:25 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010/11/09 00:27:25 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010/11/09 00:27:24 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010/11/09 00:27:24 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/11/09 00:27:23 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010/11/09 00:27:23 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010/11/09 00:27:23 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010/11/09 00:27:23 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010/11/09 00:27:23 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/11/09 00:27:23 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/11/09 00:27:23 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/11/09 00:27:23 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010/11/09 00:27:22 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/11/09 00:27:22 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/11/09 00:27:22 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010/11/09 00:27:22 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/11/09 00:27:21 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010/11/09 00:27:21 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/11/09 00:27:20 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010/11/09 00:27:20 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010/11/09 00:27:20 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010/11/09 00:27:20 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/11/09 00:27:20 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/11/09 00:27:20 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010/11/09 00:27:20 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010/11/09 00:27:20 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010/11/09 00:27:20 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/11/09 00:27:20 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/11/09 00:27:20 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010/11/09 00:27:20 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/11/09 00:27:20 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/11/09 00:27:20 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010/11/09 00:27:19 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/11/09 00:27:19 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/11/09 00:27:18 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/11/09 00:27:18 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010/11/09 00:27:18 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010/11/09 00:27:18 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010/11/09 00:27:18 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010/11/09 00:27:18 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/11/09 00:27:18 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010/11/09 00:27:18 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/11/09 00:27:18 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010/11/09 00:27:17 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/11/09 00:27:17 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/11/09 00:27:17 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010/11/09 00:27:17 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/11/09 00:27:16 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010/11/09 00:27:16 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/11/09 00:27:15 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/11/09 00:27:15 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010/11/09 00:27:15 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010/11/09 00:27:15 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010/11/09 00:27:15 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010/11/09 00:27:15 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010/11/09 00:27:15 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010/11/09 00:27:15 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010/11/09 00:27:15 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/11/09 00:27:15 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010/11/09 00:27:14 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010/11/09 00:27:14 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/11/09 00:27:13 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010/11/09 00:27:13 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010/11/09 00:27:12 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010/11/09 00:27:12 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010/11/09 00:27:12 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/11/09 00:27:12 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010/11/09 00:27:12 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010/11/09 00:27:12 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010/11/09 00:27:11 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/11/09 00:27:11 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/11/09 00:27:11 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010/11/09 00:27:11 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/11/09 00:27:11 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010/11/09 00:27:11 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/11/09 00:27:10 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010/11/09 00:27:10 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/11/09 00:27:09 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/11/09 00:27:09 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/11/09 00:27:09 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010/11/09 00:27:09 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/11/09 00:27:09 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010/11/09 00:27:09 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/11/09 00:27:09 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/11/09 00:27:09 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010/11/09 00:27:08 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010/11/09 00:27:08 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/11/09 00:27:08 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010/11/09 00:27:08 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/11/09 00:27:08 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010/11/09 00:27:08 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/11/09 00:27:07 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010/11/09 00:27:07 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/11/09 00:27:07 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/11/09 00:27:07 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/11/09 00:27:07 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010/11/09 00:27:07 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/11/09 00:27:06 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010/11/09 00:27:06 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/11/09 00:27:06 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010/11/09 00:27:06 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010/11/09 00:27:06 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/11/09 00:27:06 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/11/09 00:27:05 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/11/09 00:27:05 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010/11/09 00:27:05 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/11/09 00:27:05 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/11/09 00:27:05 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010/11/09 00:27:05 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/11/09 00:27:05 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/11/09 00:27:05 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/11/09 00:27:04 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010/11/09 00:27:04 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/11/09 00:27:03 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010/11/09 00:27:03 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010/11/09 00:27:03 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/11/09 00:27:03 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/11/09 00:27:03 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010/11/09 00:27:03 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010/11/09 00:27:03 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/11/09 00:27:03 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/11/09 00:26:58 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010/11/09 00:26:58 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/11/09 00:26:57 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010/11/09 00:26:57 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/11/09 00:26:57 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010/11/09 00:26:57 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/11/09 00:26:57 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/11/09 00:26:57 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/11/09 00:26:56 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010/11/09 00:26:56 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010/11/09 00:26:55 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010/11/09 00:26:55 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010/11/09 00:26:55 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010/11/09 00:26:55 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/11/09 00:26:54 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010/11/09 00:26:54 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010/11/09 00:26:54 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/11/09 00:26:54 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010/09/13 21:08:34 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dbghelp.dll
[2010/04/27 15:38:15 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwserv.dll
[2010/04/27 15:38:15 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwusb1.dll
[2010/04/27 15:38:15 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcomc.dll
[2010/04/27 15:38:15 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwhbn3.dll
[2010/04/27 15:38:15 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwpmui.dll
[2010/04/27 15:38:15 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwlmpm.dll
[2010/04/27 15:38:15 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcomm.dll
[2010/04/27 15:38:15 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwinpa.dll
[2010/04/27 15:38:15 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwiesc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/08 12:21:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\zonk\Desktop\OTL.exe
[2010/12/08 12:07:59 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/08 12:07:59 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/08 12:06:47 | 000,886,690 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/08 12:06:47 | 000,735,556 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/08 12:06:47 | 000,150,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/08 12:00:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/08 12:00:32 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/08 11:58:52 | 000,000,216 | ---- | M] () -- C:\Users\zonk\defogger_reenable
[2010/12/08 01:31:32 | 000,000,287 | ---- | M] () -- C:\Users\zonk\Desktop\xmaslist.rtf
[2010/12/08 00:27:07 | 000,758,852 | ---- | M] () -- C:\Users\zonk\Desktop\RESNET APP.pdf
[2010/12/05 15:19:32 | 000,001,017 | ---- | M] () -- C:\Users\zonk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/12/05 00:00:40 | 006,212,336 | ---- | M] () -- C:\Users\zonk\Desktop\Weekend POWER.mp3
[2010/12/04 23:54:20 | 000,001,253 | ---- | M] () -- C:\Users\zonk\Desktop\Digital Marijuana.mp3
[2010/12/01 17:06:14 | 000,630,272 | ---- | M] () -- C:\Users\zonk\Desktop\dds.scr
[2010/12/01 17:00:58 | 000,050,477 | ---- | M] () -- C:\Users\zonk\Desktop\Defogger.exe
[2010/12/01 00:55:38 | 000,002,991 | ---- | M] () -- C:\Users\zonk\Desktop\HiJackThis.lnk
[2010/12/01 00:44:07 | 000,001,919 | ---- | M] () -- C:\Users\zonk\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/01 00:35:14 | 000,001,393 | ---- | M] () -- C:\Users\zonk\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/30 22:48:59 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/30 22:37:22 | 000,000,120 | ---- | M] () -- C:\Users\zonk\AppData\Local\Mlinexeko.dat
[2010/11/30 22:37:22 | 000,000,000 | ---- | M] () -- C:\Users\zonk\AppData\Local\Gkidupapoxulodi.bin
[2010/11/30 21:41:16 | 528,765,381 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/30 20:35:26 | 000,001,112 | ---- | M] () -- C:\Windows\SysWow64\Improve Your PC.lnk
[2010/11/30 18:02:19 | 004,870,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/28 20:38:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_HDJBulk_01009.Wdf
[2010/11/11 19:21:26 | 000,000,221 | ---- | M] () -- C:\Users\zonk\Desktop\Call of Duty Black Ops - Multiplayer.url
[2010/11/08 17:08:37 | 000,233,960 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/11/08 17:08:37 | 000,233,960 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/08 11:58:52 | 000,000,216 | ---- | C] () -- C:\Users\zonk\defogger_reenable
[2010/12/08 01:31:32 | 000,000,287 | ---- | C] () -- C:\Users\zonk\Desktop\xmaslist.rtf
[2010/12/05 15:19:32 | 000,001,017 | ---- | C] () -- C:\Users\zonk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/12/04 23:56:06 | 006,212,336 | ---- | C] () -- C:\Users\zonk\Desktop\Weekend POWER.mp3
[2010/12/04 23:54:17 | 000,001,253 | ---- | C] () -- C:\Users\zonk\Desktop\Digital Marijuana.mp3
[2010/12/01 17:06:06 | 000,630,272 | ---- | C] () -- C:\Users\zonk\Desktop\dds.scr
[2010/12/01 17:00:57 | 000,050,477 | ---- | C] () -- C:\Users\zonk\Desktop\Defogger.exe
[2010/12/01 00:53:10 | 000,002,991 | ---- | C] () -- C:\Users\zonk\Desktop\HiJackThis.lnk
[2010/12/01 00:44:07 | 000,001,919 | ---- | C] () -- C:\Users\zonk\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/30 22:48:59 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/30 22:37:22 | 000,000,120 | ---- | C] () -- C:\Users\zonk\AppData\Local\Mlinexeko.dat
[2010/11/30 22:37:22 | 000,000,000 | ---- | C] () -- C:\Users\zonk\AppData\Local\Gkidupapoxulodi.bin
[2010/11/30 20:35:26 | 000,001,112 | ---- | C] () -- C:\Windows\SysWow64\Improve Your PC.lnk
[2010/11/28 20:38:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_HDJBulk_01009.Wdf
[2010/11/11 19:21:26 | 000,000,221 | ---- | C] () -- C:\Users\zonk\Desktop\Call of Duty Black Ops - Multiplayer.url
[2010/11/10 20:00:26 | 528,765,381 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/27 18:10:49 | 000,068,942 | ---- | C] () -- C:\Users\zonk\AppData\Roaming\icarus-dxdiag.xml
[2010/09/16 00:00:48 | 000,000,092 | ---- | C] () -- C:\Users\zonk\AppData\Local\fusioncache.dat
[2010/09/13 21:09:52 | 000,006,670 | ---- | C] () -- C:\Program Files (x86)\lp_eqenv.xml
[2010/09/13 21:08:39 | 000,011,264 | ---- | C] () -- C:\Program Files (x86)\lp_plugin.exe
[2010/09/13 21:08:38 | 000,038,088 | ---- | C] () -- C:\Program Files (x86)\strings_es.xml
[2010/09/13 21:08:38 | 000,035,336 | ---- | C] () -- C:\Program Files (x86)\strings_it.xml
[2010/09/13 21:08:37 | 000,035,110 | ---- | C] () -- C:\Program Files (x86)\strings_ru.xml
[2010/09/13 21:08:36 | 000,022,232 | ---- | C] () -- C:\Program Files (x86)\strings_zh_TW.xml
[2010/09/13 21:08:36 | 000,019,776 | ---- | C] () -- C:\Program Files (x86)\strings_zh_CN.xml
[2010/09/13 21:08:35 | 000,028,466 | ---- | C] () -- C:\Program Files (x86)\strings_ja.xml
[2010/09/13 21:08:31 | 000,029,600 | ---- | C] () -- C:\Program Files (x86)\strings_fr.xml
[2010/09/13 21:08:30 | 000,028,386 | ---- | C] () -- C:\Program Files (x86)\strings_de.xml
[2010/09/13 21:08:30 | 000,000,091 | ---- | C] () -- C:\Program Files (x86)\load.html
[2010/09/13 21:08:29 | 000,002,005 | ---- | C] () -- C:\Program Files (x86)\lpClientConfig.xml
[2010/09/13 21:07:08 | 000,000,228 | ---- | C] () -- C:\Program Files (x86)\lpconfig.xml
[2010/09/13 21:07:07 | 002,330,624 | ---- | C] () -- C:\Program Files (x86)\LaunchPad.exe
[2010/09/13 21:07:07 | 000,210,527 | ---- | C] () -- C:\Program Files (x86)\LaunchPad.log.004
[2010/09/13 21:07:07 | 000,045,283 | ---- | C] () -- C:\Program Files (x86)\LaunchPad.log.001
[2010/09/13 21:07:07 | 000,045,163 | ---- | C] () -- C:\Program Files (x86)\LaunchPad.log.003
[2010/09/13 21:07:07 | 000,045,163 | ---- | C] () -- C:\Program Files (x86)\LaunchPad.log.002
[2010/09/13 21:07:07 | 000,045,163 | ---- | C] () -- C:\Program Files (x86)\LaunchPad.log
[2010/08/17 21:19:57 | 000,000,258 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/08/17 21:19:57 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/08/17 21:19:36 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/08/17 21:19:36 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/08/17 21:18:43 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010/08/17 21:18:39 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2010/08/17 21:18:37 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2010/07/23 01:34:37 | 000,004,608 | ---- | C] () -- C:\Users\zonk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/18 21:35:54 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/07/09 13:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/04/27 15:38:28 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/04/27 15:38:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll
[2010/04/27 15:38:24 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll
[2010/04/27 15:38:23 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll
[2010/04/27 15:38:15 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDWinst.dll
[2010/04/27 15:38:15 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdwcomx.dll
[2010/04/27 15:37:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/04/26 18:56:17 | 000,787,304 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/06 21:57:42 | 002,255,360 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010/04/06 21:57:42 | 000,395,776 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010/04/06 21:57:42 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010/04/06 21:57:42 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010/04/03 22:53:44 | 000,007,597 | ---- | C] () -- C:\Users\zonk\AppData\Local\Resmon.ResmonCfg
[2010/03/31 15:23:20 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010/03/27 15:19:58 | 000,000,389 | ---- | C] () -- C:\Windows\SysWow64\ftpd.ini
[2009/11/25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/05/19 08:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2010/04/06 22:04:21 | 000,004,514 | ---- | M] () -- C:\avi_log.txt
[2010/04/06 21:57:48 | 000,001,006 | ---- | M] () -- C:\Cucu_Video_log.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/12/08 12:00:32 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) --

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:24 PM

Posted 08 December 2010 - 05:29 PM

Hi again mourn!!.. :)

I see you've been doing some fixes with OTL before - were you being helped by someone (a link to the thread please) or did you try doing a fix on your own, based on instructions for other user??..

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
DAEMON Tools Toolbar - it's an adware toolbar bundled with Daemon Tools software, see here: CLSID List

Then,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    FF - prefs.js..extensions.enabledItems: {CF1C8366-321E-4B3A-B636-011BF7C4F4EE}:1.9.1
    FF - prefs.js..extensions.enabledItems: {E2FE3AE1-2265-4DCB-8581-0C96C474B4E2}:1.9.1
    FF - HKLM\software\mozilla\Firefox\Extensions\\{CF1C8366-321E-4B3A-B636-011BF7C4F4EE}: C:\Windows\system32\config\systemprofile\AppData\Local\{CF1C8366-321E-4B3A-B636-011BF7C4F4EE}\ [2010/11/30 20:37:14 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2}: C:\Users\zonk\AppData\Local\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2} [2010/11/30 21:42:28 | 000,000,000 | ---D | M]
    O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
    O4 - Startup: C:\Users\zonk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe File not found
    [2010/11/30 21:42:28 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Local\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2}
    [2010/11/30 22:37:22 | 000,000,120 | ---- | M] () -- C:\Users\zonk\AppData\Local\Mlinexeko.dat
    [2010/11/30 22:37:22 | 000,000,000 | ---- | M] () -- C:\Users\zonk\AppData\Local\Gkidupapoxulodi.bin
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Then, please run a scan with an updated Eset online scanner:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 mourn

mourn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 08 December 2010 - 08:26 PM

Hi, snemelk! :)
I uninstalled the Daemon Tools Toolbar-- I usually don't install toolbars that come packaged with other programs, but I figured that since it had Daemon's name on it, it was legitimate. Evidently, this was a mistake on my part :(

All processes killed
========== OTL ==========
Prefs.js: {CF1C8366-321E-4B3A-B636-011BF7C4F4EE}:1.9.1 removed from extensions.enabledItems
Prefs.js: {E2FE3AE1-2265-4DCB-8581-0C96C474B4E2}:1.9.1 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CF1C8366-321E-4B3A-B636-011BF7C4F4EE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF1C8366-321E-4B3A-B636-011BF7C4F4EE}\ not found.
C:\Windows\system32\config\systemprofile\AppData\Local\{CF1C8366-321E-4B3A-B636-011BF7C4F4EE}\chrome\content folder moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\{CF1C8366-321E-4B3A-B636-011BF7C4F4EE}\chrome folder moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\{CF1C8366-321E-4B3A-B636-011BF7C4F4EE} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2}\ not found.
C:\Users\zonk\AppData\Local\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2}\chrome\content folder moved successfully.
C:\Users\zonk\AppData\Local\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2}\chrome folder moved successfully.
C:\Users\zonk\AppData\Local\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2} folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
C:\Users\zonk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk moved successfully.
Folder C:\Users\zonk\AppData\Local\{E2FE3AE1-2265-4DCB-8581-0C96C474B4E2}\ not found.
C:\Users\zonk\AppData\Local\Mlinexeko.dat moved successfully.
C:\Users\zonk\AppData\Local\Gkidupapoxulodi.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: zonk
->Temp folder emptied: 120644184 bytes
->Temporary Internet Files folder emptied: 9037959 bytes
->Java cache emptied: 518 bytes
->FireFox cache emptied: 100935086 bytes
->Flash cache emptied: 19252 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80692 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 15925563071 bytes

Total Files Cleaned = 15,408.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Public

User: zonk
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12082010_170337

Files\Folders moved on Reboot...
C:\Users\zonk\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=881d1ffa62ddb24bbfde26406e4bda40
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-09 01:25:09
# local_time=2010-12-08 07:25:09 (-0600, Central Standard Time)
# country="United States"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=258 16776574 0 58 1871933 88044120 0 0
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1029 16777214 0 1 24287645 24287645 0 0
# compatibility_mode=5891 16776573 100 100 0 21354964 0 0
# compatibility_mode=8192 67108863 100 0 534134 534134 0 0
# scanned=464067
# found=0
# cleaned=0
# scan_time=7122

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:24 PM

Posted 09 December 2010 - 04:55 AM

Hi again mourn!!.. :)

That looks better!!.. Does any problem persist??.. Please perform the steps below...

We need to update outdated programs (with security vulnerabilities) on your machine:

- Java

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Java™ 6 Update 20
Java™ 6 Update 22


Then,
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says Java Platform, Standard Edition / "Java SE 6 Update 23".
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe that you downloaded to install the newest version.

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

- Skype™ 4.2: I suggest you upgrade to the newest version: Skype 5.0


Then,
  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 mourn

mourn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 09 December 2010 - 12:06 PM

Snemelk, my computer is perfect now. Thanks. :) I updated everything you said I should, too.

Also, I ran TDSS:
2010/12/09 10:50:49.0760 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/09 10:50:49.0760 ================================================================================
2010/12/09 10:50:49.0760 SystemInfo:
2010/12/09 10:50:49.0760
2010/12/09 10:50:49.0760 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/09 10:50:49.0760 Product type: Workstation
2010/12/09 10:50:49.0760 ComputerName: ZONK-PC
2010/12/09 10:50:49.0761 UserName: zonk
2010/12/09 10:50:49.0761 Windows directory: C:\Windows
2010/12/09 10:50:49.0761 System windows directory: C:\Windows
2010/12/09 10:50:49.0761 Running under WOW64
2010/12/09 10:50:49.0761 Processor architecture: Intel x64
2010/12/09 10:50:49.0761 Number of processors: 4
2010/12/09 10:50:49.0761 Page size: 0x1000
2010/12/09 10:50:49.0761 Boot type: Normal boot
2010/12/09 10:50:49.0761 ================================================================================
2010/12/09 10:50:49.0761 Utility is running under WOW64
2010/12/09 10:50:49.0977 Initialize success
2010/12/09 10:50:58.0228 ================================================================================
2010/12/09 10:50:58.0228 Scan started
2010/12/09 10:50:58.0228 Mode: Manual;
2010/12/09 10:50:58.0228 ================================================================================
2010/12/09 10:50:59.0418 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/09 10:50:59.0438 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/09 10:50:59.0464 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/09 10:50:59.0514 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/09 10:50:59.0544 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/09 10:50:59.0569 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/09 10:50:59.0635 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/12/09 10:50:59.0655 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/09 10:50:59.0688 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/09 10:50:59.0714 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/09 10:50:59.0767 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2010/12/09 10:50:59.0830 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/09 10:50:59.0995 amdkmdag (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/09 10:51:00.0257 amdkmdap (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/12/09 10:51:00.0338 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/09 10:51:00.0361 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/09 10:51:00.0386 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/09 10:51:00.0412 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/09 10:51:00.0536 androidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
2010/12/09 10:51:00.0562 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/12/09 10:51:00.0610 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/12/09 10:51:00.0634 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/09 10:51:00.0710 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/09 10:51:00.0732 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/09 10:51:00.0771 AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
2010/12/09 10:51:00.0849 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2010/12/09 10:51:01.0012 atikmdag (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/09 10:51:01.0097 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/12/09 10:51:01.0141 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/12/09 10:51:01.0179 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/12/09 10:51:01.0215 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/09 10:51:01.0239 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/09 10:51:01.0264 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/09 10:51:01.0289 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/09 10:51:01.0321 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/12/09 10:51:01.0351 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/09 10:51:01.0375 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/09 10:51:01.0391 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/09 10:51:01.0410 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/09 10:51:01.0481 Bulk (d8bd549336593ca304b3524ff2f42717) C:\Windows\system32\Drivers\HDJBulk.sys
2010/12/09 10:51:01.0539 CamDrL64 (6e1641724439e18ce55adee2d347aa19) C:\Windows\system32\DRIVERS\CamDrL64.sys
2010/12/09 10:51:01.0575 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/09 10:51:01.0593 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/09 10:51:01.0621 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/09 10:51:01.0669 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/12/09 10:51:01.0719 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/09 10:51:01.0745 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/09 10:51:01.0774 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/12/09 10:51:01.0799 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/09 10:51:01.0828 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/09 10:51:01.0858 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/09 10:51:01.0919 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/12/09 10:51:01.0945 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/12/09 10:51:01.0962 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/12/09 10:51:02.0019 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/12/09 10:51:02.0063 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/09 10:51:02.0152 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/12/09 10:51:02.0262 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/09 10:51:02.0292 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/09 10:51:02.0329 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/12/09 10:51:02.0353 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/12/09 10:51:02.0378 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/09 10:51:02.0418 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/12/09 10:51:02.0434 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/12/09 10:51:02.0448 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/09 10:51:02.0472 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/12/09 10:51:02.0499 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/12/09 10:51:02.0517 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/09 10:51:02.0553 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/09 10:51:02.0571 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/09 10:51:02.0658 HabuFltr (a0ede833055e6a9f2f99d0aaf717244a) C:\Windows\system32\drivers\habu.sys
2010/12/09 10:51:02.0695 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/09 10:51:02.0752 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/12/09 10:51:02.0790 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/09 10:51:02.0852 HDJMidi (f10b45171f7e8618e0868f3a0c9efe84) C:\Windows\system32\DRIVERS\HDJMidi.sys
2010/12/09 10:51:02.0878 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/09 10:51:02.0895 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/09 10:51:02.0912 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/09 10:51:02.0949 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/09 10:51:03.0005 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/09 10:51:03.0033 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/12/09 10:51:03.0075 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/09 10:51:03.0122 hxctlflt (4b7423fcc37664954460ac3e71752b62) C:\Windows\system32\Drivers\hxctlflt.sys
2010/12/09 10:51:03.0151 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/09 10:51:03.0183 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/09 10:51:03.0219 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/09 10:51:03.0246 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/09 10:51:03.0268 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/09 10:51:03.0296 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/09 10:51:03.0321 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/09 10:51:03.0343 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/12/09 10:51:03.0370 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/12/09 10:51:03.0394 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/09 10:51:03.0421 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/09 10:51:03.0450 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/09 10:51:03.0465 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/09 10:51:03.0492 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/09 10:51:03.0521 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/09 10:51:03.0544 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/12/09 10:51:03.0613 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
2010/12/09 10:51:03.0659 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
2010/12/09 10:51:03.0690 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/09 10:51:03.0734 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/09 10:51:03.0763 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/09 10:51:03.0791 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/09 10:51:03.0815 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/09 10:51:03.0841 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/12/09 10:51:03.0897 LVUSBS64 (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\drivers\LVUSBS64.sys
2010/12/09 10:51:03.0952 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/09 10:51:03.0985 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/09 10:51:04.0020 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/12/09 10:51:04.0035 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/09 10:51:04.0067 MotDev (3cc500c9b0e4d476802d277353cb2c89) C:\Windows\system32\DRIVERS\motodrv.sys
2010/12/09 10:51:04.0087 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/09 10:51:04.0107 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/09 10:51:04.0126 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/12/09 10:51:04.0183 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/12/09 10:51:04.0218 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/09 10:51:04.0255 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/12/09 10:51:04.0268 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/09 10:51:04.0321 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/09 10:51:04.0363 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/09 10:51:04.0383 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/09 10:51:04.0408 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/09 10:51:04.0432 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/09 10:51:04.0459 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/09 10:51:04.0507 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/12/09 10:51:04.0526 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/09 10:51:04.0542 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/09 10:51:04.0579 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/09 10:51:04.0605 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/09 10:51:04.0621 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/12/09 10:51:04.0642 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/12/09 10:51:04.0670 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/09 10:51:04.0700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/12/09 10:51:04.0726 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/09 10:51:04.0757 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/12/09 10:51:04.0778 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/12/09 10:51:04.0809 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/09 10:51:04.0862 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/12/09 10:51:04.0906 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/09 10:51:04.0934 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/09 10:51:04.0948 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/09 10:51:04.0987 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/09 10:51:05.0011 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/12/09 10:51:05.0030 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/09 10:51:05.0052 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/09 10:51:05.0122 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/09 10:51:05.0171 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/12/09 10:51:05.0190 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/09 10:51:05.0237 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/12/09 10:51:05.0280 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/12/09 10:51:05.0303 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/09 10:51:05.0323 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/09 10:51:05.0404 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/09 10:51:05.0528 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/09 10:51:05.0556 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/12/09 10:51:05.0579 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/12/09 10:51:05.0601 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/12/09 10:51:05.0617 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/09 10:51:05.0645 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/09 10:51:05.0676 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/12/09 10:51:05.0704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/12/09 10:51:05.0814 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/09 10:51:05.0835 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/12/09 10:51:05.0873 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/09 10:51:05.0920 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/09 10:51:05.0969 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/09 10:51:06.0002 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/09 10:51:06.0026 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/09 10:51:06.0071 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/09 10:51:06.0094 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/09 10:51:06.0123 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/09 10:51:06.0146 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/09 10:51:06.0173 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/09 10:51:06.0195 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/09 10:51:06.0218 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/09 10:51:06.0235 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/09 10:51:06.0291 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/09 10:51:06.0321 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/12/09 10:51:06.0348 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/12/09 10:51:06.0434 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
2010/12/09 10:51:06.0463 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/09 10:51:06.0520 RTL8187 (a48b769dec76629bd1a021d33c257b17) C:\Windows\system32\DRIVERS\wg111v2.sys
2010/12/09 10:51:06.0576 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/09 10:51:06.0604 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/09 10:51:06.0642 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
2010/12/09 10:51:06.0677 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/12/09 10:51:06.0703 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/09 10:51:06.0722 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/12/09 10:51:06.0749 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/09 10:51:06.0787 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/09 10:51:06.0846 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/09 10:51:06.0866 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/09 10:51:06.0890 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/09 10:51:06.0919 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/09 10:51:06.0940 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/09 10:51:06.0969 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/12/09 10:51:07.0085 SNP2UVC (ba2e864cdc01731a4f144019fb3bf598) C:\Windows\system32\DRIVERS\snp2uvc.sys
2010/12/09 10:51:07.0159 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/12/09 10:51:07.0234 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2010/12/09 10:51:07.0323 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/09 10:51:07.0348 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/09 10:51:07.0373 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/09 10:51:07.0442 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/09 10:51:07.0484 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2010/12/09 10:51:07.0514 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/09 10:51:07.0586 tbhsd (93f0f5ef8a4ca261372df98b31b2bd05) C:\Windows\system32\drivers\tbhsd.sys
2010/12/09 10:51:07.0657 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/12/09 10:51:07.0731 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/09 10:51:07.0776 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/09 10:51:07.0806 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/12/09 10:51:07.0830 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/12/09 10:51:07.0848 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/09 10:51:07.0871 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/09 10:51:07.0911 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/09 10:51:07.0961 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/09 10:51:07.0984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/09 10:51:08.0017 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/09 10:51:08.0053 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/09 10:51:08.0085 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/09 10:51:08.0107 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/09 10:51:08.0159 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/12/09 10:51:08.0177 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/09 10:51:08.0206 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/09 10:51:08.0253 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/09 10:51:08.0281 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/09 10:51:08.0302 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/09 10:51:08.0323 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/09 10:51:08.0359 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/09 10:51:08.0380 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/09 10:51:08.0398 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/09 10:51:08.0456 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2010/12/09 10:51:08.0524 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2010/12/09 10:51:08.0587 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/09 10:51:08.0614 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/09 10:51:08.0632 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/12/09 10:51:08.0662 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/09 10:51:08.0692 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/09 10:51:08.0715 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/09 10:51:08.0732 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/12/09 10:51:08.0758 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/09 10:51:08.0786 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/09 10:51:08.0816 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/12/09 10:51:08.0847 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/09 10:51:08.0872 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/09 10:51:08.0883 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/09 10:51:08.0930 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/12/09 10:51:08.0959 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/09 10:51:09.0018 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/09 10:51:09.0037 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/12/09 10:51:09.0117 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2010/12/09 10:51:09.0155 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/09 10:51:09.0216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/09 10:51:09.0251 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/12/09 10:51:09.0275 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/09 10:51:09.0378 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2010/12/09 10:51:09.0411 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/09 10:51:09.0430 ================================================================================
2010/12/09 10:51:09.0430 Scan finished
2010/12/09 10:51:09.0430 ================================================================================
2010/12/09 10:51:09.0440 Detected object count: 1
2010/12/09 10:51:29.0181 \HardDisk0 - will be cured after reboot
2010/12/09 10:51:29.0182 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/09 10:51:41.0142 Deinitialize success

#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:24 PM

Posted 09 December 2010 - 01:22 PM

Hi again mourn!!.. :)

Looks like there was a rootkit infection hiding - normally it would cause redirects in all browsers, so it's strange you were not experiencing any redirects in IE...

Snemelk, my computer is perfect now. Thanks. :) I updated everything you said I should, too.

Glad to see it!!.. :thumbup2:

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Then,
Please set a new Restore Point to prevent infection from any previous Restore Points.
The easiest and safest way to do this is:
  • Open Control Panel (Start --> Control Panel) and double-click the System icon.
  • Click on the System Protection link on the left. If an UAC (User Account Control) prompt appears, click Continue. Close the System window.
  • Make sure that you have System Protection turned on for your System drive (usually C:\):
    • In Windows 7: On under Protection,
    • In Windows Vista: a box on the left will be checked.
  • Click on the Create button. Give the restore point a name, and click Create. Wait till the new system restore point is created, and click Close.
  • Then go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire (usually C:\).
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

Please check my site - snemelk.hekko.pl:

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!


EDIT: As a sidenote, this rootkit probably wouldn't have been able to infect your machine if you had had UAC enabled... I suggest you re-enable it: Turn User Account Control on or off

Edited by snemelk, 09 December 2010 - 01:59 PM.
Extra info added...

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 mourn

mourn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 10 December 2010 - 12:53 PM

Thanks again, snemelk. I appreciate your help very much; it's been a pleasure.

#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:24 PM

Posted 10 December 2010 - 01:31 PM

Hi mourn!!.. :)

Thanks again, snemelk. I appreciate your help very much; it's been a pleasure.

You're welcome!!.. :thumbup2:

Glad we could help. :)

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users