Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown virus causing frequent BSOD


  • This topic is locked This topic is locked
38 replies to this topic

#1 tommyho1

tommyho1

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 09 August 2011 - 10:39 PM

To whom it may concern,

I fear that my computer is infected with one or more viruses / malware. I am a computer novice so I apologise if i only give you basic information, but please just let me know what ever else you need to help me.

About 2 or 3 weeks ago i started getting the blue screen of death. This has been happening quite frequently and everytime there is a different error code and STOP code. It usually seems to happen when i am on the internet and trying to do too many things at one time. It just crashes.

I have tried using programs such as malwarebytes and superantispyware to remove the problem. When using malwarebytes it said that it found and removed a trojan virus, but it has made no difference to the frequency of the BSOD happening.

I can give you the details for the DDS.txt report and also can attach the attach.txt file, however when i tried to do the GMER scan (i have tried a lot of times) the computer keeps crashing so it is impossible for me to get this information for you.

So here is the dds.txt report -

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 10:29:46 on 2011-08-10
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.959.380 [GMT 9:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\REGSVR32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit0.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit0.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Bitdefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2011\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2011\ieshow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2011\bdagent.exe"
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266542579281
TCP: DhcpNameServer = 168.126.63.1 168.126.63.2
TCP: Interfaces\{396DBB00-8979-4EA0-950F-7506D53A725C} : DhcpNameServer = 168.126.63.1 168.126.63.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\aq8m02t9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
.
============= SERVICES / DRIVERS ===============
.
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2011-4-5 22168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-7-19 123264]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-8-7 352656]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-4-22 153440]
S3 BlackBox;BlackBox SR2; [x]
S3 MBAMSwissArmy;MBAMSwissArmy; [x]
S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-11-29 535824]
S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-11-29 1066232]
.
=============== Created Last 30 ================
.
2011-08-09 13:14:11 12960 ----a-w- c:\windows\system32\drivers\bdrawpr.sys
2011-08-09 04:50:36 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Identities
2011-08-07 08:47:55 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2011-08-07 07:51:02 -------- d-----w- c:\documents and settings\administrator\application data\RegistryTool
2011-08-07 07:50:49 -------- d-----w- c:\program files\RegistryTool
2011-08-07 02:28:36 -------- d-----w- c:\program files\AVAST Software
2011-08-07 02:28:36 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-08-06 07:03:05 -------- d-----w- c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
2011-08-06 07:02:27 -------- d-----w- c:\windows\system32\AppLogs
2011-08-06 07:02:25 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2011-08-06 07:02:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-06 07:02:20 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-08-06 07:02:07 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup
2011-08-06 03:08:41 -------- d-s---w- C:\ComboFix
2011-08-06 03:01:19 -------- d-sha-r- C:\cmdcons
2011-08-06 02:58:26 98816 ----a-w- c:\windows\sed.exe
2011-08-06 02:58:26 518144 ----a-w- c:\windows\SWREG.exe
2011-08-06 02:58:26 256000 ----a-w- c:\windows\PEV.exe
2011-08-06 02:58:26 208896 ----a-w- c:\windows\MBR.exe
2011-08-05 16:39:28 -------- d-----w- c:\documents and settings\administrator\application data\IObit
2011-08-05 16:39:26 -------- d-----w- c:\documents and settings\all users\application data\IObit
2011-08-05 16:39:20 -------- d-----w- c:\program files\IObit
2011-08-05 16:20:54 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-08-05 16:17:04 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-04 14:34:21 -------- d-----r- c:\program files\Skype
2011-08-04 02:17:44 -------- d-----w- c:\windows\system32\NtmsData
2011-08-04 02:10:40 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-08-04 01:56:07 -------- d-----w- c:\windows\system32\appmgmt
2011-08-03 14:08:46 -------- d-----w- c:\documents and settings\all users\application data\Dumps
2011-07-22 03:59:19 -------- d-----w- c:\documents and settings\administrator\EurekaLog
2011-07-21 01:49:08 -------- d-----w- c:\documents and settings\all users\application data\bdch
2011-07-19 12:51:26 -------- d-----w- c:\documents and settings\administrator\application data\BitDefender
2011-07-19 12:50:54 -------- d-----w- c:\program files\BitDefender
2011-07-19 05:26:42 -------- d-----w- c:\program files\common files\BitDefender
2011-07-19 05:26:42 -------- d-----w- c:\documents and settings\all users\application data\BitDefender
2011-07-19 05:25:59 306320 ----a-w- c:\windows\system32\drivers\trufos.sys
2011-07-19 05:25:56 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-07-19 04:58:33 -------- d-sh--w- C:\found.000
2011-07-19 04:50:11 -------- d-----w- c:\documents and settings\administrator\local settings\application data\bdch
2011-07-16 02:17:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-11 02:13:20 3727360 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2011-08-09 13:14:41 908976 ----a-w- c:\documents and settings\all users\application data\bdinstall.bin
2011-08-04 05:07:58 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2011-08-04 05:07:52 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2011-07-19 13:29:35 153440 ----a-w- c:\windows\system32\drivers\bdfm.sys
2011-06-03 10:19:24 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2010-07-08 01:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe
.
============= FINISH: 10:31:33.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:01 AM

Posted 13 August 2011 - 11:40 AM

Hello tommyho1 and welcome to BC. :)

Sorry about the delay, do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 tommyho1

tommyho1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 13 August 2011 - 09:07 PM

definitely! let me know what you need me to do.

thanks, for the reply.

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:01 AM

Posted 13 August 2011 - 11:08 PM

Download OTL by OldTimer from one of the links below:

Link 1
Link 2

  • Save it to your desktop.
  • Close all open windows on the Task Bar.
  • Double click the OTL icon to run the program (run as Administrator for Windows Vista/7).
  • Put a check mark on Scan All Users.
  • Click the Run Scan button and let it run uninterrupted.
  • It will create two reports namely OTL.txt (will be opened) and Extras.txt (will be minimized).
  • Post the contents of both reports when you reply.
  • Exit OTL.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 tommyho1

tommyho1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 14 August 2011 - 06:06 AM

i ran the scan but it only gave me the otl.txt file - it did not produce any extras.txt file anywhere. however, i have already got a file called extras.txt saved on my desktop. i will post you the details of this - if this is not what you need then just let me know how to progress.

OTL logfile created on: 8/14/2011 7:47:57 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 702.57 Mb Available Physical Memory | 73.22% Memory free
2.26 Gb Paging File | 1.81 Gb Available in Paging File | 79.92% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 34.42 Gb Free Space | 70.48% Space Free | Partition Type: NTFS
Drive D: | 21.49 Gb Total Space | 21.37 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 26.76 Gb Free Space | 8.98% Space Free | Partition Type: NTFS

Computer Name: SERTGER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/14 19:46:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2011/08/08 13:05:55 | 001,451,928 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011/07/29 10:09:07 | 004,599,680 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/07/19 22:28:18 | 002,090,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011/07/19 09:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/04 14:42:36 | 000,801,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/05/04 14:42:36 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/04 14:42:36 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2008/04/14 21:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/11 15:08:36 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe


========== Modules (SafeList) ==========

MOD - [2011/08/14 19:46:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2011/07/19 21:54:37 | 000,276,992 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00094_003\plugin_nt.m32
MOD - [2011/03/14 20:36:16 | 000,166,912 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00094_003\plugin_extra.m32
MOD - [2011/03/14 20:35:18 | 000,089,600 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00094_003\plugin_net.m32
MOD - [2011/03/14 20:35:00 | 000,657,408 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00094_003\plugin_fragments.m32
MOD - [2011/03/14 20:34:32 | 000,120,832 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00094_003\plugin_registry.m32
MOD - [2011/03/14 20:34:16 | 000,136,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00094_003\plugin_base.m32
MOD - [2011/03/14 20:29:50 | 000,232,968 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00094_003\midas32.dll
MOD - [2010/08/24 01:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (wuauserv)
SRV - [2011/07/19 22:28:18 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011/07/19 09:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/05/04 14:42:36 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/23 01:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/19 22:29:51 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011/07/19 22:29:35 | 000,153,440 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2011/07/19 22:27:52 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (Trufos)
DRV - [2011/07/13 06:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/03/19 08:59:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/02/16 22:22:48 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2010/11/29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2010/11/29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2010/08/20 18:41:52 | 000,126,800 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
DRV - [2009/11/05 15:51:19 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2009/05/05 09:59:02 | 000,022,168 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2009/05/05 09:58:30 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008/04/14 21:00:00 | 000,020,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/14 21:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2008/04/14 07:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2006/10/18 21:47:10 | 000,542,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\blackbox.dll -- (BlackBox)
DRV - [2006/08/08 23:19:22 | 000,010,368 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2006/01/13 13:39:48 | 003,844,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1960408961-1801674531-2090396574-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1960408961-1801674531-2090396574-500\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1960408961-1801674531-2090396574-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-1801674531-2090396574-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011/07/20 09:44:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/16 11:07:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/16 11:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/07/16 11:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aq8m02t9.default\extensions
[2011/08/04 23:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/04 23:35:49 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AQ8M02T9.DEFAULT\EXTENSIONS\OPENBOOKMARKINTAB@PIRO.SAKURA.NE.JP.XPI
[2011/07/20 09:44:47 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
[2010/02/19 15:35:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/08 16:31:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 17:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 17:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 17:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 17:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 17:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/02/19 13:14:09 | 000,000,781 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1960408961-1801674531-2090396574-500\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1960408961-1801674531-2090396574-500\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1960408961-1801674531-2090396574-500..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-1960408961-1801674531-2090396574-500..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1960408961-1801674531-2090396574-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1801674531-2090396574-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1960408961-1801674531-2090396574-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266542579281 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.126.63.1 168.126.63.2
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/19 09:59:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{fff1a2ff-8430-11e0-b2f5-001921e85ea0}\Shell - "" = AutoRun
O33 - MountPoints2\{fff1a2ff-8430-11e0-b2f5-001921e85ea0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fff1a2ff-8430-11e0-b2f5-001921e85ea0}\Shell\AutoRun\command - "" = G:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/10 10:29:04 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/08/09 22:14:11 | 000,012,960 | ---- | C] (BITDEFENDER LLC) -- C:\WINDOWS\System32\drivers\bdrawpr.sys
[2011/08/09 13:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2011/08/07 17:47:55 | 001,414,440 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\ShellManager310E2D762.dll
[2011/08/07 17:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 43
[2011/08/07 16:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\RegistryTool
[2011/08/07 16:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\RegistryTool
[2011/08/07 11:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/07 11:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/06 16:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/08/06 16:02:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AppLogs
[2011/08/06 16:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/06 16:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/08/06 16:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/06 16:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/06 16:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2011/08/06 15:52:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/08/06 12:08:41 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/06 12:01:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/06 11:58:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/06 11:58:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/06 11:58:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/06 11:58:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/06 11:57:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/06 11:28:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/06 11:28:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/08/06 11:27:26 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/08/06 02:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/08/06 01:39:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011/08/06 01:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/08/06 01:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/08/06 01:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/08/06 01:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/04 23:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/08/04 23:34:21 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/08/04 11:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/08/04 11:10:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/08/04 10:56:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/08/04 09:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\BitTorrentBar
[2011/08/03 23:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dumps
[2011/07/28 09:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/07/22 12:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\EurekaLog
[2011/07/21 10:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bdch
[2011/07/19 21:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BitDefender 2011
[2011/07/19 21:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BitDefender
[2011/07/19 21:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2011/07/19 14:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2011/07/19 14:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/07/19 14:25:59 | 000,306,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2011/07/19 14:25:56 | 000,353,096 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2011/07/19 13:58:33 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/07/19 13:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\bdch
[2011/07/18 12:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2011/07/16 11:17:23 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/16 11:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/07/16 11:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/07/16 11:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[3 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/14 19:35:45 | 000,157,184 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/14 09:52:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/14 09:52:04 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/14 09:51:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/11 09:09:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/10 10:29:11 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/08/10 10:27:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/08/09 22:14:41 | 000,908,976 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2011/08/08 01:22:47 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/08/07 18:17:45 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/07 17:41:53 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/08/07 17:41:47 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/08/07 17:01:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/06 16:02:25 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/06 12:01:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/06 11:40:50 | 000,001,547 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\search_result.xml
[2011/08/06 02:04:14 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/08/06 01:51:37 | 000,099,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/04 14:07:54 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\TCPIP.SYS
[2011/08/04 11:10:41 | 000,000,402 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/07/19 22:29:35 | 000,153,440 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys
[2011/07/19 22:27:52 | 000,306,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2011/07/19 21:51:30 | 000,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Antivirus Pro 2011.lnk
[2011/07/19 10:22:18 | 000,089,929 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\smokey-senna.srt
[2011/07/16 11:17:23 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/16 11:10:36 | 000,062,125 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\bookmarks_16_07_2011.html
[2011/07/16 11:07:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/07/16 11:07:42 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/16 11:07:42 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/16 10:27:07 | 001,880,725 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Primal_Blueprint_Fitness_eBook_01172011.pdf
[3 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/10 10:27:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/08/07 17:47:56 | 000,773,120 | ---- | C] () -- C:\WINDOWS\System32\NEROINSTAEC43759.DB
[2011/08/07 17:41:53 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/08/07 17:41:47 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/08/06 16:02:25 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/06 12:01:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/06 12:01:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/06 11:58:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/06 11:58:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/06 11:58:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/06 11:58:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/06 11:58:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/06 02:04:14 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/08/06 01:42:24 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/05 22:35:43 | 000,001,547 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\search_result.xml
[2011/08/04 23:34:24 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/08/04 11:10:41 | 000,000,402 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/07/22 13:06:33 | 000,046,070 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ayrton.Senna.Beyond.the.Speed.of.Sound.2010.720p.BluRay.x264-PEDECANAJP.srt
[2011/07/22 13:01:32 | 000,049,244 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\santi-ayrtonsennathespeedofsound.bdrip.xvid.srt
[2011/07/22 12:59:45 | 000,089,929 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\smokey-senna.srt
[2011/07/19 21:51:30 | 000,001,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Antivirus Pro 2011.lnk
[2011/07/16 11:10:36 | 000,062,125 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\bookmarks_16_07_2011.html
[2011/07/16 11:07:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/16 11:07:42 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/16 11:07:42 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/16 11:07:42 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/16 10:27:24 | 001,880,725 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Primal_Blueprint_Fitness_eBook_01172011.pdf
[2011/06/02 22:45:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imwords.dat
[2011/06/02 22:45:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\im_markovian.dat
[2011/04/26 22:48:25 | 000,021,528 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/13 11:00:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imblacklist.dat
[2011/04/13 00:09:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/04/08 19:24:25 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/08 19:24:19 | 000,157,184 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 00:23:02 | 000,908,976 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2011/04/05 18:57:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/04/05 18:57:04 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2011/04/05 17:50:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/02/19 18:50:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/02/19 18:48:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/19 18:47:23 | 000,099,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/19 15:55:48 | 000,000,272 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/02/19 13:38:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/19 10:01:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/19 09:56:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/01 19:21:39 | 000,010,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\siwinacc.sys
[2008/04/14 21:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 21:00:00 | 000,441,546 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 21:00:00 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys
[2008/04/14 21:00:00 | 000,071,482 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 21:00:00 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\vga.sys
[2008/04/14 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 21:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

========== Files - Unicode (All) ==========
[2011/07/19 14:03:54 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Administrator\?????) -- C:\Documents and Settings\Administrator\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95

< End of report >

OTL Extras logfile created on: 8/6/2011 11:11:42 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 424.41 Mb Available Physical Memory | 44.23% Memory free
2.26 Gb Paging File | 1.70 Gb Available in Paging File | 75.38% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 32.18 Gb Free Space | 65.90% Space Free | Partition Type: NTFS
Drive D: | 21.49 Gb Total Space | 21.37 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 29.08 Gb Free Space | 9.76% Space Free | Partition Type: NTFS

Computer Name: SERTGER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1960408961-1801674531-2090396574-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe" = C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe:*:Disabled:BitDefender Security Service -- (BitDefender S.R.L.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12515056-B730-3044-A2E8-0D38C7D5F3BB}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - KOR
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{912444AD-B364-3D0E-B58E-4F862BC1249D}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - KOR
"{972B9815-783B-3136-9247-CF62322C4E40}" = Microsoft .NET Framework 3.5 Language Pack SP1 - kor
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B700657-676B-4A98-8B25-40A1BAC81042}" = Nero 8 Essentials
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B6CA7A3C-35FD-401F-9335-FFFD2BCD5FF3}" = BitDefender Antivirus Pro 2011
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"2A254C1DED9506B43E81B3F48172B0FC3276365C" = Windows Driver Package - VIA (FET5X86V) Net (09/22/2008 3.81.0.466)
"5AF74D1E0F05F0998D2344BC84888FD61C07B44D" = Windows Driver Package - VIA Technologies, Inc. System (06/21/2007 6.0.00.0300)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"BA1D198DBB98E33D039F55E562AA73AA317371C4" = Windows Driver Package - VIA Technologies, Inc. (viaagp1) System (07/02/2003 5.1.0.3442)
"BitDefender" = BitDefender Antivirus Pro 2011
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"C81AA905E591F503829336CE6B6E0017036A0B8C" = Windows Driver Package - VIA/S3G (viagfx) Display (06/07/2007 6.14.10.0367)
"conduitEngine" = Conduit Engine
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DC4B35C01D3144425AA83CC516B76083EBFCE2A7" = Windows Driver Package - VIA Technologies, Inc. (videX32) hdc (12/05/2008 6.0.6000.275)
"GOM Player" = GOM Player
"HaaliMkx" = Haali Media Splitter
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA 플랫폼 장치 관리자
"IObit Security 360_is1" = IObit Security 360
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - kor" = Microsoft .NET Framework 3.5 언어 팩 SP1 - 한국어
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0.1 (x86 en-GB)" = Mozilla Firefox 5.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Picasa 3" = Picasa 3
"SopCast" = SopCast 3.3.2
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2011 1:10:41 AM | Computer Name = SERTGER | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/5/2011 9:23:51 AM | Computer Name = SERTGER | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/5/2011 9:24:00 AM | Computer Name = SERTGER | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

Error - 8/5/2011 9:25:19 AM | Computer Name = SERTGER | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/5/2011 9:25:23 AM | Computer Name = SERTGER | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/5/2011 9:25:26 AM | Computer Name = SERTGER | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

Error - 8/5/2011 9:27:36 AM | Computer Name = SERTGER | Source = Application Error | ID = 1000
Description = Faulting application integratedsupport.exe, version 14.0.28.81, faulting
module mshtml.dll, version 8.0.6001.19088, fault address 0x000a7fc0.

Error - 8/5/2011 10:00:14 AM | Computer Name = SERTGER | Source = Application Error | ID = 1000
Description = Faulting application vsserv.exe, version 14.0.28.55, faulting module
vsserv.exe, version 14.0.28.55, fault address 0x00003c5b.

Error - 8/5/2011 12:45:06 PM | Computer Name = SERTGER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jscript.dll, version 5.8.6001.23141, fault address 0x00014ea1.

Error - 8/5/2011 1:03:29 PM | Computer Name = SERTGER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19088, fault address 0x00047eb0.

[ System Events ]
Error - 8/3/2011 10:10:01 AM | Computer Name = SERTGER | Source = Service Control Manager | ID = 7034
Description = The ALYac_PZSrv service terminated unexpectedly. It has done this
1 time(s).

Error - 8/5/2011 12:46:39 AM | Computer Name = SERTGER | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).

Error - 8/5/2011 9:59:51 AM | Computer Name = SERTGER | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).

Error - 8/5/2011 10:03:48 AM | Computer Name = SERTGER | Source = Service Control Manager | ID = 7022
Description = The BitDefender Virus Shield service hung on starting.

Error - 8/5/2011 10:03:52 AM | Computer Name = SERTGER | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).

Error - 8/5/2011 12:48:49 PM | Computer Name = SERTGER | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 8/5/2011 12:48:49 PM | Computer Name = SERTGER | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/5/2011 1:21:30 PM | Computer Name = SERTGER | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).

Error - 8/5/2011 1:22:18 PM | Computer Name = SERTGER | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 2 time(s).

Error - 8/5/2011 1:27:41 PM | Computer Name = SERTGER | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 3 time(s).


< End of report >

#6 tommyho1

tommyho1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 14 August 2011 - 06:11 AM

i have just noticed on the otl main screen that the box named "extra registry" is set to "none" whereas all the other boxes are set to "use safelist". is this the reason why it did not produce the "extras.txt" report?

#7 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:01 AM

Posted 14 August 2011 - 07:05 AM

is this the reason why it did not produce the "extras.txt" report?


It is because OTL was already run twice on your computer, Extras.txt is only available on the first OTL run.

P2P Warning:

BitTorrent

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


================================


You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.


:step1: Please post the contents of combofix located at C:\combofix.txt.


:step2: Please run the MGA Diagnostic Tool and post back the report it creates:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program (Run as Administrator for Windows Vista/7).
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#8 tommyho1

tommyho1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 14 August 2011 - 07:20 AM

thank you for the information about p2p - i am aware of the risks involved and i guess this is the cause of the virus.

as for combofix - there is no file that you mention on the computer? perhaps it did not complete when i tried before? should i run the process again?

#9 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:01 AM

Posted 14 August 2011 - 07:35 AM

Please proceed with step #2.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#10 tommyho1

tommyho1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 14 August 2011 - 07:38 AM

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-HVQF4-VPKXW-RVRMY
Windows Product Key Hash: STzVZ0+eVmjzCbjW+FUcMkMmVVg=
Windows Product ID: 76487-640-5334481-23984
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {0C82EB95-94EC-44EA-8D06-8A77440B847C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2efd_E2AD56EA-148-80004005_16E0B333-89-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0C82EB95-94EC-44EA-8D06-8A77440B847C}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RVRMY</PKey><PID>76487-640-5334481-23984</PID><PIDType>1</PIDType><SID>S-1-5-21-1960408961-1801674531-2090396574</SID><SYSTEM><Manufacturer>P4M80P</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="3"/><Date>20070301000000.000000+000</Date></BIOS><HWID>38FC3A0701844078</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Korea Standard Time(GMT+09:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>컴퓨터로좋은세상</name><model>수지정보</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

#11 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:01 AM

Posted 14 August 2011 - 08:07 AM

Thanks, now please do the following:


:step1: Please uninstall IObit Security 360 and Advanced SystemCare 4



:step2: Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.



:step3: Please delete your copy of combofix and then download and run a new copy.

Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


Edited by sempai, 14 August 2011 - 08:08 AM.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#12 tommyho1

tommyho1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 14 August 2011 - 08:39 AM

when i opened the add or remove programs facility in control panel i could find the advanced system card and remove it, however neither iobit or combofix were there. does this mean they are not on the computer and i can proceed with what you asked, or can they be found somewhere else on the computer?

#13 tommyho1

tommyho1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 14 August 2011 - 09:09 AM

i need to go now - hopefully you can leave me enough instructions on how to progress so that in the morning i can run tdsskiller and combofix. then i will post the logs here for you.

thanks again for your continued help

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:01 AM

Posted 14 August 2011 - 10:21 AM

Hi,

No need to uninstall Combofix, just delete the combofix.exe file if you still have it before downloading a new copy. If you don't have any copy of Combofix then simply download a new one, also please proceed with the rest of instructions. Thanks you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 tommyho1

tommyho1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 14 August 2011 - 09:59 PM

i tried to do the combofix process however it does not appear to finish. it does not produce any logs and it does not have any kind of confirmation at the end saying that the scan is finished. i did all the necessary steps that were suggested to prepare for running combofix but it does not seem to have worked? during the process a couple of errors came up - the first was related to a file called license/iexplore.exe and the computer said i had to retry abort or ignore. i clicked ignore as this was the only way to continue to the process. also later on an error came up about grep.exe

when the combofix window closed i noticed a pop up in the bottom corner and i think it was about bitdefender, my antivirus software. i dont understand why this would be as i disabled it before doing the scan. i do not know exactly what it said as it faded out before i had chance to read it.

also, when combofix finished i tried to go on the internet but it would not connect. when i when to network places there were no connections in the window. i could only get back on the internet by restarting the computer. also, i do not know if it is improtant or not, but at this time when i restarted the computer, windows made 9 updates.

i did manage to get the TDSSkiller to work - here is the log

2011/08/15 01:04:49.0343 2512 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/15 01:04:50.0312 2512 ================================================================================
2011/08/15 01:04:50.0312 2512 SystemInfo:
2011/08/15 01:04:50.0312 2512
2011/08/15 01:04:50.0312 2512 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/15 01:04:50.0312 2512 Product type: Workstation
2011/08/15 01:04:50.0312 2512 ComputerName: SERTGER
2011/08/15 01:04:50.0312 2512 UserName: Administrator
2011/08/15 01:04:50.0312 2512 Windows directory: C:\WINDOWS
2011/08/15 01:04:50.0312 2512 System windows directory: C:\WINDOWS
2011/08/15 01:04:50.0312 2512 Processor architecture: Intel x86
2011/08/15 01:04:50.0312 2512 Number of processors: 2
2011/08/15 01:04:50.0312 2512 Page size: 0x1000
2011/08/15 01:04:50.0312 2512 Boot type: Normal boot
2011/08/15 01:04:50.0312 2512 ================================================================================
2011/08/15 01:04:53.0437 2512 Initialize success
2011/08/15 01:05:03.0734 0956 ================================================================================
2011/08/15 01:05:03.0734 0956 Scan started
2011/08/15 01:05:03.0734 0956 Mode: Manual;
2011/08/15 01:05:03.0734 0956 ================================================================================
2011/08/15 01:05:07.0656 0956 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/15 01:05:08.0359 0956 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/15 01:05:11.0828 0956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/15 01:05:12.0171 0956 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/15 01:05:14.0828 0956 ALCXWDM (03921c35bfadc849ca3045abed8d26f2) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/15 01:05:18.0015 0956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/15 01:05:18.0328 0956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/15 01:05:18.0921 0956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/15 01:05:19.0218 0956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/15 01:05:19.0781 0956 avc3 (a16df078cc2927005581054a3fdde00f) C:\WINDOWS\system32\drivers\avc3.sys
2011/08/15 01:05:20.0718 0956 avckf (3dbfcdb49d7520a7425e59a143b8856b) C:\WINDOWS\system32\drivers\avckf.sys
2011/08/15 01:05:21.0531 0956 bdfm (5aa1b6041d4b8587f5b914ae404b60c7) C:\WINDOWS\system32\DRIVERS\bdfm.sys
2011/08/15 01:05:21.0984 0956 bdfsfltr (c3e025d46368e3d18085eef26ef6f6a1) C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
2011/08/15 01:05:22.0265 0956 Bdftdif (c23a8547d5ea6d0c3589961bfb7ff6d3) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
2011/08/15 01:05:22.0484 0956 bdselfpr (2daa9e807c11b4677cafc1e43a98f8ce) C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys
2011/08/15 01:05:22.0843 0956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/15 01:05:23.0593 0956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/15 01:05:23.0843 0956 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/15 01:05:24.0328 0956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/15 01:05:24.0640 0956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/15 01:05:24.0921 0956 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/15 01:05:26.0500 0956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/15 01:05:27.0078 0956 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/15 01:05:27.0625 0956 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/15 01:05:27.0906 0956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/15 01:05:28.0187 0956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/15 01:05:28.0718 0956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/15 01:05:29.0078 0956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/15 01:05:29.0375 0956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/15 01:05:29.0609 0956 FET5X86V (e7072827d0b5f9bd99d6961571a38973) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/08/15 01:05:29.0906 0956 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/08/15 01:05:30.0171 0956 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/15 01:05:30.0421 0956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/15 01:05:30.0718 0956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/15 01:05:31.0031 0956 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
2011/08/15 01:05:31.0296 0956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/15 01:05:31.0578 0956 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/15 01:05:31.0875 0956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/15 01:05:32.0140 0956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/15 01:05:32.0453 0956 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/15 01:05:33.0015 0956 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/15 01:05:33.0843 0956 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/15 01:05:34.0234 0956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/15 01:05:34.0984 0956 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/15 01:05:35.0265 0956 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/15 01:05:35.0546 0956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/15 01:05:35.0812 0956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/15 01:05:36.0109 0956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/15 01:05:36.0453 0956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/15 01:05:36.0718 0956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/15 01:05:37.0000 0956 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/15 01:05:37.0250 0956 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/15 01:05:37.0640 0956 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/15 01:05:37.0937 0956 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/15 01:05:38.0281 0956 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/15 01:05:39.0187 0956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/15 01:05:39.0453 0956 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/15 01:05:39.0859 0956 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/15 01:05:40.0125 0956 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/15 01:05:40.0375 0956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/15 01:05:41.0015 0956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/15 01:05:41.0468 0956 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/15 01:05:42.0031 0956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/15 01:05:42.0281 0956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/15 01:05:42.0515 0956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/15 01:05:42.0859 0956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/15 01:05:43.0140 0956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/15 01:05:43.0421 0956 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/15 01:05:43.0890 0956 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/15 01:05:44.0203 0956 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/15 01:05:44.0562 0956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/15 01:05:44.0968 0956 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/15 01:05:45.0218 0956 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/15 01:05:45.0468 0956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/15 01:05:45.0875 0956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/15 01:05:46.0156 0956 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/15 01:05:46.0437 0956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/15 01:05:46.0875 0956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/15 01:05:47.0312 0956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/15 01:05:47.0843 0956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/15 01:05:48.0406 0956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/15 01:05:48.0796 0956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/15 01:05:49.0046 0956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/15 01:05:49.0312 0956 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/15 01:05:49.0593 0956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/15 01:05:49.0828 0956 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/15 01:05:50.0093 0956 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/15 01:05:50.0562 0956 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/15 01:05:50.0984 0956 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/15 01:05:52.0703 0956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/15 01:05:52.0984 0956 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/15 01:05:53.0296 0956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/15 01:05:53.0546 0956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/15 01:05:55.0000 0956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/15 01:05:55.0281 0956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/15 01:05:55.0562 0956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/15 01:05:55.0812 0956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/15 01:05:56.0125 0956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/15 01:05:56.0437 0956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/15 01:05:56.0750 0956 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/15 01:05:57.0140 0956 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/15 01:05:57.0468 0956 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/15 01:05:57.0828 0956 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/08/15 01:05:57.0984 0956 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/15 01:05:58.0062 0956 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/15 01:05:58.0406 0956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/15 01:05:58.0671 0956 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/15 01:05:58.0921 0956 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/15 01:05:59.0218 0956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/15 01:05:59.0531 0956 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2011/08/15 01:05:59.0984 0956 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/15 01:06:00.0484 0956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/15 01:06:00.0781 0956 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/15 01:06:01.0187 0956 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/15 01:06:01.0609 0956 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/15 01:06:01.0859 0956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/15 01:06:02.0187 0956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/15 01:06:03.0343 0956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/15 01:06:03.0640 0956 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2011/08/15 01:06:04.0031 0956 Tcpip (d24ea301e2b36c4e975fd216ca85d8e7) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/15 01:06:04.0406 0956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/15 01:06:04.0656 0956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/15 01:06:04.0906 0956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/15 01:06:05.0593 0956 Trufos (a919775c03303d0e0690b315d26a5e1d) C:\WINDOWS\system32\DRIVERS\Trufos.sys
2011/08/15 01:06:05.0984 0956 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/08/15 01:06:06.0281 0956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/15 01:06:06.0875 0956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/15 01:06:07.0500 0956 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/15 01:06:07.0765 0956 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/15 01:06:08.0171 0956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/15 01:06:08.0437 0956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/15 01:06:08.0703 0956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/15 01:06:09.0093 0956 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/15 01:06:09.0359 0956 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/15 01:06:09.0625 0956 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/15 01:06:09.0859 0956 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/15 01:06:10.0328 0956 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/15 01:06:10.0625 0956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/15 01:06:10.0875 0956 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/08/15 01:06:11.0421 0956 viagfx (82f397aad55ffd1adac98e945fbcda19) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/08/15 01:06:12.0046 0956 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/15 01:06:12.0593 0956 viamraid (00046aa2e396edc2238556e740a8e5af) C:\WINDOWS\system32\DRIVERS\viamraid.sys
2011/08/15 01:06:13.0343 0956 videX32 (4cc623591204acd5fc89bd0dad70e838) C:\WINDOWS\system32\DRIVERS\videX32.sys
2011/08/15 01:06:13.0765 0956 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/15 01:06:14.0578 0956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/15 01:06:16.0296 0956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/15 01:06:19.0062 0956 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/15 01:06:19.0406 0956 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/15 01:06:19.0703 0956 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/15 01:06:20.0000 0956 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/15 01:06:20.0312 0956 xfilt (a1b2b0211441f9c822f8cbc0c2d1b41e) C:\WINDOWS\system32\DRIVERS\xfilt.sys
2011/08/15 01:06:20.0437 0956 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/15 01:06:20.0656 0956 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
2011/08/15 01:06:20.0718 0956 Boot (0x1200) (b1142640e31a477a15b0090ee46d11e3) \Device\Harddisk0\DR0\Partition0
2011/08/15 01:06:20.0765 0956 Boot (0x1200) (1cf9674e3be3ce6346637e9fa0233077) \Device\Harddisk0\DR0\Partition1
2011/08/15 01:06:20.0828 0956 Boot (0x1200) (5d269b68a1af5faae31082f49e11049d) \Device\Harddisk0\DR0\Partition2
2011/08/15 01:06:20.0859 0956 Boot (0x1200) (82a24f1876cd9fbde961b4aced1318d7) \Device\Harddisk1\DR4\Partition0
2011/08/15 01:06:20.0890 0956 ================================================================================
2011/08/15 01:06:20.0890 0956 Scan finished
2011/08/15 01:06:20.0890 0956 ================================================================================
2011/08/15 01:06:20.0937 0296 Detected object count: 0
2011/08/15 01:06:20.0937 0296 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users