Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Rootkit.Gen has infected TR/Rootkit.Gen


  • This topic is locked This topic is locked
37 replies to this topic

#1 notinfallible

notinfallible

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:07:02 PM

Posted 13 December 2011 - 02:56 AM

Hello, here is some information on my system,

Gateway Desktop, Windows XP SP3, 500GB hard drive, 2GB RAM

Avira Free Anti-Virus, Malwarebytes Anti-Malware, SUPERantispyware, CCleaner, and Spybot installed


Just the other night I was curious about what programs are available for SMS messanging, besides Yahoo Messenger and ended up downloading, Windows Live Messenger. Bad Idea. I didn't like anything about it and something didn't seem right about the program to begin with, so I uninstalled it.

I use Revo Uninstaller as an alternative to Add/Remove programs to uninstall software; this program allows me to get a more in-depth look at what is taking place on my computer.


To make a long story short, I should have paying more attention to what I was downloading. I could be wrong but I think the malware infecting my system has something to do with me downloading and installing Windows Live Messenger.

Initially when I suppected something was up with my computer, I rebooted into Safe Mode with Networking, and updated all security software. First, I ran a full scan with Malwarebytes Anti-Malware and it didn't find anything. Next, I ran the full scan on SUPERantispyware and it ended up with 57 infected files. 2 of the files were actual malware, according to the program, and the rest were tracking cookies. I don't recall what the infection was called with this particular scan. I removed all these files and restarted the computer so the program could finish deleting the files. After rebooting, Avira immediately starts notifying me that windows\system32\drivers\mrxsmb.sys is infected with TR/Rootkit.Gen

I am usually pretty good and solving issues like this myself, but I can't figure this one out. I have ran Malwarebytes, Avira, and SUPERantispyware several times in safe mode since Avira first notified me and they all say my system is clean. That directly contradicts what Avira says everytime I restart my computer. Right as Windows is booting up and Avira starts to load, I get the notification that my system may be infected. I have the Avira report saved to my computer. I didn't want to include it here, I'm trying my best to not complicate things.

I hope what I just typed makes sense.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Owner at 20:46:39 on 2011-12-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2022.1561 [GMT -6:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\owner\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\owner\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1321835740953
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
TCP: Interfaces\{3ACF436A-DFE5-4721-BE76-2B496858409A} : DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-11-20 14776]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-20 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-20 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-20 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-20 74640]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-11-21 79360]
.
=============== Created Last 30 ================
.
2011-12-13 00:07:53 -------- d-----w- C:\VundoFix Backups
2011-12-12 22:26:56 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys
2011-12-12 22:26:56 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2011-12-12 22:26:54 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2011-12-12 22:26:54 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2011-12-12 22:26:54 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2011-12-12 22:26:54 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2011-12-12 22:10:59 -------- d-----w- C:\Temp
2011-12-12 07:57:01 14744 ----a-w- c:\documents and settings\owner\application data\microsoft\identitycrl\production\ppcrlconfig.dll
2011-12-11 23:52:41 -------- d-----w- c:\documents and settings\owner\local settings\application data\Identities
2011-11-28 09:21:40 -------- d-----w- c:\documents and settings\owner\application data\uTorrent
2011-11-28 00:26:14 -------- d-----w- c:\program files\Safer Networking
2011-11-28 00:14:25 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-11-28 00:13:37 -------- d-----w- c:\windows\SHELLNEW
2011-11-27 18:45:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-24 00:16:34 -------- d-----w- c:\documents and settings\owner\application data\DVDVideoSoft
2011-11-24 00:14:27 -------- d-----w- C:\2011.2
2011-11-24 00:12:40 -------- d-----w- c:\documents and settings\owner\application data\DVDVideoSoftIEHelpers
2011-11-24 00:12:17 -------- d-----w- c:\program files\common files\DVDVideoSoft
2011-11-24 00:12:16 -------- d-----w- c:\program files\DVDVideoSoft
2011-11-23 07:01:55 -------- d-----w- c:\program files\Empty Temp Folders 2.8.3
2011-11-22 22:28:01 -------- d-----w- c:\documents and settings\owner\local settings\application data\Yahoo
2011-11-22 21:42:27 -------- d-----w- c:\windows\system32\winrm
2011-11-22 21:41:37 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-22 19:07:05 -------- d-----w- c:\windows\system32\NtmsData
2011-11-22 14:58:44 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-11-22 14:58:44 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-11-22 14:37:06 -------- d-----w- c:\documents and settings\owner\local settings\application data\Native Instruments
2011-11-22 14:20:24 -------- dc-h--w- c:\documents and settings\all users\application data\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-11-22 14:16:13 -------- dc-h--w- c:\documents and settings\all users\application data\{D1E50F38-400B-4231-8140-FB47E150B777}
2011-11-22 14:15:44 -------- d-----w- c:\documents and settings\all users\application data\Native Instruments
2011-11-22 12:23:41 -------- d-----w- c:\documents and settings\owner\TruePianos Settings
2011-11-22 12:21:35 -------- dc-h--w- c:\documents and settings\all users\application data\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
2011-11-22 12:21:15 -------- d-----w- c:\program files\Native Instruments
2011-11-22 12:21:15 -------- d-----w- c:\program files\common files\Native Instruments
2011-11-22 11:54:26 -------- d-----w- c:\program files\common files\Digidesign
2011-11-22 11:29:28 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-11-22 11:29:04 -------- d-----w- c:\documents and settings\all users\application data\Cakewalk
2011-11-22 11:19:51 -------- d-----w- c:\documents and settings\owner\application data\Cakewalk
2011-11-22 11:17:41 40960 ----a-w- c:\windows\system32\LSUninst.exe
2011-11-22 11:17:21 118784 ----a-w- c:\windows\dsdxirmv.exe
2011-11-22 11:16:24 368640 ----a-w- c:\windows\system32\ReWire.dll
2011-11-22 11:16:23 -------- d-----w- c:\program files\Cakewalk
2011-11-22 10:30:09 -------- d-----w- C:\Pimp bleep
2011-11-22 10:22:03 -------- d-----w- c:\program files\Sonic Foundry Noise Reduction Plug-In
2011-11-22 10:20:35 -------- d-----w- c:\program files\VSTplugins
2011-11-22 10:18:43 -------- d-----w- c:\program files\Sony
2011-11-22 10:18:22 -------- d-----w- c:\program files\Sony Setup
2011-11-22 09:35:04 3584 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2011-11-22 09:35:04 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-11-22 09:12:57 -------- d-----w- c:\windows\msdownld.tmp
2011-11-22 08:43:26 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sony
2011-11-21 20:43:46 -------- d-----w- C:\Cakewalk Projects
2011-11-21 20:31:18 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2011-11-21 20:31:18 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2011-11-21 20:31:01 476320 ------w- c:\windows\system32\ImagXpr7.dll
2011-11-21 20:31:01 471040 ------w- c:\windows\system32\ImagXRA7.dll
2011-11-21 20:31:01 262144 ------w- c:\windows\system32\ImagXR7.dll
2011-11-21 20:31:01 1568768 ------w- c:\windows\system32\ImagX7.dll
2011-11-21 20:31:01 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2011-11-21 20:31:01 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2011-11-21 20:18:55 -------- d-----w- c:\program files\VideoLAN
2011-11-21 20:00:11 -------- d-----w- c:\documents and settings\owner\application data\GameHouse
2011-11-21 20:00:10 -------- d-----w- c:\program files\GameHouse
2011-11-21 19:40:19 -------- d-----w- c:\program files\m
2011-11-21 19:33:09 -------- d-----w- c:\program files\Super Text Twist
2011-11-21 19:32:57 -------- d-----w- c:\program files\ReflexiveArcade
2011-11-21 19:24:29 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-11-21 19:24:29 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-11-21 18:36:02 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-11-21 18:35:53 -------- d-----w- c:\program files\common files\Creative Labs Shared
2011-11-21 18:35:17 102400 ----a-w- c:\windows\system32\cttele32.dll
2011-11-21 18:31:44 22691984 ----a-w- c:\windows\system32\AppSetup.exe
2011-11-21 18:02:28 647872 ------w- c:\windows\system32\Mscomct2.ocx
2011-11-21 18:02:27 41984 ------w- c:\windows\Ctregrun.exe
2011-11-21 18:02:08 90112 ------w- c:\windows\Updreg.EXE
2011-11-21 18:01:48 -------- d-----w- c:\program files\OpenAL
2011-11-21 17:59:50 77824 ------w- c:\windows\system32\ctdvda32.dll
2011-11-21 17:58:38 -------- d-----w- c:\program files\Creative
2011-11-21 17:56:23 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-11-21 17:56:23 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-11-21 17:56:23 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-11-21 17:56:23 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-11-21 17:56:23 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-11-21 17:56:22 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-11-21 17:56:21 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-11-21 17:56:21 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-11-21 17:52:00 -------- d-----w- c:\windows\SxsCaPendDel
2011-11-21 13:28:05 -------- d-----w- C:\- Jonserz bleep
2011-11-21 12:01:38 -------- d-----w- C:\Muhbleep Educational
2011-11-21 10:53:30 -------- d-----w- c:\program files\Yahoo!
2011-11-21 10:07:58 -------- d-----w- c:\windows\All Users
2011-11-21 09:01:13 89600 ----a-w- c:\windows\system32\GRID32.OCX
2011-11-21 09:01:13 205824 ----a-w- c:\windows\system32\CRESIZE5.OCX
2011-11-21 09:01:12 570128 ----a-w- c:\program files\common files\microsoft shared\dao\DAO350.dll
2011-11-21 09:01:12 24848 ----a-w- c:\windows\system32\MSJtEr35.dll
2011-11-21 09:01:12 143872 ----a-w- c:\windows\system32\unzip32.dll
2011-11-21 09:01:12 123664 ----a-w- c:\windows\system32\MSJInt35.dll
2011-11-21 09:01:12 115920 ----a-w- c:\windows\system32\MSINET.OCX
2011-11-21 09:00:56 71680 ----a-w- c:\windows\ST5UNST.EXE
2011-11-21 09:00:56 29696 ----a-w- c:\windows\system32\VB5StKit.dll
2011-11-21 08:23:58 -------- d-----w- c:\documents and settings\owner\local settings\application data\Adobe
2011-11-21 08:00:47 -------- d-----w- C:\2010
2011-11-21 07:52:41 -------- d-----w- C:\2011
2011-11-21 04:45:42 -------- d-----w- C:\Muhbleep Music
2011-11-21 03:44:46 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-11-21 03:44:46 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-11-21 03:44:41 -------- d-----w- c:\program files\IObit
2011-11-21 03:39:35 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-11-21 03:14:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-21 03:12:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-21 03:09:51 -------- d-----w- c:\windows\system32\Adobe
2011-11-21 03:00:45 -------- d-----w- c:\program files\CCleaner
2011-11-21 02:58:49 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2011-11-21 02:58:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-21 02:58:20 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-21 02:57:09 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-11-21 02:56:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-21 02:56:14 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 02:56:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-21 02:46:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-21 02:46:57 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-21 02:34:55 -------- d-----w- c:\documents and settings\owner\application data\Avira
2011-11-21 02:34:28 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-21 02:34:28 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-21 02:34:27 -------- d-----w- c:\program files\Avira
2011-11-21 02:34:27 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-11-21 02:03:31 -------- d-----w- c:\windows\system32\XPSViewer
2011-11-21 02:03:11 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-11-21 02:03:11 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-11-21 02:03:11 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-11-21 02:03:11 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-11-21 02:03:11 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-11-21 02:03:11 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-11-21 02:03:11 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-11-21 02:03:11 117760 ------w- c:\windows\system32\prntvpt.dll
2011-11-21 01:50:56 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-21 01:50:53 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-11-21 01:50:22 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-11-21 01:48:47 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-11-21 01:48:38 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-11-21 01:48:20 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-11-21 01:48:20 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2011-11-21 01:48:20 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-11-21 01:48:02 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-11-21 01:45:08 -------- d-----w- c:\documents and settings\owner\local settings\application data\WMTools Downloaded Files
2011-11-21 01:36:22 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2011-11-21 01:36:22 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-11-21 01:36:22 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-11-21 01:36:22 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-11-21 01:36:22 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2011-11-21 01:36:22 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-11-21 01:36:22 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2011-11-21 01:36:22 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-11-21 01:10:31 -------- d-----w- c:\windows\system32\scripting
2011-11-21 01:10:31 -------- d-----w- c:\windows\system32\en
2011-11-21 01:10:31 -------- d-----w- c:\windows\system32\bits
2011-11-21 01:10:31 -------- d-----w- c:\windows\l2schemas
2011-11-21 01:08:57 -------- d-----w- c:\windows\network diagnostic
2011-11-21 01:03:59 7168 ------w- c:\windows\system32\bitsprx4.dll
2011-11-21 01:03:59 233472 ------w- c:\windows\system32\azroles.dll
2011-11-21 01:03:58 136192 ------w- c:\windows\system32\aaclient.dll
2011-11-21 00:55:03 -------- d-----w- c:\program files\MSXML 4.0
2011-11-21 00:45:11 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-11-21 00:45:09 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-11-21 00:45:06 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2011-11-21 00:45:00 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-11-21 00:43:53 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-11-21 00:42:15 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-11-21 00:42:06 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-11-21 00:41:22 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-11-21 00:41:22 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-11-21 00:41:18 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-11-21 00:40:18 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-11-21 00:38:59 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-11-21 00:38:58 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-11-21 00:38:34 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-11-21 00:38:32 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-11-21 00:38:30 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-11-21 00:38:02 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-11-21 00:37:59 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-11-21 00:33:24 -------- d-----w- c:\windows\system32\PreInstall
2011-11-21 00:33:22 -------- d--h--w- c:\windows\$hf_mig$
2011-11-21 00:31:19 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-11-21 00:23:14 -------- d-----w- c:\documents and settings\owner\local settings\application data\ApplicationHistory
2011-11-21 00:21:23 -------- d-----w- c:\windows\ServicePackFiles
2011-11-21 00:20:29 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-11-21 00:11:56 -------- d-sh--w- c:\documents and settings\owner\UserData
2011-11-21 00:03:27 -------- d-----w- c:\windows\pss
2011-11-20 23:34:38 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google
2011-11-20 23:15:10 -------- d-----w- c:\program files\VS Revo Group
2011-11-20 23:10:04 163840 ----a-w- c:\windows\system32\igfxres.dll
2011-11-20 23:02:08 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-11-20 23:02:05 67072 ----a-w- c:\windows\POWERCFG.EXE
2011-11-20 23:01:58 -------- d-----w- c:\program files\MSN Encarta Plus
2011-11-20 23:01:28 -------- d-----w- c:\program files\Microsoft Money 2005
2011-11-20 23:01:23 543232 ----a-w- c:\windows\zHotkey.exe
2011-11-20 23:01:23 532544 ----a-w- c:\windows\PIC.dll
2011-11-20 23:01:23 5280 ----a-w- c:\windows\hotbtnv.vxd
2011-11-20 23:01:23 3926 ----a-w- c:\windows\mHotkey.reg
2011-11-20 23:01:23 36864 ----a-w- c:\windows\ShowWnd.exe
2011-11-20 23:01:23 24576 ----a-w- c:\windows\HKNTDLL.dll
2011-11-20 23:01:21 20480 ----a-w- c:\windows\system32\Marker32.exe
2011-11-20 23:01:20 471298 ----a-w- c:\windows\wallpg.exe
2011-11-20 22:57:28 279624 ----a-w- c:\windows\system32\mcgdmgr.dll
2011-11-20 22:57:27 341064 ----a-w- c:\windows\system32\mcinsctl.dll
2011-11-20 22:57:06 17956 ----a-w- c:\windows\BigFixClientOverride.dll
2011-11-20 22:55:01 155648 ----a-w- c:\windows\system32\igfxtray.exe
2011-11-20 22:54:59 167936 ----a-w- c:\windows\system32\igfxrfrc.lrc
2011-11-20 22:51:20 -------- d-----w- c:\program files\Microsoft Picture It! 10
2011-11-20 22:50:25 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-11-20 22:50:22 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-11-20 22:50:22 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-11-20 22:50:22 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2011-11-20 22:50:22 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-11-20 22:50:21 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-11-20 22:41:25 -------- d-----w- c:\windows\system32\URTTemp
2011-11-20 22:40:54 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-11-20 22:40:53 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-11-20 22:40:46 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-20 22:40:43 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-11-20 22:40:38 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-11-20 22:39:42 7168 ----a-w- c:\windows\system32\hccoin.dll
2011-11-20 22:39:42 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-11-20 22:29:51 24064 ----a-w- c:\windows\system32\IntelNic.dll
2011-11-20 22:29:51 154112 ----a-w- c:\windows\system32\drivers\e100b325.sys
2011-11-20 22:29:51 12288 ----a-w- c:\windows\system32\e100bmsg.dll
2011-11-20 22:29:51 118784 ----a-w- c:\windows\system32\Prounstl.exe
2011-11-20 22:29:51 -------- d-----w- c:\windows\creator
2011-11-20 22:29:50 -------- d-----w- c:\windows\SMINST
2011-11-20 22:29:37 -------- d-----r- C:\Program Files
2011-11-20 22:29:31 -------- d-----r- c:\documents and settings\all users\Documents
2011-11-20 22:29:03 -------- d-----r- c:\windows\Offline Web Pages
2011-11-20 22:28:19 -------- dcsh--r- c:\windows\system32\dllcache
.
==================== Find3M ====================
.
2011-11-21 18:35:04 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-11-21 18:35:04 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-20 22:54:20 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2011-11-20 22:54:18 24576 ----a-w- c:\windows\system32\prefscpl.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 20:47:33.62 ===============

Attached Files


The most important thing in communication is to hear what isn't being said.

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:02 PM

Posted 15 December 2011 - 02:55 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

It looks like we maybe dealing with an infection known as ZeroAccess.

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:




Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:07:02 PM

Posted 15 December 2011 - 07:24 AM

You were right about the infection I believe. Here are the reports...

I'm curious as to why you don't want me to remove the infections that TDSS found?

06:06:47.0687 0936 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
06:06:48.0312 0936 ============================================================
06:06:48.0312 0936 Current date / time: 2011/12/15 06:06:48.0312
06:06:48.0312 0936 SystemInfo:
06:06:48.0312 0936
06:06:48.0312 0936 OS Version: 5.1.2600 ServicePack: 3.0
06:06:48.0312 0936 Product type: Workstation
06:06:48.0312 0936 ComputerName: YOUR-B111E91627
06:06:48.0312 0936 UserName: Owner
06:06:48.0312 0936 Windows directory: C:\WINDOWS
06:06:48.0312 0936 System windows directory: C:\WINDOWS
06:06:48.0312 0936 Processor architecture: Intel x86
06:06:48.0312 0936 Number of processors: 2
06:06:48.0312 0936 Page size: 0x1000
06:06:48.0312 0936 Boot type: Normal boot
06:06:48.0312 0936 ============================================================
06:06:49.0593 0936 Initialize success
06:06:57.0781 1032 ============================================================
06:06:57.0781 1032 Scan started
06:06:57.0781 1032 Mode: Manual; SigCheck; TDLFS;
06:06:57.0781 1032 ============================================================
06:06:58.0718 1032 Abiosdsk - ok
06:06:58.0796 1032 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
06:07:01.0859 1032 abp480n5 - ok
06:07:02.0156 1032 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:07:02.0390 1032 ACPI - ok
06:07:02.0421 1032 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:07:02.0578 1032 ACPIEC - ok
06:07:02.0593 1032 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
06:07:02.0781 1032 adpu160m - ok
06:07:02.0828 1032 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:07:03.0000 1032 aec - ok
06:07:03.0078 1032 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:07:03.0171 1032 AFD - ok
06:07:03.0187 1032 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
06:07:03.0375 1032 agp440 - ok
06:07:03.0375 1032 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
06:07:03.0531 1032 agpCPQ - ok
06:07:03.0546 1032 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
06:07:03.0609 1032 Aha154x - ok
06:07:03.0625 1032 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
06:07:03.0781 1032 aic78u2 - ok
06:07:03.0796 1032 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
06:07:03.0921 1032 aic78xx - ok
06:07:03.0937 1032 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:07:04.0078 1032 AliIde - ok
06:07:04.0093 1032 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
06:07:04.0250 1032 alim1541 - ok
06:07:04.0250 1032 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
06:07:04.0390 1032 amdagp - ok
06:07:04.0406 1032 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
06:07:04.0468 1032 amsint - ok
06:07:04.0515 1032 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:07:04.0640 1032 Arp1394 - ok
06:07:04.0656 1032 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
06:07:04.0812 1032 asc - ok
06:07:04.0812 1032 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
06:07:04.0890 1032 asc3350p - ok
06:07:04.0906 1032 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
06:07:05.0031 1032 asc3550 - ok
06:07:05.0093 1032 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
06:07:05.0109 1032 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
06:07:05.0109 1032 ASCTRM - detected UnsignedFile.Multi.Generic (1)
06:07:05.0156 1032 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:07:05.0281 1032 AsyncMac - ok
06:07:05.0296 1032 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:07:05.0437 1032 atapi - ok
06:07:05.0453 1032 Atdisk - ok
06:07:05.0484 1032 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:07:05.0625 1032 Atmarpc - ok
06:07:05.0656 1032 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:07:05.0781 1032 audstub - ok
06:07:05.0828 1032 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
06:07:05.0890 1032 avgntflt - ok
06:07:05.0921 1032 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
06:07:05.0937 1032 avipbb - ok
06:07:05.0953 1032 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
06:07:05.0968 1032 avkmgr - ok
06:07:06.0000 1032 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:07:06.0140 1032 Beep - ok
06:07:06.0171 1032 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
06:07:06.0312 1032 cbidf - ok
06:07:06.0312 1032 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:07:06.0453 1032 cbidf2k - ok
06:07:06.0468 1032 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
06:07:06.0531 1032 cd20xrnt - ok
06:07:06.0562 1032 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:07:06.0687 1032 Cdaudio - ok
06:07:06.0703 1032 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:07:06.0843 1032 Cdfs - ok
06:07:06.0875 1032 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:07:07.0218 1032 Cdrom - ok
06:07:07.0234 1032 Changer - ok
06:07:07.0250 1032 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
06:07:07.0375 1032 CmdIde - ok
06:07:07.0406 1032 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
06:07:07.0546 1032 Cpqarray - ok
06:07:07.0625 1032 CT20XUT (b9106942eb5dd0e034ab40a9d48d056e) C:\WINDOWS\system32\drivers\CT20XUT.SYS
06:07:07.0640 1032 CT20XUT - ok
06:07:07.0656 1032 CT20XUT.SYS (b9106942eb5dd0e034ab40a9d48d056e) C:\WINDOWS\System32\drivers\CT20XUT.SYS
06:07:07.0671 1032 CT20XUT.SYS - ok
06:07:07.0750 1032 ctac32k (f2b1d0a3d21bd0d9f46457cbcec1a0e9) C:\WINDOWS\system32\drivers\ctac32k.sys
06:07:07.0765 1032 ctac32k - ok
06:07:07.0828 1032 ctaud2k (44f60a5e3c3a8a6bba4c280948ea6095) C:\WINDOWS\system32\drivers\ctaud2k.sys
06:07:07.0843 1032 ctaud2k - ok
06:07:07.0890 1032 ctdvda2k (8cbe82d6bbf206e144f22cb33fab1f2c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
06:07:07.0953 1032 ctdvda2k - ok
06:07:08.0031 1032 CTEXFIFX (4ae083d16ac9fc9bdf98498f93426226) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
06:07:08.0078 1032 CTEXFIFX - ok
06:07:08.0109 1032 CTEXFIFX.SYS (4ae083d16ac9fc9bdf98498f93426226) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
06:07:08.0171 1032 CTEXFIFX.SYS - ok
06:07:08.0187 1032 CTHWIUT (b610bfe02f9fc0cb0b1cde3ec4c13ffa) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
06:07:08.0203 1032 CTHWIUT - ok
06:07:08.0203 1032 CTHWIUT.SYS (b610bfe02f9fc0cb0b1cde3ec4c13ffa) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
06:07:08.0218 1032 CTHWIUT.SYS - ok
06:07:08.0234 1032 ctprxy2k (f0f19a13c948e5289601e354b08e0941) C:\WINDOWS\system32\drivers\ctprxy2k.sys
06:07:08.0250 1032 ctprxy2k - ok
06:07:08.0281 1032 ctsfm2k (c7b2c36a6203a5f3d0a378fd78c5ddd6) C:\WINDOWS\system32\drivers\ctsfm2k.sys
06:07:08.0296 1032 ctsfm2k - ok
06:07:08.0312 1032 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
06:07:08.0453 1032 dac2w2k - ok
06:07:08.0468 1032 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
06:07:08.0609 1032 dac960nt - ok
06:07:08.0625 1032 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:07:08.0750 1032 Disk - ok
06:07:08.0796 1032 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:07:08.0984 1032 dmboot - ok
06:07:09.0046 1032 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:07:09.0187 1032 dmio - ok
06:07:09.0203 1032 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:07:09.0328 1032 dmload - ok
06:07:09.0375 1032 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:07:09.0515 1032 DMusic - ok
06:07:09.0531 1032 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
06:07:09.0703 1032 dpti2o - ok
06:07:09.0703 1032 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:07:09.0828 1032 drmkaud - ok
06:07:09.0859 1032 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
06:07:09.0921 1032 E100B - ok
06:07:09.0968 1032 emupia (fb2d6d4d14ae801f5267b0368fc0cb0c) C:\WINDOWS\system32\drivers\emupia2k.sys
06:07:09.0984 1032 emupia - ok
06:07:10.0015 1032 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:07:10.0140 1032 Fastfat - ok
06:07:10.0171 1032 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:07:10.0312 1032 Fdc - ok
06:07:10.0343 1032 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:07:10.0468 1032 Fips - ok
06:07:10.0531 1032 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:07:10.0671 1032 Flpydisk - ok
06:07:10.0734 1032 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:07:10.0859 1032 FltMgr - ok
06:07:10.0921 1032 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:07:11.0062 1032 Fs_Rec - ok
06:07:11.0078 1032 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:07:11.0234 1032 Ftdisk - ok
06:07:11.0312 1032 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:07:11.0421 1032 Gpc - ok
06:07:11.0468 1032 ha20x2k (7ff1ced1201c169a783b0e81cc561fba) C:\WINDOWS\system32\drivers\ha20x2k.sys
06:07:11.0515 1032 ha20x2k - ok
06:07:11.0562 1032 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:07:11.0687 1032 HidUsb - ok
06:07:11.0703 1032 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
06:07:11.0828 1032 hpn - ok
06:07:11.0875 1032 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:07:11.0953 1032 HTTP - ok
06:07:11.0984 1032 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
06:07:12.0109 1032 i2omgmt - ok
06:07:12.0109 1032 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
06:07:12.0234 1032 i2omp - ok
06:07:12.0250 1032 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:07:12.0406 1032 i8042prt - ok
06:07:12.0484 1032 ialm (7c7560001937dd47fe933de2181227f2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
06:07:12.0578 1032 ialm - ok
06:07:12.0625 1032 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:07:12.0750 1032 Imapi - ok
06:07:12.0781 1032 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
06:07:12.0906 1032 ini910u - ok
06:07:12.0921 1032 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:07:13.0062 1032 IntelIde - ok
06:07:13.0093 1032 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:07:13.0218 1032 intelppm - ok
06:07:13.0250 1032 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:07:13.0406 1032 Ip6Fw - ok
06:07:13.0437 1032 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:07:13.0593 1032 IpFilterDriver - ok
06:07:13.0625 1032 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:07:13.0750 1032 IpInIp - ok
06:07:13.0781 1032 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:07:13.0906 1032 IpNat - ok
06:07:13.0921 1032 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:07:14.0046 1032 IPSec - ok
06:07:14.0093 1032 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:07:14.0218 1032 IRENUM - ok
06:07:14.0234 1032 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:07:14.0390 1032 isapnp - ok
06:07:14.0453 1032 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:07:14.0578 1032 Kbdclass - ok
06:07:14.0609 1032 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:07:14.0718 1032 kbdhid - ok
06:07:14.0750 1032 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:07:14.0921 1032 kmixer - ok
06:07:14.0968 1032 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:07:15.0125 1032 KSecDD - ok
06:07:15.0140 1032 lbrtfdc - ok
06:07:15.0187 1032 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
06:07:15.0203 1032 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
06:07:15.0203 1032 MHNDRV - detected UnsignedFile.Multi.Generic (1)
06:07:15.0203 1032 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:07:15.0328 1032 mnmdd - ok
06:07:15.0359 1032 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:07:15.0515 1032 Modem - ok
06:07:15.0531 1032 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:07:15.0640 1032 Mouclass - ok
06:07:15.0703 1032 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:07:15.0828 1032 mouhid - ok
06:07:15.0843 1032 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:07:15.0984 1032 MountMgr - ok
06:07:15.0984 1032 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
06:07:16.0125 1032 mraid35x - ok
06:07:16.0171 1032 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:07:16.0312 1032 MRxDAV - ok
06:07:16.0328 1032 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:07:16.0453 1032 Msfs - ok
06:07:16.0484 1032 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:07:16.0609 1032 MSKSSRV - ok
06:07:16.0625 1032 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:07:16.0750 1032 MSPCLOCK - ok
06:07:16.0781 1032 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:07:16.0921 1032 MSPQM - ok
06:07:16.0968 1032 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:07:17.0078 1032 mssmbios - ok
06:07:17.0093 1032 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:07:17.0187 1032 Mup - ok
06:07:17.0234 1032 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
06:07:17.0359 1032 mxnic - ok
06:07:17.0375 1032 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:07:17.0531 1032 NDIS - ok
06:07:17.0562 1032 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:07:17.0593 1032 NdisTapi - ok
06:07:17.0640 1032 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:07:17.0750 1032 Ndisuio - ok
06:07:17.0765 1032 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:07:17.0921 1032 NdisWan - ok
06:07:17.0953 1032 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:07:18.0046 1032 NDProxy - ok
06:07:18.0062 1032 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:07:18.0187 1032 NetBIOS - ok
06:07:18.0203 1032 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:07:18.0343 1032 NetBT - ok
06:07:18.0375 1032 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:07:18.0500 1032 NIC1394 - ok
06:07:18.0515 1032 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:07:18.0625 1032 Npfs - ok
06:07:18.0687 1032 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:07:18.0843 1032 Ntfs - ok
06:07:18.0875 1032 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:07:19.0015 1032 Null - ok
06:07:19.0078 1032 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:07:19.0328 1032 nv - ok
06:07:19.0359 1032 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:07:19.0484 1032 NwlnkFlt - ok
06:07:19.0515 1032 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:07:19.0640 1032 NwlnkFwd - ok
06:07:19.0671 1032 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:07:19.0828 1032 ohci1394 - ok
06:07:19.0906 1032 ossrv (ac5bf1a610effaae9cfc48cb53483f08) C:\WINDOWS\system32\drivers\ctoss2k.sys
06:07:19.0921 1032 ossrv - ok
06:07:19.0921 1032 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
06:07:20.0062 1032 P3 - ok
06:07:20.0078 1032 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
06:07:20.0203 1032 Parport - ok
06:07:20.0203 1032 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:07:20.0328 1032 PartMgr - ok
06:07:20.0359 1032 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:07:20.0484 1032 ParVdm - ok
06:07:20.0500 1032 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:07:20.0625 1032 PCI - ok
06:07:20.0640 1032 PCIDump - ok
06:07:20.0671 1032 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:07:20.0796 1032 PCIIde - ok
06:07:20.0828 1032 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:07:20.0953 1032 Pcmcia - ok
06:07:20.0968 1032 PDCOMP - ok
06:07:20.0984 1032 PDFRAME - ok
06:07:21.0000 1032 PDRELI - ok
06:07:21.0015 1032 PDRFRAME - ok
06:07:21.0062 1032 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
06:07:21.0203 1032 perc2 - ok
06:07:21.0218 1032 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
06:07:21.0343 1032 perc2hib - ok
06:07:21.0375 1032 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:07:21.0500 1032 PptpMiniport - ok
06:07:21.0515 1032 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:07:21.0671 1032 PSched - ok
06:07:21.0671 1032 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:07:21.0812 1032 Ptilink - ok
06:07:21.0812 1032 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:07:21.0843 1032 PxHelp20 - ok
06:07:21.0859 1032 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
06:07:21.0984 1032 ql1080 - ok
06:07:22.0000 1032 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
06:07:22.0140 1032 Ql10wnt - ok
06:07:22.0140 1032 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
06:07:22.0281 1032 ql12160 - ok
06:07:22.0296 1032 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
06:07:22.0421 1032 ql1240 - ok
06:07:22.0437 1032 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
06:07:22.0593 1032 ql1280 - ok
06:07:22.0640 1032 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:07:22.0765 1032 RasAcd - ok
06:07:22.0781 1032 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:07:22.0906 1032 Rasl2tp - ok
06:07:22.0921 1032 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:07:23.0046 1032 RasPppoe - ok
06:07:23.0062 1032 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:07:23.0187 1032 Raspti - ok
06:07:23.0203 1032 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:07:23.0312 1032 Rdbss - ok
06:07:23.0343 1032 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:07:23.0453 1032 RDPCDD - ok
06:07:23.0484 1032 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:07:23.0609 1032 rdpdr - ok
06:07:23.0656 1032 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
06:07:23.0718 1032 RDPWD - ok
06:07:23.0734 1032 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:07:23.0859 1032 redbook - ok
06:07:23.0953 1032 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
06:07:23.0968 1032 SASDIFSV - ok
06:07:23.0968 1032 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
06:07:23.0984 1032 SASKUTIL - ok
06:07:24.0015 1032 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:07:24.0171 1032 Secdrv - ok
06:07:24.0187 1032 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:07:24.0312 1032 serenum - ok
06:07:24.0328 1032 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:07:24.0453 1032 Serial - ok
06:07:24.0500 1032 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:07:24.0625 1032 Sfloppy - ok
06:07:24.0640 1032 Simbad - ok
06:07:24.0671 1032 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
06:07:24.0796 1032 sisagp - ok
06:07:24.0828 1032 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
06:07:24.0843 1032 SmartDefragDriver - ok
06:07:24.0859 1032 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
06:07:24.0921 1032 Sparrow - ok
06:07:24.0953 1032 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:07:25.0078 1032 splitter - ok
06:07:25.0109 1032 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:07:25.0234 1032 sr - ok
06:07:25.0281 1032 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:07:25.0421 1032 Srv - ok
06:07:25.0468 1032 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
06:07:25.0484 1032 ssmdrv - ok
06:07:25.0515 1032 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys
06:07:25.0531 1032 SunkFilt ( UnsignedFile.Multi.Generic ) - warning
06:07:25.0531 1032 SunkFilt - detected UnsignedFile.Multi.Generic (1)
06:07:25.0562 1032 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:07:25.0687 1032 swenum - ok
06:07:25.0687 1032 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:07:25.0843 1032 swmidi - ok
06:07:25.0859 1032 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
06:07:26.0000 1032 symc810 - ok
06:07:26.0000 1032 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
06:07:26.0140 1032 symc8xx - ok
06:07:26.0156 1032 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
06:07:26.0296 1032 sym_hi - ok
06:07:26.0312 1032 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
06:07:26.0437 1032 sym_u3 - ok
06:07:26.0468 1032 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:07:26.0593 1032 sysaudio - ok
06:07:26.0656 1032 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:07:26.0687 1032 Tcpip - ok
06:07:26.0718 1032 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:07:26.0859 1032 TDPIPE - ok
06:07:26.0906 1032 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:07:27.0046 1032 TDTCP - ok
06:07:27.0078 1032 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:07:27.0203 1032 TermDD - ok
06:07:27.0218 1032 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
06:07:27.0359 1032 TosIde - ok
06:07:27.0390 1032 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:07:27.0515 1032 Udfs - ok
06:07:27.0531 1032 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
06:07:27.0609 1032 ultra - ok
06:07:27.0640 1032 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:07:27.0796 1032 Update - ok
06:07:27.0843 1032 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:07:27.0968 1032 usbaudio - ok
06:07:28.0015 1032 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:07:28.0140 1032 usbccgp - ok
06:07:28.0156 1032 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:07:28.0281 1032 usbehci - ok
06:07:28.0328 1032 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:07:28.0437 1032 usbhub - ok
06:07:28.0500 1032 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:07:28.0625 1032 USBSTOR - ok
06:07:28.0687 1032 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:07:28.0812 1032 usbuhci - ok
06:07:28.0875 1032 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:07:29.0000 1032 VgaSave - ok
06:07:29.0015 1032 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
06:07:29.0156 1032 viaagp - ok
06:07:29.0187 1032 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
06:07:29.0312 1032 ViaIde - ok
06:07:29.0328 1032 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:07:29.0453 1032 VolSnap - ok
06:07:29.0531 1032 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:07:29.0640 1032 Wanarp - ok
06:07:29.0656 1032 wanatw - ok
06:07:29.0671 1032 WDICA - ok
06:07:29.0718 1032 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:07:29.0875 1032 wdmaud - ok
06:07:29.0953 1032 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
06:07:30.0093 1032 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
06:07:30.0093 1032 \Device\Harddisk0\DR0 - detected TDSS File System (1)
06:07:30.0093 1032 Boot (0x1200) (22441aec1c9344f55e95052d2afc3e15) \Device\Harddisk0\DR0\Partition0
06:07:30.0093 1032 \Device\Harddisk0\DR0\Partition0 - ok
06:07:30.0109 1032 Boot (0x1200) (3e9918d06645db4045b1ed73a7f07efb) \Device\Harddisk0\DR0\Partition1
06:07:30.0109 1032 \Device\Harddisk0\DR0\Partition1 - ok
06:07:30.0109 1032 ============================================================
06:07:30.0109 1032 Scan finished
06:07:30.0109 1032 ============================================================
06:07:30.0218 1008 Detected object count: 4
06:07:30.0218 1008 Actual detected object count: 4
06:07:51.0234 1008 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
06:07:51.0234 1008 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:07:51.0234 1008 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
06:07:51.0234 1008 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:07:51.0234 1008 SunkFilt ( UnsignedFile.Multi.Generic ) - skipped by user
06:07:51.0234 1008 SunkFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:07:51.0234 1008 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
06:07:51.0234 1008 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

OTL logfile created on: 12/15/2011 6:15:04 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 78.08% Memory free
3.82 Gb Paging File | 3.49 Gb Available in Paging File | 91.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 591.67 Gb Total Space | 87.57 Gb Free Space | 14.80% Space Free | Partition Type: NTFS
Drive D: | 4.50 Gb Total Space | 1.69 Gb Free Space | 37.66% Space Free | Partition Type: FAT32

Computer Name: YOUR-B111E91627 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/15 06:12:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (PrismXL)
SRV - [2011/12/05 07:44:34 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/11/21 12:35:53 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/07/27 23:11:38 | 000,026,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)


========== Driver Services (SafeList) ==========

DRV - [2011/11/20 16:54:20 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/05 21:29:18 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010/05/05 21:29:10 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/05/05 21:29:02 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/05/05 21:28:54 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/05/05 21:24:44 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/05/05 21:24:34 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/05/05 21:24:24 | 000,526,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/05/05 21:24:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/05/05 21:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2010/05/05 21:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010/05/05 21:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2010/05/05 21:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010/05/05 21:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2010/05/05 21:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2004/11/15 19:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2001/08/17 14:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-170930444-3569575782-3655870167-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-170930444-3569575782-3655870167-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-170930444-3569575782-3655870167-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Earth\plugin\npgeplugin.dll (Google)



O1 HOSTS File: ([2011/12/10 23:37:39 | 000,438,843 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15095 more lines...
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-170930444-3569575782-3655870167-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-170930444-3569575782-3655870167-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-170930444-3569575782-3655870167-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-170930444-3569575782-3655870167-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-170930444-3569575782-3655870167-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-170930444-3569575782-3655870167-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1321835740953 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ACF436A-DFE5-4721-BE76-2B496858409A}: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
O18 - Protocol\Handler\ms-itss - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/27 19:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 18:24:26 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/15 06:12:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/12/15 06:05:57 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/12/14 15:54:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/12/14 11:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2011/12/14 11:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/12/14 11:30:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/12/14 11:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/12/14 11:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/12/14 11:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/12/14 11:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/12/14 11:28:19 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/12/13 15:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My eBooks
[2011/12/13 15:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2011/12/13 02:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/12/13 01:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\BC
[2011/12/12 16:26:56 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2011/12/12 16:26:56 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
[2011/12/12 16:26:54 | 000,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2011/12/12 16:26:54 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2011/12/12 16:26:54 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2011/12/12 06:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/12 06:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/12 05:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/12/11 17:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities
[2011/11/28 03:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2011/11/28 03:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2011/11/28 01:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Google
[2011/11/28 01:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/27 18:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\- ME
[2011/11/27 18:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safer Networking
[2011/11/27 18:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2011/11/27 12:45:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/27 12:45:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/27 12:45:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/27 12:45:28 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/11/23 18:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoft
[2011/11/23 18:14:27 | 000,000,000 | ---D | C] -- C:\2011.2
[2011/11/23 18:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers
[2011/11/23 18:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DVDVideoSoft
[2011/11/23 18:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2011/11/23 18:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/11/23 18:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011/11/23 01:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Empty Temp Folders 2.8.3
[2011/11/23 01:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\Empty Temp Folders 2.8.3
[2011/11/22 16:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo
[2011/11/22 16:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/11/22 16:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/11/22 15:42:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/11/22 15:42:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/11/22 15:15:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/11/22 13:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/11/22 08:58:44 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/11/22 08:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Native Instruments
[2011/11/22 08:20:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
[2011/11/22 08:16:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D1E50F38-400B-4231-8140-FB47E150B777}
[2011/11/22 08:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011/11/22 08:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Battery 3 Library
[2011/11/22 06:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\TruePianos Settings
[2011/11/22 06:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Native Instruments
[2011/11/22 06:21:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
[2011/11/22 06:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2011/11/22 06:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2011/11/22 06:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Native Instruments
[2011/11/22 05:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2011/11/22 05:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Cakewalk
[2011/11/22 05:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Identities
[2011/11/22 05:29:28 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\REX Shared Library.dll
[2011/11/22 05:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2011/11/22 05:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Cakewalk
[2011/11/22 05:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cakewalk
[2011/11/22 05:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Virtual Sound Canvas DXi
[2011/11/22 05:16:24 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\ReWire.dll
[2011/11/22 05:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2011/11/22 04:49:40 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/11/22 04:30:09 | 000,000,000 | ---D | C] -- C:\Pimp bleep
[2011/11/22 04:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic Foundry Noise Reduction Plug-In
[2011/11/22 04:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\VSTplugins
[2011/11/22 04:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony
[2011/11/22 04:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/11/22 04:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2011/11/22 03:55:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2011/11/22 03:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2011/11/22 02:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sony
[2011/11/22 02:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sony
[2011/11/21 17:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Template
[2011/11/21 14:43:46 | 000,000,000 | ---D | C] -- C:\Cakewalk Projects
[2011/11/21 14:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2011/11/21 14:31:18 | 000,125,184 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys
[2011/11/21 14:31:18 | 000,005,504 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys
[2011/11/21 14:31:01 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2011/11/21 14:31:01 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2011/11/21 14:31:01 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2011/11/21 14:31:01 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2011/11/21 14:31:01 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2011/11/21 14:31:01 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2011/11/21 14:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2011/11/21 14:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2011/11/21 14:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2011/11/21 14:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/11/21 14:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/11/21 14:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\GameHouse
[2011/11/21 14:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GameHouse
[2011/11/21 14:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GameHouse
[2011/11/21 14:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\GameHouse
[2011/11/21 13:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\m
[2011/11/21 13:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Super Text Twist
[2011/11/21 13:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Super Text Twist
[2011/11/21 13:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2011/11/21 13:24:29 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/11/21 13:24:29 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/11/21 12:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2011/11/21 12:35:17 | 000,102,400 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\cttele32.dll
[2011/11/21 12:31:44 | 022,691,984 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\AppSetup.exe
[2011/11/21 12:02:28 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscomct2.ocx
[2011/11/21 12:02:27 | 000,041,984 | ---- | C] (Creative Technology Ltd ) -- C:\WINDOWS\Ctregrun.exe
[2011/11/21 12:02:08 | 000,090,112 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\Updreg.EXE
[2011/11/21 12:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/11/21 11:59:50 | 000,077,824 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctdvda32.dll
[2011/11/21 11:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Creative
[2011/11/21 11:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2011/11/21 11:52:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/11/21 07:28:05 | 000,000,000 | ---D | C] -- C:\- Jonserz bleep
[2011/11/21 06:39:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/11/21 06:01:38 | 000,000,000 | ---D | C] -- C:\Muhbleep Educational
[2011/11/21 05:20:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\- My Videos
[2011/11/21 04:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2011/11/21 04:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/11/21 04:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2011/11/21 04:48:54 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/11/21 04:48:52 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/11/21 04:48:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/11/21 04:48:46 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2011/11/21 04:48:46 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2011/11/21 04:48:46 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/11/21 04:48:46 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/11/21 04:48:45 | 002,095,600 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2011/11/21 04:48:45 | 000,698,864 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2011/11/21 04:48:45 | 000,571,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2011/11/21 04:48:45 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2011/11/21 04:48:45 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2011/11/21 04:48:45 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2011/11/21 04:48:45 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2011/11/21 04:48:45 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2011/11/21 04:48:45 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2011/11/21 04:48:45 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2011/11/21 04:48:45 | 000,059,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwma.dll
[2011/11/21 04:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/11/21 04:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Winamp
[2011/11/21 04:07:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\All Users
[2011/11/21 03:58:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/11/21 03:01:13 | 000,205,824 | ---- | C] (xyz) -- C:\WINDOWS\System32\CRESIZE5.OCX
[2011/11/21 03:01:13 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GRID32.OCX
[2011/11/21 03:01:12 | 000,143,872 | ---- | C] (Info-ZIP) -- C:\WINDOWS\System32\unzip32.dll
[2011/11/21 03:01:12 | 000,123,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJInt35.dll
[2011/11/21 03:01:12 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2011/11/21 03:01:12 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJtEr35.dll
[2011/11/21 03:00:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST5UNST.EXE
[2011/11/21 03:00:56 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5StKit.dll
[2011/11/21 02:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinRAR
[2011/11/21 02:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\WinRAR
[2011/11/21 02:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/11/21 02:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/11/21 02:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2011/11/21 02:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
[2011/11/21 02:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/21 02:00:47 | 000,000,000 | ---D | C] -- C:\2010
[2011/11/21 01:52:41 | 000,000,000 | ---D | C] -- C:\2011
[2011/11/21 01:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\- My Productions
[2011/11/21 01:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\- My Received Files
[2011/11/20 22:45:42 | 000,000,000 | ---D | C] -- C:\Muhbleep Music
[2011/11/20 21:59:01 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF_Cleaner.exe
[2011/11/20 21:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2011/11/20 21:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/11/20 21:39:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/11/20 21:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/11/20 21:14:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/11/20 21:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2011/11/20 21:12:29 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/20 21:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2011/11/20 21:09:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/11/20 21:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/20 21:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/11/20 20:58:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2011/11/20 20:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\SUPERAntiSpyware
[2011/11/20 20:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/11/20 20:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/20 20:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/11/20 20:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/20 20:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/20 20:56:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/20 20:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/20 20:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/20 20:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/20 20:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/11/20 20:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2011/11/20 20:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/11/20 20:34:28 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/11/20 20:34:28 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/11/20 20:34:28 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/11/20 20:34:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/11/20 20:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/11/20 20:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/11/20 20:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/11/20 20:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/11/20 20:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/11/20 20:03:11 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/11/20 20:03:11 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/11/20 20:03:11 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/11/20 20:03:11 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/11/20 20:03:11 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/11/20 20:03:11 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/11/20 19:50:56 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/11/20 19:50:53 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/11/20 19:50:22 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/11/20 19:48:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/11/20 19:48:38 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/11/20 19:48:20 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/11/20 19:48:20 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/11/20 19:48:20 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/11/20 19:48:02 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/11/20 19:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
[2011/11/20 19:38:28 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/11/20 19:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2011/11/20 19:36:22 | 006,076,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/11/20 19:36:22 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2011/11/20 19:36:22 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2011/11/20 19:36:22 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/11/20 19:36:22 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2011/11/20 19:36:22 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/11/20 19:36:22 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2011/11/20 19:36:22 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/11/20 19:36:22 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2011/11/20 19:36:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/11/20 19:35:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/11/20 19:34:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2011/11/20 19:20:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\- My Pictures
[2011/11/20 19:19:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/11/20 19:10:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/11/20 19:10:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/11/20 19:10:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/11/20 19:10:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/11/20 19:10:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/11/20 19:08:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/11/20 19:06:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/11/20 19:04:15 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2011/11/20 19:04:15 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2011/11/20 19:04:15 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2011/11/20 19:04:14 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2011/11/20 19:04:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2011/11/20 19:04:12 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2011/11/20 19:04:11 | 008,251,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehres.dll
[2011/11/20 19:04:11 | 001,720,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehshell.exe
[2011/11/20 19:04:11 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehuihlp.dll
[2011/11/20 19:04:11 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehcm.dll
[2011/11/20 19:04:11 | 000,581,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehepg.dll
[2011/11/20 19:04:11 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehui.dll
[2011/11/20 19:04:11 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2011/11/20 19:04:11 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehrecobj.dll
[2011/11/20 19:04:11 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehividctl.dll
[2011/11/20 19:04:11 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\debugsvc.dll
[2011/11/20 19:04:11 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehplayer.dll
[2011/11/20 19:04:11 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiproxy.dll
[2011/11/20 19:04:11 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehrec.exe
[2011/11/20 19:04:11 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiplay.dll
[2011/11/20 19:04:11 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehepgdat.dll
[2011/11/20 19:04:11 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiwmp.dll
[2011/11/20 19:04:11 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehdrop.dll
[2011/11/20 19:04:11 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehcir.dll
[2011/11/20 19:04:11 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehituner.dll
[2011/11/20 19:04:11 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehsched.exe
[2011/11/20 19:04:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehepgdec.dll
[2011/11/20 19:04:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehproxy.dll
[2011/11/20 19:04:11 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehtray.exe
[2011/11/20 19:04:11 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehepgnet.dll
[2011/11/20 19:04:11 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehentt.dll
[2011/11/20 19:04:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehdebug.dll
[2011/11/20 19:04:10 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2011/11/20 19:04:10 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2011/11/20 19:04:10 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2011/11/20 19:04:09 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2011/11/20 19:04:09 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2011/11/20 19:04:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2011/11/20 19:04:09 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2011/11/20 19:04:09 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2011/11/20 19:04:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2011/11/20 19:04:08 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2011/11/20 19:04:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2011/11/20 19:04:06 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2011/11/20 19:04:06 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2011/11/20 19:04:06 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2011/11/20 19:04:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2011/11/20 19:04:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2011/11/20 19:04:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2011/11/20 19:04:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2011/11/20 19:04:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2011/11/20 19:04:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2011/11/20 19:04:01 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2011/11/20 19:04:01 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2011/11/20 19:04:01 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2011/11/20 19:04:01 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2011/11/20 19:04:00 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2011/11/20 19:04:00 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2011/11/20 19:04:00 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2011/11/20 19:04:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2011/11/20 19:04:00 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2011/11/20 19:04:00 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2011/11/20 19:03:59 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2011/11/20 19:03:59 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/11/20 19:03:58 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2011/11/20 18:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative
[2011/11/20 18:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/11/20 18:44:41 | 000,445,016 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2011/11/20 18:44:40 | 000,109,144 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2011/11/20 18:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Creative
[2011/11/20 18:44:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\data
[2011/11/20 18:44:29 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2011/11/20 18:44:29 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2011/11/20 18:44:29 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2011/11/20 18:44:29 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2011/11/20 18:44:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2011/11/20 18:44:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2011/11/20 18:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/11/20 18:43:53 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/11/20 18:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2011/11/20 18:42:15 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/11/20 18:42:06 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011/11/20 18:41:22 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/11/20 18:41:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/11/20 18:41:18 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/11/20 18:39:54 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2011/11/20 18:39:04 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011/11/20 18:39:03 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/11/20 18:39:03 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/11/20 18:39:03 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/11/20 18:38:34 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2011/11/20 18:38:32 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011/11/20 18:38:30 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2011/11/20 18:38:02 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/11/20 18:37:59 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011/11/20 18:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/11/20 18:33:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/11/20 18:33:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/11/20 18:31:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/11/20 18:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[2011/11/20 18:22:35 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehchsime.dll
[2011/11/20 18:22:35 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdatunepia.dll
[2011/11/20 18:22:34 | 000,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehsqqp20.dll
[2011/11/20 18:22:34 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehsqdb20.dll
[2011/11/20 18:22:34 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehglid.dll
[2011/11/20 18:22:34 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehcommon.dll
[2011/11/20 18:22:34 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehsqse20.dll
[2011/11/20 18:22:34 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiepg.dll
[2011/11/20 18:22:34 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiextens.dll
[2011/11/20 18:22:34 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2011/11/20 18:22:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gacutil.exe
[2011/11/20 18:22:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2011/11/20 18:22:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2011/11/20 18:22:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2011/11/20 18:22:34 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\medctrro.exe
[2011/11/20 18:22:34 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2011/11/20 18:22:34 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehmsas.exe
[2011/11/20 18:22:34 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2011/11/20 18:22:34 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehjpnime.dll
[2011/11/20 18:22:34 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehcircl.dll
[2011/11/20 18:22:34 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiuserxp.dll
[2011/11/20 18:22:34 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2011/11/20 18:22:34 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2011/11/20 18:22:34 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2011/11/20 18:22:34 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snchk.exe
[2011/11/20 18:22:33 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2011/11/20 18:22:33 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2011/11/20 18:22:33 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2011/11/20 18:22:33 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2011/11/20 18:22:33 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2011/11/20 18:22:33 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2011/11/20 18:22:33 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2011/11/20 18:22:32 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2011/11/20 18:22:32 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011/11/20 18:22:32 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2011/11/20 18:22:32 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/11/20 18:22:32 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2011/11/20 18:22:32 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2011/11/20 18:22:32 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2011/11/20 18:22:32 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2011/11/20 18:22:32 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2011/11/20 18:22:32 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2011/11/20 18:22:32 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2011/11/20 18:22:32 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2011/11/20 18:22:32 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2011/11/20 18:22:32 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2011/11/20 18:22:32 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2011/11/20 18:22:32 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2011/11/20 18:22:32 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2011/11/20 18:22:32 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011/11/20 18:22:32 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2011/11/20 18:22:32 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011/11/20 18:22:32 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2011/11/20 18:22:32 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2011/11/20 18:22:32 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2011/11/20 18:22:32 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2011/11/20 18:22:32 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2011/11/20 18:22:32 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011/11/20 18:22:32 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2011/11/20 18:22:32 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011/11/20 18:22:32 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011/11/20 18:22:32 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2011/11/20 18:22:32 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2011/11/20 18:22:32 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2011/11/20 18:22:32 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2011/11/20 18:22:31 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2011/11/20 18:22:31 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2011/11/20 18:22:31 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2011/11/20 18:22:31 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2011/11/20 18:22:31 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2011/11/20 18:22:31 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2011/11/20 18:22:31 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2011/11/20 18:22:31 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2011/11/20 18:22:31 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2011/11/20 18:22:31 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2011/11/20 18:22:31 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2011/11/20 18:22:31 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011/11/20 18:22:31 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2011/11/20 18:22:31 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2011/11/20 18:22:31 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2011/11/20 18:22:31 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2011/11/20 18:22:31 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2011/11/20 18:22:31 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2011/11/20 18:22:31 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2011/11/20 18:22:31 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2011/11/20 18:22:31 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2011/11/20 18:22:31 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2011/11/20 18:22:31 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2011/11/20 18:22:31 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2011/11/20 18:22:31 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011/11/20 18:22:31 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2011/11/20 18:22:31 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2011/11/20 18:22:31 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2011/11/20 18:22:31 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2011/11/20 18:22:31 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2011/11/20 18:22:31 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2011/11/20 18:22:30 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2011/11/20 18:22:30 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2011/11/20 18:22:30 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2011/11/20 18:22:30 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2011/11/20 18:22:30 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2011/11/20 18:22:30 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2011/11/20 18:22:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2011/11/20 18:21:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/11/20 18:20:29 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2011/11/20 18:11:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\UserData
[2011/11/20 18:03:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/11/20 17:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2011/11/20 17:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Revo Uninstaller
[2011/11/20 17:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/11/20 17:10:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/11/20 17:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Identities
[2011/11/20 17:09:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2011/11/20 17:09:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\SendTo
[2011/11/20 17:09:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Application Data
[2011/11/20 17:09:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup
[2011/11/20 17:09:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu
[2011/11/20 17:09:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents
[2011/11/20 17:09:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Favorites
[2011/11/20 17:09:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Accessories
[2011/11/20 17:09:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Cookies
[2011/11/20 17:09:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Templates
[2011/11/20 17:09:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\PrintHood
[2011/11/20 17:09:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\NetHood
[2011/11/20 17:09:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Local Settings
[2011/11/20 17:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\WINDOWS
[2011/11/20 17:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2011/11/20 17:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft
[2011/11/20 17:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop
[2011/11/20 17:03:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/20 17:02:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\POWERCFG.EXE
[2011/11/20 17:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Encarta Plus
[2011/11/20 17:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Encarta Plus
[2011/11/20 17:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Money 2005
[2011/11/20 17:01:21 | 000,020,480 | ---- | C] (Gateway) -- C:\WINDOWS\System32\Marker32.exe
[2011/11/20 16:57:28 | 000,279,624 | ---- | C] (McAfee, Inc) -- C:\WINDOWS\System32\mcgdmgr.dll
[2011/11/20 16:57:27 | 000,341,064 | ---- | C] (McAfee, Inc) -- C:\WINDOWS\System32\mcinsctl.dll
[2011/11/20 16:57:06 | 000,017,956 | ---- | C] (BigFix, Inc.) -- C:\WINDOWS\BigFixClientOverride.dll
[2011/11/20 16:56:56 | 001,658,880 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\UNNeroBurnRights.exe
[2011/11/20 16:56:56 | 000,057,344 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\NeroBurnRights.cpl
[2011/11/20 16:56:56 | 000,053,248 | ---- | C] (Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: info@nero.com) -- C:\WINDOWS\System32\NeroCo.dll
[2011/11/20 16:56:31 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2011/11/20 16:56:20 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2011/11/20 16:56:20 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2011/11/20 16:56:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2011/11/20 16:55:01 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2011/11/20 16:55:00 | 000,348,160 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2011/11/20 16:55:00 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2011/11/20 16:55:00 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2011/11/20 16:55:00 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2011/11/20 16:55:00 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2011/11/20 16:55:00 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2011/11/20 16:55:00 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2011/11/20 16:55:00 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2011/11/20 16:55:00 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2011/11/20 16:55:00 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2011/11/20 16:55:00 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2011/11/20 16:55:00 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2011/11/20 16:55:00 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2011/11/20 16:55:00 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2011/11/20 16:54:59 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfrc.lrc
[2011/11/20 16:54:59 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2011/11/20 16:54:59 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2011/11/20 16:54:59 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2011/11/20 16:54:58 | 001,245,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2011/11/20 16:54:58 | 000,225,280 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2011/11/20 16:54:58 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2011/11/20 16:54:58 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2011/11/20 16:54:58 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2011/11/20 16:54:58 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2011/11/20 16:54:58 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2011/11/20 16:54:58 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2011/11/20 16:54:58 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxreng.lrc
[2011/11/20 16:54:58 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrarb.lrc
[2011/11/20 16:54:58 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2011/11/20 16:54:58 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2011/11/20 16:54:58 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2011/11/20 16:54:57 | 000,225,280 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxeud.dll
[2011/11/20 16:54:57 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdiag.exe
[2011/11/20 16:54:57 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxhk.dll
[2011/11/20 16:54:57 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2011/11/20 16:54:57 | 000,036,864 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2011/11/20 16:54:56 | 000,503,808 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2011/11/20 16:54:56 | 000,094,208 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2011/11/20 16:54:56 | 000,049,152 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
[2011/11/20 16:54:56 | 000,045,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdgps.dll
[2011/11/20 16:54:56 | 000,037,951 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll
[2011/11/20 16:54:55 | 002,289,664 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgicd.dll
[2011/11/20 16:54:55 | 000,512,000 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgdev.dll
[2011/11/20 16:54:55 | 000,100,924 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll
[2011/11/20 16:54:54 | 000,821,819 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll
[2011/11/20 16:54:54 | 000,165,595 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdev5.dll
[2011/11/20 16:54:54 | 000,118,784 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2011/11/20 16:54:54 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v3971.dll
[2011/11/20 16:54:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/11/20 16:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/20 16:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2011/11/20 16:54:20 | 000,008,552 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys
[2011/11/20 16:54:19 | 000,157,696 | ---- | C] (RealNetworks) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/11/20 16:54:18 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2011/11/20 16:54:18 | 000,024,576 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\prefscpl.cpl
[2011/11/20 16:54:18 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/11/20 16:54:18 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/11/20 16:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/11/20 16:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2011/11/20 16:54:03 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2011/11/20 16:54:03 | 000,153,088 | ---- | C] (America Online) -- C:\WINDOWS\System32\jgdwmie.dll
[2011/11/20 16:54:03 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Inetwh32.dll
[2011/11/20 16:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD
[2011/11/20 16:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2011/11/20 16:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/11/20 16:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Picture It! 10
[2011/11/20 16:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Picture It! 10
[2011/11/20 16:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/11/20 16:50:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/11/20 16:50:14 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/11/20 16:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Media Reader
[2011/11/20 16:49:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/11/20 16:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/11/20 16:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/11/20 16:49:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gateway Documentation
[2011/11/20 16:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2011/11/20 16:49:12 | 000,716,288 | R--- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Ltwvc11n.dll
[2011/11/20 16:49:12 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2011/11/20 16:49:12 | 000,392,192 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTKRN11N.DLL
[2011/11/20 16:49:12 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2011/11/20 16:49:12 | 000,285,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFCMP11n.DLL
[2011/11/20 16:49:12 | 000,262,656 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTDIS11n.dll
[2011/11/20 16:49:12 | 000,212,480 | R--- | C] (Eastman Kodak) -- C:\WINDOWS\System32\PCDLIB32.DLL
[2011/11/20 16:49:12 | 000,172,032 | R--- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Lfpng11n.dll
[2011/11/20 16:49:12 | 000,152,064 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFTIF11N.DLL
[2011/11/20 16:49:12 | 000,133,904 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcans32.dll
[2011/11/20 16:49:12 | 000,127,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTIMG11N.DLL
[2011/11/20 16:49:12 | 000,118,784 | R--- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltfil11n.DLL
[2011/11/20 16:49:12 | 000,091,136 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msls2.dll
[2011/11/20 16:49:12 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2011/11/20 16:49:12 | 000,081,408 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFFAX11N.DLL
[2011/11/20 16:49:12 | 000,076,288 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PUBOLE32.DLL
[2011/11/20 16:49:12 | 000,059,392 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFWMF11N.DLL
[2011/11/20 16:49:12 | 000,056,320 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPSD11N.DLL
[2011/11/20 16:49:12 | 000,054,784 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvci70.dll
[2011/11/20 16:49:12 | 000,041,472 | R--- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfgif11n.dll
[2011/11/20 16:49:12 | 000,037,888 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ochlp30e.dll
[2011/11/20 16:49:12 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFBMP11N.DLL
[2011/11/20 16:49:12 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPCX11N.DLL
[2011/11/20 16:49:12 | 000,031,744 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlp95en.dll
[2011/11/20 16:49:12 | 000,031,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFEPS11N.DLL
[2011/11/20 16:49:12 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFTGA11N.DLL
[2011/11/20 16:49:12 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPCD11N.DLL
[2011/11/20 16:49:12 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcuia32.dll
[2011/11/20 16:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/11/20 16:42:01 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2011/11/20 16:41:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2011/11/20 16:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Recovery
[2011/11/20 16:39:42 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2011/11/20 16:38:34 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/11/20 16:29:51 | 000,118,784 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2011/11/20 16:29:51 | 000,024,064 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\IntelNic.dll
[2011/11/20 16:29:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\creator
[2011/11/20 16:29:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\SMINST
[2011/11/20 16:29:37 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/11/20 16:29:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/11/20 16:29:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/11/20 16:29:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/11/20 16:29:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/11/20 16:29:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/11/20 16:29:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/11/20 16:29:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/11/20 16:29:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/11/20 16:29:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/11/20 16:29:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/11/20 16:29:05 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/11/20 16:29:03 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/11/20 16:28:19 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2006/12/12 10:47:24 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/12/12 10:34:02 | 000,012,800 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/15 06:12:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/12/15 06:10:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/15 06:09:58 | 000,055,168 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2011/12/15 06:09:58 | 000,055,168 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2011/12/15 06:09:58 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2011/12/15 06:06:11 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/12/15 06:04:15 | 003,726,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 06:01:19 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/15 05:16:01 | 000,008,393 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ISO1_DVD.nri
[2011/12/14 11:31:15 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/12/14 11:01:48 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Empty Temp.lnk
[2011/12/13 02:36:18 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/13 02:30:24 | 000,000,237 | RHS- | M] () -- C:\boot.ini
[2011/12/13 01:04:45 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2011/12/12 17:38:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/12/12 16:28:00 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/12 16:28:00 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/12 05:53:22 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/12/12 05:53:22 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/12/10 23:37:39 | 000,438,843 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/06 09:52:59 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/06 09:48:19 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/05 01:53:00 | 000,438,755 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111210-233739.backup
[2011/12/05 01:17:16 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/29 05:49:53 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/28 03:48:58 | 000,000,582 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Poop In Da Pantz.lnk
[2011/11/28 01:20:34 | 000,002,310 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/27 17:27:07 | 000,001,106 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Nero Burning ROM.lnk
[2011/11/27 12:45:21 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/27 12:45:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/27 12:45:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/27 12:45:21 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/11/26 23:02:19 | 000,438,664 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111205-015217.backup
[2011/11/26 23:02:19 | 000,438,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111205-015300.backup
[2011/11/23 07:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/11/23 07:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2011/11/22 16:27:23 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/11/22 16:27:23 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/11/22 16:07:07 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sonar.lnk
[2011/11/22 15:20:26 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/22 15:16:37 | 000,007,114 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/11/22 06:19:42 | 000,118,784 | ---- | M] () -- C:\WINDOWS\dsdxirmv.exe
[2011/11/22 05:17:41 | 000,000,102 | ---- | M] () -- C:\WINDOWS\liveup.ini
[2011/11/22 04:48:01 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/22 04:33:34 | 000,002,544 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Activate MP3 Plug-In.htm
[2011/11/22 04:20:17 | 000,002,544 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Register Sound Forge.htm
[2011/11/22 04:18:48 | 000,001,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sound Forge.lnk
[2011/11/22 03:49:53 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/11/22 03:49:53 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/11/21 14:01:34 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Boggle.lnk
[2011/11/21 14:00:22 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Scrabble.lnk
[2011/11/21 13:33:10 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Super Text Twist.lnk
[2011/11/21 12:56:54 | 000,000,029 | ---- | M] () -- C:\WINDOWS\sfbm.INI
[2011/11/21 12:35:04 | 000,445,016 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2011/11/21 12:35:04 | 000,109,144 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2011/11/21 12:09:05 | 000,000,152 | ---- | M] () -- C:\WINDOWS\CoolPlay.ini
[2011/11/21 04:48:55 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/11/20 21:44:44 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/11/20 21:40:34 | 000,000,452 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/11/20 21:14:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/11/20 21:12:29 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/20 20:58:23 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpy.lnk
[2011/11/20 20:56:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 20:55:01 | 000,438,612 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111126-225856.backup
[2011/11/20 20:55:01 | 000,438,612 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111126-230219.backup
[2011/11/20 20:55:01 | 000,438,612 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111126-225938.backup
[2011/11/20 20:47:02 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/20 20:47:02 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot.lnk
[2011/11/20 20:34:36 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/11/20 19:08:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/20 18:28:29 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/11/20 17:15:11 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
[2011/11/20 17:09:24 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/11/20 17:03:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Gateway_830GM__.MRK
[2011/11/20 17:03:26 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2011/11/20 17:03:05 | 000,001,268 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/11/20 17:03:05 | 000,000,493 | ---- | M] () -- C:\WINDOWS\System32\emver.ini
[2011/11/20 16:56:26 | 000,000,853 | -H-- | M] () -- C:\IPH.PH
[2011/11/20 16:54:21 | 000,157,696 | ---- | M] (RealNetworks) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/11/20 16:54:20 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys
[2011/11/20 16:54:18 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2011/11/20 16:54:18 | 000,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\prefscpl.cpl
[2011/11/20 16:54:18 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/11/20 16:54:18 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/11/20 16:51:39 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/11/20 16:41:55 | 000,000,867 | ---- | M] () -- C:\WINDOWS\System32\VGASwitcher.lnk
[2011/11/20 16:29:52 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011/11/16 19:16:27 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF_Cleaner.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/15 05:59:09 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/12/15 05:30:47 | 003,726,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 05:16:01 | 000,008,393 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ISO1_DVD.nri
[2011/12/14 11:01:48 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Empty Temp.lnk
[2011/12/12 17:38:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/12/05 23:25:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/05 23:25:03 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/29 05:49:53 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/28 03:48:58 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Poop In Da Pantz.lnk
[2011/11/28 01:20:34 | 000,002,310 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/27 18:15:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/11/27 17:27:07 | 000,001,106 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nero Burning ROM.lnk
[2011/11/22 16:27:23 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/11/22 16:27:23 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/11/22 15:41:37 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2011/11/22 08:54:00 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/11/22 08:54:00 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2011/11/22 06:19:15 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sonar.lnk
[2011/11/22 05:17:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LSUninst.exe
[2011/11/22 05:17:41 | 000,000,102 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2011/11/22 05:17:21 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
[2011/11/22 04:48:01 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/22 04:48:01 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media Player.lnk
[2011/11/22 04:32:14 | 000,002,544 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Activate MP3 Plug-In.htm
[2011/11/22 04:18:48 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sound Forge.lnk
[2011/11/22 03:35:04 | 000,002,327 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/11/22 02:44:45 | 000,002,544 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Register Sound Forge.htm
[2011/11/21 17:43:16 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2011/11/21 14:01:34 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Boggle.lnk
[2011/11/21 14:00:22 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Scrabble.lnk
[2011/11/21 13:33:10 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Super Text Twist.lnk
[2011/11/21 12:56:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2011/11/21 12:36:50 | 000,055,168 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2011/11/21 12:36:50 | 000,000,788 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2011/11/21 12:36:02 | 000,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2011/11/21 12:09:05 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2011/11/21 12:05:34 | 000,055,168 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2011/11/21 12:00:30 | 007,572,224 | ---- | C] () -- C:\WINDOWS\System32\CT8MGM.SF2
[2011/11/21 12:00:29 | 004,174,814 | ---- | C] () -- C:\WINDOWS\System32\CT4MGM.SF2
[2011/11/21 04:48:55 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/11/20 21:44:46 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/11/20 21:44:46 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/11/20 21:44:44 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/11/20 21:40:34 | 000,000,452 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/11/20 21:00:45 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/20 20:58:23 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpy.lnk
[2011/11/20 20:56:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 20:47:02 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/20 20:47:02 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot.lnk
[2011/11/20 20:34:36 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/11/20 20:01:34 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/11/20 19:04:02 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2011/11/20 18:24:19 | 000,007,114 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/11/20 18:22:34 | 009,271,864 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ehcir.ird
[2011/11/20 18:22:32 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/11/20 18:22:32 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/11/20 18:22:32 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/11/20 17:15:11 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
[2011/11/20 17:09:38 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/20 17:09:38 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2011/11/20 17:09:38 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/20 17:03:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Gateway_830GM__.MRK
[2011/11/20 17:03:26 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2011/11/20 17:03:04 | 000,181,938 | ---- | C] () -- C:\WINDOWS\Gateway.bmp
[2011/11/20 17:01:23 | 000,543,232 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2011/11/20 17:01:23 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2011/11/20 17:01:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2011/11/20 17:01:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2011/11/20 17:01:23 | 000,005,280 | ---- | C] () -- C:\WINDOWS\hotbtnv.vxd
[2011/11/20 17:01:23 | 000,003,926 | ---- | C] () -- C:\WINDOWS\mHotkey.reg
[2011/11/20 17:01:20 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2011/11/20 17:01:20 | 000,051,656 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.bmp
[2011/11/20 16:56:56 | 000,023,512 | ---- | C] () -- C:\WINDOWS\UNNeroBurnRights.cfg
[2011/11/20 16:54:58 | 000,064,513 | ---- | C] () -- C:\WINDOWS\System32\igfxhtrk.lhp
[2011/11/20 16:54:58 | 000,063,269 | ---- | C] () -- C:\WINDOWS\System32\igfxhsve.lhp
[2011/11/20 16:54:58 | 000,062,836 | ---- | C] () -- C:\WINDOWS\System32\igfxhtha.lhp
[2011/11/20 16:54:57 | 000,068,112 | ---- | C] () -- C:\WINDOWS\System32\igfxhhun.lhp
[2011/11/20 16:54:57 | 000,066,013 | ---- | C] () -- C:\WINDOWS\System32\igfxhkor.lhp
[2011/11/20 16:54:57 | 000,063,208 | ---- | C] () -- C:\WINDOWS\System32\igfxhplk.lhp
[2011/11/20 16:54:57 | 000,062,770 | ---- | C] () -- C:\WINDOWS\System32\igfxhfin.lhp
[2011/11/20 16:54:57 | 000,062,740 | ---- | C] () -- C:\WINDOWS\System32\igfxhfrc.lhp
[2011/11/20 16:54:57 | 000,062,578 | ---- | C] () -- C:\WINDOWS\System32\igfxhjpn.lhp
[2011/11/20 16:54:57 | 000,062,465 | ---- | C] () -- C:\WINDOWS\System32\igfxhptg.lhp
[2011/11/20 16:54:57 | 000,062,454 | ---- | C] () -- C:\WINDOWS\System32\igfxhfra.lhp
[2011/11/20 16:54:57 | 000,062,339 | ---- | C] () -- C:\WINDOWS\System32\igfxhdeu.lhp
[2011/11/20 16:54:57 | 000,061,839 | ---- | C] () -- C:\WINDOWS\System32\igfxhptb.lhp
[2011/11/20 16:54:57 | 000,061,831 | ---- | C] () -- C:\WINDOWS\System32\igfxhell.lhp
[2011/11/20 16:54:57 | 000,061,414 | ---- | C] () -- C:\WINDOWS\System32\igfxhrus.lhp
[2011/11/20 16:54:57 | 000,060,786 | ---- | C] () -- C:\WINDOWS\System32\igfxhesp.lhp
[2011/11/20 16:54:57 | 000,060,659 | ---- | C] () -- C:\WINDOWS\System32\igfxhcsy.lhp
[2011/11/20 16:54:57 | 000,060,244 | ---- | C] () -- C:\WINDOWS\System32\igfxhdan.lhp
[2011/11/20 16:54:57 | 000,060,141 | ---- | C] () -- C:\WINDOWS\System32\igfxhnld.lhp
[2011/11/20 16:54:57 | 000,060,085 | ---- | C] () -- C:\WINDOWS\System32\igfxhnor.lhp
[2011/11/20 16:54:57 | 000,059,687 | ---- | C] () -- C:\WINDOWS\System32\igfxhita.lhp
[2011/11/20 16:54:57 | 000,059,471 | ---- | C] () -- C:\WINDOWS\System32\igfxhheb.lhp
[2011/11/20 16:54:57 | 000,059,354 | ---- | C] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2011/11/20 16:54:57 | 000,059,200 | ---- | C] () -- C:\WINDOWS\System32\igfxharb.lhp
[2011/11/20 16:54:57 | 000,059,200 | ---- | C] () -- C:\WINDOWS\System32\igfxhara.lhp
[2011/11/20 16:54:57 | 000,058,623 | ---- | C] () -- C:\WINDOWS\System32\igfxheng.lhp
[2011/11/20 16:54:57 | 000,058,430 | ---- | C] () -- C:\WINDOWS\System32\igfxhchs.lhp
[2011/11/20 16:54:57 | 000,057,801 | ---- | C] () -- C:\WINDOWS\System32\igfxhenu.lhp
[2011/11/20 16:53:42 | 000,000,853 | -H-- | C] () -- C:\IPH.PH
[2011/11/20 16:51:39 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/11/20 16:29:52 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011/11/20 16:29:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2011/11/20 16:29:51 | 000,005,110 | ---- | C] () -- C:\WINDOWS\System32\e100b325.din
[2010/05/05 20:37:52 | 000,021,204 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/05/05 20:37:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/05/05 19:56:46 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2010/05/05 19:56:46 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2006/12/12 10:48:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/12/12 10:46:52 | 000,037,888 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/12/12 10:39:02 | 000,321,512 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/12/12 10:39:02 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/12/12 10:36:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2006/12/12 10:36:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/12/12 10:34:30 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/12/12 10:34:22 | 000,240,568 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/12/12 10:34:22 | 000,114,908 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/12/12 10:34:06 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/12/12 10:34:06 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/12/12 10:34:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2006/05/18 07:03:24 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/06/07 07:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/10/28 11:47:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/27 20:43:40 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/10/27 19:24:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/27 19:14:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/27 18:53:07 | 000,001,268 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/27 18:53:07 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/10/27 18:52:09 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/27 18:52:06 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/27 18:52:06 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/10/27 18:52:06 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/27 18:52:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/10/27 18:52:05 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/27 18:52:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/10/27 18:52:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/27 18:51:55 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/10/27 18:51:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/10/27 18:51:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/10/27 18:51:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/10/27 12:07:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

< End of report >

OTL Extras logfile created on: 12/15/2011 6:15:04 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 78.08% Memory free
3.82 Gb Paging File | 3.49 Gb Available in Paging File | 91.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 591.67 Gb Total Space | 87.57 Gb Free Space | 14.80% Space Free | Partition Type: NTFS
Drive D: | 4.50 Gb Total Space | 1.69 Gb Free Space | 37.66% Space Free | Partition Type: FAT32

Computer Name: YOUR-B111E91627 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 128778240

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\m\m.exe" = C:\Program Files\m\m.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}" = Virtual Sound Canvas DXi
"{5636E517-8100-4E2A-B69E-2B16AFFA2360}" = Sony Sound Forge 8.0d
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AudioCS" = Creative Audio Control Panel
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cakewalk Beatscape_is1" = Beatscape 1.0.2
"Cakewalk Studio Instruments_is1" = Studio Instruments 1.0
"Cakewalk VST Adapter 4.3.2" = Cakewalk VST Adapter 4
"CCleaner" = CCleaner
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Dimension Pro Free Expansion Packs 1-3_is1" = Dimension Pro Free Expansion Packs 1-3
"DimensionPro_is1" = Dimension Pro 1.2
"DreamStation DXi2" = DreamStation DXi2
"Empty Temp Folders 2.8.3" = Empty Temp Folders 2.8.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LSProSE" = LiveSynth Pro SE (DXi)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Service Center" = Native Instruments Service Center
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Noise Reduction Plug-In 2.0" = Sonic Foundry Noise Reduction Plug-In 2.0a
"OpenAL" = OpenAL
"PROSet" = Intel® PRO Network Adapters and Drivers
"SCRABBLE" = SCRABBLE
"SFBM" = SoundFont Bank Manager
"Smart Defrag 2_is1" = Smart Defrag 2
"SONAR 3 Producer Edition" = SONAR 3 Producer Edition
"SONAR7Producer_is1" = SONAR 7 Producer Edition
"SONAR85Producer_is1" =
"Sound Blaster for Media Center" = Sound Blaster for Media Center
"Super Text Twist_is1" = Super Text Twist
"SysInfo" = Creative System Information
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"z3ta+_x86_is1" = rgc:audio z3ta+ 1.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2011 3:11:38 AM | Computer Name = YOUR-B111E91627 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147024893. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 12/13/2011 3:11:52 AM | Computer Name = YOUR-B111E91627 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147024893. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 12/13/2011 3:15:01 AM | Computer Name = YOUR-B111E91627 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147024893. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 12/13/2011 3:15:18 AM | Computer Name = YOUR-B111E91627 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147024893. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 12/13/2011 3:15:29 AM | Computer Name = YOUR-B111E91627 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147024893. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 12/13/2011 3:16:57 AM | Computer Name = YOUR-B111E91627 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147024893. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 12/13/2011 3:18:12 AM | Computer Name = YOUR-B111E91627 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147024893. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 12/13/2011 3:18:13 AM | Computer Name = YOUR-B111E91627 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147024893. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 12/13/2011 3:18:14 AM | Computer Name = YOUR-B111E91627 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147024893. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 12/14/2011 1:08:41 PM | Computer Name = YOUR-B111E91627 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147023838. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

[ System Events ]
Error - 12/5/2011 9:52:11 AM | Computer Name = YOUR-B111E91627 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 12/5/2011 9:52:11 AM | Computer Name = YOUR-B111E91627 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 12/5/2011 9:52:11 AM | Computer Name = YOUR-B111E91627 | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error: %%1058

Error - 12/5/2011 9:52:11 AM | Computer Name = YOUR-B111E91627 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD avipbb avkmgr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv
Tcpip

Error - 12/5/2011 12:19:22 PM | Computer Name = YOUR-B111E91627 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/5/2011 12:20:33 PM | Computer Name = YOUR-B111E91627 | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error: %%1058

Error - 12/5/2011 6:22:04 PM | Computer Name = YOUR-B111E91627 | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error: %%1058

Error - 12/10/2011 10:28:32 PM | Computer Name = YOUR-B111E91627 | Source = Service Control Manager | ID = 7034
Description = The IMAPI CD-Burning COM Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/10/2011 10:31:10 PM | Computer Name = YOUR-B111E91627 | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error: %%1058

Error - 12/10/2011 10:34:11 PM | Computer Name = YOUR-B111E91627 | Source = Service Control Manager | ID = 7034
Description = The IMAPI CD-Burning COM Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

Was there 'system maintenance' on this site around 10:00-10:30pm CST?

I'm pretty confident that I'm not being irrational by being suspicious. It probably wouldn't be to hard for the author of whatever is infecting my computer to somehow restrict access to this site.

Almost immediately after I tried to access this forum and got the system maintenace message, I turned off the computer, disconnected the ethernet cable for the back of the computer, and unplugged the modem. (LOL) I waited about 10 minutes before turning my computer back on.

Edited by notinfallible, 15 December 2011 - 11:39 PM.

The most important thing in communication is to hear what isn't being said.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:02 PM

Posted 16 December 2011 - 02:17 AM

Hi notinfallible!

This computer appears to be a work computer/company owned, is this correct? If so, I just want to ensure that you are not breaking any company policies by fixing the computer yourself instead of contacting the IT department and having them fix it. I know that there are some companies who require your IT Department to fix the computer. I don't wnat to be getting anybody in trouble.

Looks like among many things you have a TDSS infection.

Please yield this warning:

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



I'm curious as to why you don't want me to remove the infections that TDSS found?

I like to see the log file of what it finds first, so that way I can plan out the correct battle of attack.

We'll be running TDSSKiller again, and will be fixing the infected TDSS item.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKU\S-1-5-21-170930444-3569575782-3655870167-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-170930444-3569575782-3655870167-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:07:02 PM

Posted 16 December 2011 - 08:59 AM

I had to run OTL twice, so there are 2 log files for that. I'm almost certain what caused the OTL fix to not complete properly on the first try was the host file protection in Avira. I really didn't have much of a choice because the taskbar and start menu bar at the bottom of the screen wasn't there anymore.

The other issue I had was while running ComboFix. ComboFix warned me 2 or 3 times to disable my anti-virus. I disabled Avira prior to running ComboFix, following the steps provided by link with information on how to disable the anti-virus temporarily, but I don't think ComboFix saw it that way. When ComboFix told me to disable it, I thought maybe Avira hadn't closed yet completely. The umbrella (avira taskbar symbol) was shut. I went into the task mananger and right clicked on the avira process in there and then ended them, but ComboFix didn't see things that way and told me to proceed with caution.

I beleive everything worked out though in the end. Under the follow hyphenated line are the log files.

-----------------------------------------------------


Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

-

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\S-1-5-21-170930444-3569575782-3655870167-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-170930444-3569575782-3655870167-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\Owner\Desktop\BC\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\BC\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\BC\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\BC\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Defuser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 456 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6770301 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 36429 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Defuser

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12162011_063252

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HUVCWJ89\page__gopid__2510350[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...


06:36:34.0015 0696 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
06:36:34.0406 0696 ============================================================
06:36:34.0406 0696 Current date / time: 2011/12/16 06:36:34.0406
06:36:34.0406 0696 SystemInfo:
06:36:34.0406 0696
06:36:34.0406 0696 OS Version: 5.1.2600 ServicePack: 3.0
06:36:34.0406 0696 Product type: Workstation
06:36:34.0406 0696 ComputerName: YOUR-B111E91627
06:36:34.0406 0696 UserName: Owner
06:36:34.0406 0696 Windows directory: C:\WINDOWS
06:36:34.0406 0696 System windows directory: C:\WINDOWS
06:36:34.0406 0696 Processor architecture: Intel x86
06:36:34.0406 0696 Number of processors: 2
06:36:34.0406 0696 Page size: 0x1000
06:36:34.0406 0696 Boot type: Normal boot
06:36:34.0406 0696 ============================================================
06:36:36.0218 0696 Initialize success
06:37:06.0265 1344 ============================================================
06:37:06.0265 1344 Scan started
06:37:06.0265 1344 Mode: Manual; SigCheck; TDLFS;
06:37:06.0265 1344 ============================================================
06:37:06.0562 1344 Abiosdsk - ok
06:37:06.0578 1344 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
06:37:08.0015 1344 abp480n5 - ok
06:37:08.0234 1344 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:37:08.0437 1344 ACPI - ok
06:37:08.0484 1344 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:37:08.0625 1344 ACPIEC - ok
06:37:08.0640 1344 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
06:37:08.0812 1344 adpu160m - ok
06:37:08.0859 1344 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:37:09.0000 1344 aec - ok
06:37:09.0078 1344 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:37:09.0156 1344 AFD - ok
06:37:09.0156 1344 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
06:37:09.0296 1344 agp440 - ok
06:37:09.0312 1344 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
06:37:09.0437 1344 agpCPQ - ok
06:37:09.0453 1344 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
06:37:09.0515 1344 Aha154x - ok
06:37:09.0531 1344 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
06:37:09.0671 1344 aic78u2 - ok
06:37:09.0687 1344 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
06:37:09.0828 1344 aic78xx - ok
06:37:09.0843 1344 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:37:09.0968 1344 AliIde - ok
06:37:09.0984 1344 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
06:37:10.0140 1344 alim1541 - ok
06:37:10.0156 1344 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
06:37:10.0281 1344 amdagp - ok
06:37:10.0296 1344 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
06:37:10.0359 1344 amsint - ok
06:37:10.0390 1344 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:37:10.0515 1344 Arp1394 - ok
06:37:10.0515 1344 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
06:37:10.0656 1344 asc - ok
06:37:10.0656 1344 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
06:37:10.0718 1344 asc3350p - ok
06:37:10.0734 1344 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
06:37:10.0875 1344 asc3550 - ok
06:37:10.0921 1344 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
06:37:10.0937 1344 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
06:37:10.0937 1344 ASCTRM - detected UnsignedFile.Multi.Generic (1)
06:37:10.0984 1344 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:37:11.0125 1344 AsyncMac - ok
06:37:11.0140 1344 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:37:11.0265 1344 atapi - ok
06:37:11.0281 1344 Atdisk - ok
06:37:11.0312 1344 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:37:11.0453 1344 Atmarpc - ok
06:37:11.0484 1344 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:37:11.0609 1344 audstub - ok
06:37:11.0656 1344 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
06:37:11.0718 1344 avgntflt - ok
06:37:11.0781 1344 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
06:37:11.0796 1344 avipbb - ok
06:37:11.0796 1344 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
06:37:11.0812 1344 avkmgr - ok
06:37:11.0843 1344 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:37:12.0000 1344 Beep - ok
06:37:12.0031 1344 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
06:37:12.0156 1344 cbidf - ok
06:37:12.0171 1344 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:37:12.0296 1344 cbidf2k - ok
06:37:12.0312 1344 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
06:37:12.0375 1344 cd20xrnt - ok
06:37:12.0390 1344 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:37:12.0531 1344 Cdaudio - ok
06:37:12.0531 1344 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:37:12.0656 1344 Cdfs - ok
06:37:12.0703 1344 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:37:12.0828 1344 Cdrom - ok
06:37:12.0828 1344 Changer - ok
06:37:12.0859 1344 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
06:37:13.0015 1344 CmdIde - ok
06:37:13.0031 1344 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
06:37:13.0171 1344 Cpqarray - ok
06:37:13.0234 1344 CT20XUT (b9106942eb5dd0e034ab40a9d48d056e) C:\WINDOWS\system32\drivers\CT20XUT.SYS
06:37:13.0250 1344 CT20XUT - ok
06:37:13.0265 1344 CT20XUT.SYS (b9106942eb5dd0e034ab40a9d48d056e) C:\WINDOWS\System32\drivers\CT20XUT.SYS
06:37:13.0281 1344 CT20XUT.SYS - ok
06:37:13.0359 1344 ctac32k (f2b1d0a3d21bd0d9f46457cbcec1a0e9) C:\WINDOWS\system32\drivers\ctac32k.sys
06:37:13.0375 1344 ctac32k - ok
06:37:13.0421 1344 ctaud2k (44f60a5e3c3a8a6bba4c280948ea6095) C:\WINDOWS\system32\drivers\ctaud2k.sys
06:37:13.0453 1344 ctaud2k - ok
06:37:13.0484 1344 ctdvda2k (8cbe82d6bbf206e144f22cb33fab1f2c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
06:37:13.0546 1344 ctdvda2k - ok
06:37:13.0609 1344 CTEXFIFX (4ae083d16ac9fc9bdf98498f93426226) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
06:37:13.0656 1344 CTEXFIFX - ok
06:37:13.0703 1344 CTEXFIFX.SYS (4ae083d16ac9fc9bdf98498f93426226) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
06:37:13.0765 1344 CTEXFIFX.SYS - ok
06:37:13.0781 1344 CTHWIUT (b610bfe02f9fc0cb0b1cde3ec4c13ffa) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
06:37:13.0796 1344 CTHWIUT - ok
06:37:13.0812 1344 CTHWIUT.SYS (b610bfe02f9fc0cb0b1cde3ec4c13ffa) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
06:37:13.0812 1344 CTHWIUT.SYS - ok
06:37:13.0828 1344 ctprxy2k (f0f19a13c948e5289601e354b08e0941) C:\WINDOWS\system32\drivers\ctprxy2k.sys
06:37:13.0843 1344 ctprxy2k - ok
06:37:13.0890 1344 ctsfm2k (c7b2c36a6203a5f3d0a378fd78c5ddd6) C:\WINDOWS\system32\drivers\ctsfm2k.sys
06:37:13.0906 1344 ctsfm2k - ok
06:37:13.0921 1344 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
06:37:14.0062 1344 dac2w2k - ok
06:37:14.0078 1344 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
06:37:14.0218 1344 dac960nt - ok
06:37:14.0234 1344 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:37:14.0359 1344 Disk - ok
06:37:14.0421 1344 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:37:14.0625 1344 dmboot - ok
06:37:14.0687 1344 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:37:14.0875 1344 dmio - ok
06:37:14.0875 1344 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:37:15.0015 1344 dmload - ok
06:37:15.0062 1344 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:37:15.0203 1344 DMusic - ok
06:37:15.0218 1344 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
06:37:15.0359 1344 dpti2o - ok
06:37:15.0390 1344 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:37:15.0515 1344 drmkaud - ok
06:37:15.0531 1344 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
06:37:15.0593 1344 E100B - ok
06:37:15.0656 1344 emupia (fb2d6d4d14ae801f5267b0368fc0cb0c) C:\WINDOWS\system32\drivers\emupia2k.sys
06:37:15.0671 1344 emupia - ok
06:37:15.0734 1344 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:37:15.0859 1344 Fastfat - ok
06:37:15.0875 1344 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:37:16.0031 1344 Fdc - ok
06:37:16.0046 1344 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:37:16.0187 1344 Fips - ok
06:37:16.0218 1344 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:37:16.0375 1344 Flpydisk - ok
06:37:16.0421 1344 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:37:16.0546 1344 FltMgr - ok
06:37:16.0578 1344 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:37:16.0703 1344 Fs_Rec - ok
06:37:16.0718 1344 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:37:16.0875 1344 Ftdisk - ok
06:37:16.0937 1344 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:37:17.0062 1344 Gpc - ok
06:37:17.0093 1344 ha20x2k (7ff1ced1201c169a783b0e81cc561fba) C:\WINDOWS\system32\drivers\ha20x2k.sys
06:37:17.0156 1344 ha20x2k - ok
06:37:17.0187 1344 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:37:17.0312 1344 HidUsb - ok
06:37:17.0312 1344 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
06:37:17.0453 1344 hpn - ok
06:37:17.0500 1344 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:37:17.0578 1344 HTTP - ok
06:37:17.0593 1344 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
06:37:17.0718 1344 i2omgmt - ok
06:37:17.0734 1344 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
06:37:17.0859 1344 i2omp - ok
06:37:17.0875 1344 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:37:18.0015 1344 i8042prt - ok
06:37:18.0109 1344 ialm (7c7560001937dd47fe933de2181227f2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
06:37:18.0203 1344 ialm - ok
06:37:18.0250 1344 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:37:18.0375 1344 Imapi - ok
06:37:18.0406 1344 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
06:37:18.0546 1344 ini910u - ok
06:37:18.0562 1344 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:37:18.0718 1344 IntelIde - ok
06:37:18.0765 1344 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:37:18.0875 1344 intelppm - ok
06:37:18.0921 1344 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:37:19.0125 1344 Ip6Fw - ok
06:37:19.0171 1344 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:37:19.0343 1344 IpFilterDriver - ok
06:37:19.0375 1344 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:37:19.0500 1344 IpInIp - ok
06:37:19.0546 1344 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:37:19.0671 1344 IpNat - ok
06:37:19.0671 1344 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:37:19.0828 1344 IPSec - ok
06:37:19.0890 1344 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:37:20.0015 1344 IRENUM - ok
06:37:20.0031 1344 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:37:20.0187 1344 isapnp - ok
06:37:20.0234 1344 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:37:20.0359 1344 Kbdclass - ok
06:37:20.0390 1344 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:37:20.0515 1344 kbdhid - ok
06:37:20.0562 1344 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:37:20.0703 1344 kmixer - ok
06:37:20.0734 1344 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:37:20.0859 1344 KSecDD - ok
06:37:20.0875 1344 lbrtfdc - ok
06:37:20.0921 1344 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
06:37:20.0921 1344 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
06:37:20.0921 1344 MHNDRV - detected UnsignedFile.Multi.Generic (1)
06:37:20.0937 1344 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:37:21.0062 1344 mnmdd - ok
06:37:21.0093 1344 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:37:21.0250 1344 Modem - ok
06:37:21.0250 1344 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:37:21.0375 1344 Mouclass - ok
06:37:21.0421 1344 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:37:21.0546 1344 mouhid - ok
06:37:21.0578 1344 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:37:21.0703 1344 MountMgr - ok
06:37:21.0718 1344 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
06:37:21.0859 1344 mraid35x - ok
06:37:21.0906 1344 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:37:22.0046 1344 MRxDAV - ok
06:37:22.0062 1344 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:37:22.0203 1344 Msfs - ok
06:37:22.0250 1344 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:37:22.0406 1344 MSKSSRV - ok
06:37:22.0421 1344 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:37:22.0546 1344 MSPCLOCK - ok
06:37:22.0578 1344 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:37:22.0781 1344 MSPQM - ok
06:37:22.0812 1344 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:37:22.0921 1344 mssmbios - ok
06:37:22.0937 1344 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:37:23.0000 1344 Mup - ok
06:37:23.0031 1344 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
06:37:23.0156 1344 mxnic - ok
06:37:23.0171 1344 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:37:23.0343 1344 NDIS - ok
06:37:23.0375 1344 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:37:23.0390 1344 NdisTapi - ok
06:37:23.0421 1344 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:37:23.0562 1344 Ndisuio - ok
06:37:23.0562 1344 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:37:23.0718 1344 NdisWan - ok
06:37:23.0734 1344 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:37:23.0828 1344 NDProxy - ok
06:37:23.0843 1344 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:37:23.0968 1344 NetBIOS - ok
06:37:24.0000 1344 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:37:24.0125 1344 NetBT - ok
06:37:24.0171 1344 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:37:24.0312 1344 NIC1394 - ok
06:37:24.0328 1344 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:37:24.0453 1344 Npfs - ok
06:37:24.0468 1344 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:37:24.0625 1344 Ntfs - ok
06:37:24.0671 1344 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:37:24.0812 1344 Null - ok
06:37:24.0875 1344 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:37:25.0078 1344 nv - ok
06:37:25.0109 1344 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:37:25.0250 1344 NwlnkFlt - ok
06:37:25.0265 1344 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:37:25.0406 1344 NwlnkFwd - ok
06:37:25.0421 1344 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:37:25.0578 1344 ohci1394 - ok
06:37:25.0656 1344 ossrv (ac5bf1a610effaae9cfc48cb53483f08) C:\WINDOWS\system32\drivers\ctoss2k.sys
06:37:25.0656 1344 ossrv - ok
06:37:25.0703 1344 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
06:37:25.0828 1344 P3 - ok
06:37:25.0843 1344 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
06:37:25.0953 1344 Parport - ok
06:37:25.0968 1344 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:37:26.0109 1344 PartMgr - ok
06:37:26.0140 1344 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:37:26.0265 1344 ParVdm - ok
06:37:26.0265 1344 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:37:26.0390 1344 PCI - ok
06:37:26.0406 1344 PCIDump - ok
06:37:26.0437 1344 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:37:26.0562 1344 PCIIde - ok
06:37:26.0578 1344 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:37:26.0703 1344 Pcmcia - ok
06:37:26.0718 1344 PDCOMP - ok
06:37:26.0734 1344 PDFRAME - ok
06:37:26.0750 1344 PDRELI - ok
06:37:26.0765 1344 PDRFRAME - ok
06:37:26.0781 1344 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
06:37:26.0937 1344 perc2 - ok
06:37:26.0953 1344 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
06:37:27.0078 1344 perc2hib - ok
06:37:27.0109 1344 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:37:27.0234 1344 PptpMiniport - ok
06:37:27.0250 1344 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:37:27.0375 1344 PSched - ok
06:37:27.0375 1344 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:37:27.0500 1344 Ptilink - ok
06:37:27.0515 1344 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:37:27.0546 1344 PxHelp20 - ok
06:37:27.0546 1344 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
06:37:27.0687 1344 ql1080 - ok
06:37:27.0718 1344 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
06:37:27.0843 1344 Ql10wnt - ok
06:37:27.0875 1344 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
06:37:28.0000 1344 ql12160 - ok
06:37:28.0015 1344 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
06:37:28.0140 1344 ql1240 - ok
06:37:28.0156 1344 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
06:37:28.0328 1344 ql1280 - ok
06:37:28.0343 1344 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:37:28.0468 1344 RasAcd - ok
06:37:28.0515 1344 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:37:28.0625 1344 Rasl2tp - ok
06:37:28.0640 1344 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:37:28.0765 1344 RasPppoe - ok
06:37:28.0781 1344 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:37:28.0921 1344 Raspti - ok
06:37:28.0937 1344 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:37:29.0046 1344 Rdbss - ok
06:37:29.0062 1344 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:37:29.0187 1344 RDPCDD - ok
06:37:29.0203 1344 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:37:29.0328 1344 rdpdr - ok
06:37:29.0375 1344 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
06:37:29.0453 1344 RDPWD - ok
06:37:29.0484 1344 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:37:29.0609 1344 redbook - ok
06:37:29.0718 1344 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
06:37:29.0734 1344 SASDIFSV - ok
06:37:29.0734 1344 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
06:37:29.0750 1344 SASKUTIL - ok
06:37:29.0843 1344 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:37:29.0984 1344 Secdrv - ok
06:37:30.0015 1344 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:37:30.0140 1344 serenum - ok
06:37:30.0140 1344 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:37:30.0265 1344 Serial - ok
06:37:30.0296 1344 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:37:30.0687 1344 Sfloppy - ok
06:37:30.0703 1344 Simbad - ok
06:37:30.0734 1344 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
06:37:30.0859 1344 sisagp - ok
06:37:30.0890 1344 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
06:37:30.0921 1344 SmartDefragDriver - ok
06:37:30.0937 1344 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
06:37:31.0000 1344 Sparrow - ok
06:37:31.0015 1344 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:37:31.0140 1344 splitter - ok
06:37:31.0187 1344 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:37:31.0312 1344 sr - ok
06:37:31.0359 1344 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:37:31.0421 1344 Srv - ok
06:37:31.0468 1344 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
06:37:31.0484 1344 ssmdrv - ok
06:37:31.0515 1344 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys
06:37:31.0531 1344 SunkFilt ( UnsignedFile.Multi.Generic ) - warning
06:37:31.0531 1344 SunkFilt - detected UnsignedFile.Multi.Generic (1)
06:37:31.0562 1344 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:37:31.0687 1344 swenum - ok
06:37:31.0703 1344 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:37:31.0859 1344 swmidi - ok
06:37:31.0875 1344 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
06:37:32.0000 1344 symc810 - ok
06:37:32.0015 1344 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
06:37:32.0140 1344 symc8xx - ok
06:37:32.0156 1344 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
06:37:32.0296 1344 sym_hi - ok
06:37:32.0296 1344 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
06:37:32.0421 1344 sym_u3 - ok
06:37:32.0468 1344 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:37:32.0578 1344 sysaudio - ok
06:37:32.0625 1344 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:37:32.0703 1344 Tcpip - ok
06:37:32.0734 1344 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:37:32.0906 1344 TDPIPE - ok
06:37:32.0937 1344 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:37:33.0093 1344 TDTCP - ok
06:37:33.0109 1344 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:37:33.0218 1344 TermDD - ok
06:37:33.0250 1344 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
06:37:33.0375 1344 TosIde - ok
06:37:33.0421 1344 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:37:33.0546 1344 Udfs - ok
06:37:33.0578 1344 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
06:37:33.0640 1344 ultra - ok
06:37:33.0671 1344 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:37:33.0828 1344 Update - ok
06:37:33.0890 1344 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:37:34.0015 1344 usbaudio - ok
06:37:34.0062 1344 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:37:34.0187 1344 usbccgp - ok
06:37:34.0203 1344 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:37:34.0328 1344 usbehci - ok
06:37:34.0375 1344 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:37:34.0484 1344 usbhub - ok
06:37:34.0515 1344 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:37:34.0640 1344 USBSTOR - ok
06:37:34.0687 1344 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:37:34.0796 1344 usbuhci - ok
06:37:34.0843 1344 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:37:34.0968 1344 VgaSave - ok
06:37:34.0984 1344 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
06:37:35.0109 1344 viaagp - ok
06:37:35.0140 1344 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
06:37:35.0265 1344 ViaIde - ok
06:37:35.0281 1344 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:37:35.0406 1344 VolSnap - ok
06:37:35.0468 1344 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:37:35.0593 1344 Wanarp - ok
06:37:35.0593 1344 wanatw - ok
06:37:35.0609 1344 WDICA - ok
06:37:35.0656 1344 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:37:35.0796 1344 wdmaud - ok
06:37:35.0843 1344 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
06:37:36.0000 1344 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
06:37:36.0000 1344 \Device\Harddisk0\DR0 - detected TDSS File System (1)
06:37:36.0000 1344 Boot (0x1200) (22441aec1c9344f55e95052d2afc3e15) \Device\Harddisk0\DR0\Partition0
06:37:36.0000 1344 \Device\Harddisk0\DR0\Partition0 - ok
06:37:36.0015 1344 Boot (0x1200) (3e9918d06645db4045b1ed73a7f07efb) \Device\Harddisk0\DR0\Partition1
06:37:36.0015 1344 \Device\Harddisk0\DR0\Partition1 - ok
06:37:36.0015 1344 ============================================================
06:37:36.0015 1344 Scan finished
06:37:36.0015 1344 ============================================================
06:37:36.0125 1124 Detected object count: 4
06:37:36.0125 1124 Actual detected object count: 4
06:38:56.0421 1124 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
06:38:56.0421 1124 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:38:56.0421 1124 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
06:38:56.0421 1124 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:38:56.0421 1124 SunkFilt ( UnsignedFile.Multi.Generic ) - skipped by user
06:38:56.0421 1124 SunkFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:38:56.0437 1124 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
06:38:56.0437 1124 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
06:39:51.0093 0688 Deinitialize success

ComboFix 11-12-16.01 - Owner 12/16/2011 6:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2022.1579 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Defuser\WINDOWS
c:\documents and settings\Owner\ntuser.tmp
c:\documents and settings\Owner\WINDOWS
c:\windows\$NtUninstallKB47647$
c:\windows\$NtUninstallKB47647$\1818700167\@
c:\windows\$NtUninstallKB47647$\1818700167\L\qilnwkjq
c:\windows\$NtUninstallKB47647$\1818700167\loader.tlb
c:\windows\$NtUninstallKB47647$\1818700167\U\@00000001
c:\windows\$NtUninstallKB47647$\1818700167\U\@000000c0
c:\windows\$NtUninstallKB47647$\1818700167\U\@000000cb
c:\windows\$NtUninstallKB47647$\1818700167\U\@000000cf
c:\windows\$NtUninstallKB47647$\1818700167\U\@80000000
c:\windows\$NtUninstallKB47647$\1818700167\U\@800000c0
c:\windows\$NtUninstallKB47647$\1818700167\U\@800000cb
c:\windows\$NtUninstallKB47647$\1818700167\U\@800000cf
c:\windows\$NtUninstallKB47647$\2227877582
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\CSC\d6
c:\windows\system32\
c:\windows\system32\config\systemprofile\WINDOWS
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 12:24 . 2011-12-16 12:24 -------- d-----w- C:\_OTL
2011-12-14 17:30 . 2011-12-14 17:30 -------- d-----w- c:\windows\SHELLNEW
2011-12-14 17:28 . 2011-12-14 17:28 -------- d-----r- C:\MSOCache
2011-12-12 22:26 . 2001-08-17 19:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2011-12-12 22:26 . 2008-04-13 18:46 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2011-12-12 22:26 . 2008-04-13 18:46 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2011-11-27 18:45 . 2011-11-27 18:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-22 21:42 . 2011-11-22 21:42 -------- d-----w- c:\windows\system32\winrm
2011-11-22 21:41 . 2011-10-20 04:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-22 19:07 . 2011-11-27 22:56 -------- d-----w- c:\windows\system32\NtmsData
2011-11-22 14:58 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-11-22 11:29 . 2004-04-13 20:48 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-11-22 11:17 . 2003-09-22 07:00 40960 ----a-w- c:\windows\system32\LSUninst.exe
2011-11-22 11:17 . 2011-11-22 12:19 118784 ----a-w- c:\windows\dsdxirmv.exe
2011-11-22 11:16 . 2006-11-30 21:49 368640 ----a-w- c:\windows\system32\ReWire.dll
2011-11-22 10:30 . 2011-12-15 11:02 -------- d-----w- C:\Pimp bleep
2011-11-22 09:55 . 2011-11-22 09:55 -------- d-----w- c:\windows\system32\drivers\umdf
2011-11-21 20:43 . 2011-12-05 22:18 -------- d-----w- C:\Cakewalk Projects
2011-11-21 20:31 . 2004-03-02 23:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2011-11-21 20:31 . 2004-03-02 23:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2011-11-21 20:31 . 2004-07-26 23:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2011-11-21 20:31 . 2004-07-26 23:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2011-11-21 20:31 . 2004-07-26 23:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2011-11-21 20:31 . 2004-07-26 23:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2011-11-21 20:31 . 2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2011-11-21 20:31 . 2000-06-26 17:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2011-11-21 19:24 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-11-21 18:36 . 2003-06-13 05:25 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-11-21 18:35 . 2008-02-04 16:27 102400 ----a-w- c:\windows\system32\cttele32.dll
2011-11-21 18:31 . 2009-05-18 20:34 22691984 ----a-w- c:\windows\system32\AppSetup.exe
2011-11-21 18:02 . 2000-05-22 08:58 647872 ------w- c:\windows\system32\Mscomct2.ocx
2011-11-21 18:02 . 1999-10-10 17:00 41984 ------w- c:\windows\Ctregrun.exe
2011-11-21 18:02 . 2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
2011-11-21 17:59 . 2003-11-11 17:08 77824 ------w- c:\windows\system32\ctdvda32.dll
2011-11-21 17:52 . 2011-11-21 17:54 -------- d-----w- c:\windows\SxsCaPendDel
2011-11-21 13:28 . 2011-11-21 13:52 -------- d-----w- C:\- Jonserz bleep
2011-11-21 12:39 . 2011-11-21 12:39 -------- d-----w- c:\windows\Sun
2011-11-21 12:01 . 2011-12-07 07:51 -------- d-----w- C:\Muhbleep Educational
2011-11-21 10:23 . 2011-12-11 05:34 -------- d-----w- c:\documents and settings\Defuser
2011-11-21 10:07 . 2011-11-21 10:27 -------- d-----w- c:\windows\All Users
2011-11-21 09:01 . 1999-08-04 02:33 205824 ----a-w- c:\windows\system32\CRESIZE5.OCX
2011-11-21 09:01 . 1995-07-26 05:00 89600 ----a-w- c:\windows\system32\GRID32.OCX
2011-11-21 09:01 . 2000-05-22 06:00 115920 ----a-w- c:\windows\system32\MSINET.OCX
2011-11-21 09:01 . 1997-12-16 09:00 143872 ----a-w- c:\windows\system32\unzip32.dll
2011-11-21 09:01 . 1997-06-24 01:06 24848 ----a-w- c:\windows\system32\MSJtEr35.dll
2011-11-21 09:01 . 1997-06-24 01:06 123664 ----a-w- c:\windows\system32\MSJInt35.dll
2011-11-21 09:00 . 1997-01-16 06:00 71680 ----a-w- c:\windows\ST5UNST.EXE
2011-11-21 09:00 . 1997-01-16 06:00 29696 ----a-w- c:\windows\system32\VB5StKit.dll
2011-11-21 08:00 . 2011-11-21 08:02 -------- d-----w- C:\2010
2011-11-21 07:52 . 2011-11-21 07:58 -------- d-----w- C:\2011
2011-11-21 04:45 . 2011-12-13 07:55 -------- d-----w- C:\Muhbleep Music
2011-11-21 03:44 . 2011-08-19 22:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-11-21 03:44 . 2010-11-27 00:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-11-21 03:39 . 2011-11-21 03:39 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-11-21 03:14 . 2011-11-21 03:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-21 03:12 . 2011-11-21 03:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-21 03:09 . 2011-11-21 03:09 -------- d-----w- c:\windows\system32\Adobe
2011-11-21 02:56 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 02:34 . 2011-09-18 14:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-21 02:34 . 2011-09-16 05:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-21 02:34 . 2011-09-16 05:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-21 02:03 . 2011-11-21 02:03 -------- d-----w- c:\windows\system32\XPSViewer
2011-11-21 02:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-11-21 02:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-11-21 02:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-11-21 02:03 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-11-21 01:10 . 2011-11-21 01:10 -------- d-----w- c:\windows\system32\scripting
2011-11-21 01:10 . 2011-11-21 01:10 -------- d-----w- c:\windows\system32\en
2011-11-21 01:10 . 2011-11-21 01:10 -------- d-----w- c:\windows\system32\bits
2011-11-21 01:10 . 2011-11-21 01:10 -------- d-----w- c:\windows\l2schemas
2011-11-21 01:03 . 2008-04-14 00:11 233472 ------w- c:\windows\system32\azroles.dll
2011-11-21 01:03 . 2008-04-14 00:11 136192 ------w- c:\windows\system32\aaclient.dll
2011-11-21 00:45 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-11-21 00:45 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-11-21 00:45 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2011-11-21 00:45 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-11-21 00:38 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-11-21 00:33 . 2011-12-15 11:59 -------- d--h--w- c:\windows\$hf_mig$
2011-11-21 00:21 . 2011-11-21 00:49 -------- d-----w- c:\windows\ServicePackFiles
2011-11-21 00:20 . 2007-07-28 05:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-11-20 23:10 . 2004-12-01 20:54 163840 ----a-w- c:\windows\system32\igfxres.dll
2011-11-20 23:09 . 2011-12-16 13:00 -------- d-----w- c:\documents and settings\Owner
2011-11-20 23:02 . 2003-03-25 13:00 67072 ----a-w- c:\windows\POWERCFG.EXE
2011-11-20 23:01 . 2004-05-18 02:30 543232 ----a-w- c:\windows\zHotkey.exe
2011-11-20 23:01 . 2004-03-02 17:40 3926 ----a-w- c:\windows\mHotkey.reg
2011-11-20 23:01 . 2003-09-19 17:09 36864 ----a-w- c:\windows\ShowWnd.exe
2011-11-20 23:01 . 2003-05-27 03:19 532544 ----a-w- c:\windows\PIC.dll
2011-11-20 23:01 . 2001-07-03 04:36 24576 ----a-w- c:\windows\HKNTDLL.dll
2011-11-20 23:01 . 2000-08-07 19:57 5280 ----a-w- c:\windows\hotbtnv.vxd
2011-11-20 23:01 . 2004-09-04 00:07 20480 ----a-w- c:\windows\system32\Marker32.exe
2011-11-20 23:01 . 2004-07-15 22:06 471298 ----a-w- c:\windows\wallpg.exe
2011-11-20 22:57 . 2004-11-24 21:12 279624 ----a-w- c:\windows\system32\mcgdmgr.dll
2011-11-20 22:57 . 2004-11-24 21:12 341064 ----a-w- c:\windows\system32\mcinsctl.dll
2011-11-20 22:57 . 2004-08-09 18:16 17956 ----a-w- c:\windows\BigFixClientOverride.dll
2011-11-20 22:56 . 2004-01-14 10:53 1658880 ------w- c:\windows\UNNeroBurnRights.exe
2011-11-20 22:56 . 2002-10-09 13:36 57344 ----a-w- c:\windows\system32\NeroBurnRights.cpl
2011-11-20 22:56 . 2002-10-09 13:36 53248 ----a-w- c:\windows\system32\NeroCo.dll
2011-11-20 22:56 . 1999-11-10 19:05 86016 ----a-w- c:\windows\unvise32qt.exe
2011-11-20 22:56 . 2001-03-13 22:49 140288 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-11-20 22:56 . 1998-04-24 08:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-11-20 22:56 . 2011-11-20 23:34 -------- d-----w- c:\windows\occache
2011-11-20 22:54 . 2004-12-01 21:01 159744 ----a-w- c:\windows\system32\igfxrheb.lrc
2011-11-20 22:41 . 2011-11-20 22:41 -------- d-----w- c:\windows\system32\URTTemp
2011-11-20 22:40 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-11-20 22:40 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-11-20 22:40 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-20 22:40 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-11-20 22:40 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-11-20 22:39 . 2008-04-14 00:11 7168 ----a-w- c:\windows\system32\hccoin.dll
2011-11-20 22:39 . 2008-04-13 18:45 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-11-20 22:28 . 2011-12-15 12:01 -------- dcsh--r- c:\windows\system32\dllcache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2004-10-28 00:52 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 16:07 . 2004-10-28 00:52 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2004-10-28 00:52 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2004-10-28 00:51 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2004-10-28 00:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2004-10-28 00:51 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2004-10-28 00:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-10-28 00:52 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 05:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-10 14:22 . 2004-10-28 01:16 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-10-28 00:51 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41 . 2011-09-26 17:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2004-10-28 00:52 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2004-10-28 00:52 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"PrismXL"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"!SASCORE"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"CTAudSvcService"=2 (0x2)
"Creative Audio Engine Licensing Service"=3 (0x3)
"Application Updater"=2 (0x2)
"AdvancedSystemCareService5"=2 (0x2)
"ose"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\m\\m.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [11/20/2011 9:44 PM 14776]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/20/2011 8:34 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/20/2011 8:34 PM 86224]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [5/5/2010 9:23 PM 171096]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [5/5/2010 9:24 PM 1324120]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [5/5/2010 9:23 PM 72792]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [5/5/2010 9:23 PM 171096]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [5/5/2010 9:24 PM 1324120]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [5/5/2010 9:23 PM 72792]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/18/2011 6:02 PM 116608]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/21/2011 12:35 PM 79360]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Free YouTube Download - c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-16 07:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(440)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2011-12-16 07:06:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-16 13:06
.
Pre-Run: 93,876,891,648 bytes free
Post-Run: 93,842,669,568 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
.
- - End Of File - - D557E35051EEE23925B84D1D2103317B


I'll reformat if its absolutely necessary, but I just did that 2 or 3 weeks ago, so if I can avoid reformatting that would be great. If I do end up wiping the system and redoing everything I need to find another external hard drive or some other way of backing up all my stuff. I did have a second external hard drive but I lost it after my reformat.


Hope I didn't make this difficult. I really appreciate your help and want to say thank you on behalf of everyone that forget to show their appreciation. I can't be easy dealing with people that have no clue what they are doing. I find it almost impossible to explain to others how to keep their computers clean.

Looking forward to your reply!

Edited by notinfallible, 16 December 2011 - 09:55 PM.

The most important thing in communication is to hear what isn't being said.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:02 PM

Posted 17 December 2011 - 02:44 AM

Hi!

I had to run OTL twice, so there are 2 log files for that. I'm almost certain what caused the OTL fix to not complete properly on the first try was the host file protection in Avira. I really didn't have much of a choice because the taskbar and start menu bar at the bottom of the screen wasn't there anymore.

The other issue I had was while running ComboFix. ComboFix warned me 2 or 3 times to disable my anti-virus. I disabled Avira prior to running ComboFix, following the steps provided by link with information on how to disable the anti-virus temporarily, but I don't think ComboFix saw it that way. When ComboFix told me to disable it, I thought maybe Avira hadn't closed yet completely. The umbrella (avira taskbar symbol) was shut. I went into the task mananger and right clicked on the avira process in there and then ended them, but ComboFix didn't see things that way and told me to proceed with caution.

Okay, thanks for that information.

Hope I didn't make this difficult. I really appreciate your help and want to say thank you on behalf of everyone that forget to show their appreciation. I can't be easy dealing with people that have no clue what they are doing. I find it almost impossible to explain to others how to keep their computers clean.

You're very welcome. :)

You have a suspicious file on your computer, and I'd like to have you upload it to VirusTotal, so that we can see what it shows me.

VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Choose File button and search for the following file: c:\Program Files\m\m.exe
  • Click Open
  • Then click Send File
If it says already scanned -- click "reanalyze now"

  • Please be patient while the file is scanned.
  • Once the scan results appear, please click on the Compact button.
  • A new window should appear with a bunch of tabs at the top. Please click on the BBCode tab.
  • Copy and Paste the contents of the text in the BBCode into your next reply for me to review.

Please post the results in your next reply as well as a log file from running a new TDSSKiller scan.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:07:02 PM

Posted 17 December 2011 - 08:15 AM

I think I know what m.exe is.... it's uTorrent. I renamed it.

In uTorrent's folder after you install it, there is just one file and it LOOKS like the same file that gets placed on the desktop as a shortcut. I deleted the shortcut on the desktop and thought the the file in the program folder was the same, so I copied that file to the desktop as a shortcut. When I double clicked it, it brought to the program install/setup. I did go through with the installation (I wish I wouldn't have) but I soon after uninstalled uTorrent completely. I believe that I downloaded a different version before installing it again and afterwards I renamed the folder and that file that came with it to " m ". All this happened a couple weeks ago. I thought maybe this would be revelant to the situation.

Update: Avira just found TR/Atraps.Gen2 and it mentions A0000039.ini

Here are the logs you requested.


Antivirus results
AhnLab-V3 - 2011.12.16.04 - 2011.12.16 - -
AntiVir - 7.11.19.153 - 2011.12.16 - -
Antiy-AVL - 2.0.3.7 - 2011.12.17 - -
Avast - 6.0.1289.0 - 2011.12.17 - -
AVG - 10.0.0.1190 - 2011.12.17 - -
BitDefender - 7.2 - 2011.12.17 - -
ByteHero - 1.0.0.1 - 2011.12.07 - -
CAT-QuickHeal - 12.00 - 2011.12.17 - -
ClamAV - 0.97.3.0 - 2011.12.17 - -
Commtouch - 5.3.2.6 - 2011.12.17 - -
Comodo - 10989 - 2011.12.17 - -
DrWeb - 5.0.2.03300 - 2011.12.17 - -
Emsisoft - 5.1.0.11 - 2011.12.17 - -
eSafe - 7.0.17.0 - 2011.12.15 - -
eTrust-Vet - 37.0.9628 - 2011.12.16 - -
F-Prot - 4.6.5.141 - 2011.12.17 - -
F-Secure - 9.0.16440.0 - 2011.12.17 - -
Fortinet - 4.3.388.0 - 2011.12.17 - -
GData - 22 - 2011.12.17 - -
Ikarus - T3.1.1.109.0 - 2011.12.17 - -
Jiangmin - 13.0.900 - 2011.12.16 - -
K7AntiVirus - 9.119.5696 - 2011.12.15 - -
Kaspersky - 9.0.0.837 - 2011.12.17 - -
McAfee - 5.400.0.1158 - 2011.12.17 - -
McAfee-GW-Edition - 2010.1E - 2011.12.16 - -
Microsoft - 1.7903 - 2011.12.17 - -
NOD32 - 6718 - 2011.12.17 - -
Norman - 6.07.13 - 2011.12.17 - -
nProtect - 2011-12-17.01 - 2011.12.17 - -
Panda - 10.0.3.5 - 2011.12.17 - -
PCTools - 8.0.0.5 - 2011.12.17 - -
Prevx - 3.0 - 2011.12.17 - -
Rising - 23.88.03.02 - 2011.12.16 - -
Sophos - 4.72.0 - 2011.12.17 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.12.17 - -
Symantec - 20111.2.0.82 - 2011.12.17 - -
TheHacker - 6.7.0.1.360 - 2011.12.16 - -
TrendMicro - 9.500.0.1008 - 2011.12.17 - -
TrendMicro-HouseCall - 9.500.0.1008 - 2011.12.17 - -
VBA32 - 3.12.16.4 - 2011.12.14 - -
VIPRE - 11266 - 2011.12.17 - -
ViRobot - 2011.12.17.4831 - 2011.12.17 - -
VirusBuster - 14.1.120.0 - 2011.12.16 - -
File info:
MD5: 1e12823eb57aab6403e5246b4187a5f0
SHA1: b1378d7cbe5d1e1b168ce44def8f59facdc046d5
SHA256: 3a3a4eeeb08b6242e77bc50dfe779842a91c19a6388c61e5da40067500e7009e
File size: 399736 bytes
Scan date: 2011-12-17 12:58:30 (UTC)

07:06:13.0156 1788 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
07:06:13.0500 1788 ============================================================
07:06:13.0500 1788 Current date / time: 2011/12/17 07:06:13.0500
07:06:13.0500 1788 SystemInfo:
07:06:13.0500 1788
07:06:13.0500 1788 OS Version: 5.1.2600 ServicePack: 3.0
07:06:13.0500 1788 Product type: Workstation
07:06:13.0500 1788 ComputerName: YOUR-B111E91627
07:06:13.0500 1788 UserName: Owner
07:06:13.0500 1788 Windows directory: C:\WINDOWS
07:06:13.0500 1788 System windows directory: C:\WINDOWS
07:06:13.0500 1788 Processor architecture: Intel x86
07:06:13.0500 1788 Number of processors: 2
07:06:13.0500 1788 Page size: 0x1000
07:06:13.0500 1788 Boot type: Normal boot
07:06:13.0500 1788 ============================================================
07:06:14.0906 1788 Initialize success
07:06:21.0328 3896 ============================================================
07:06:21.0328 3896 Scan started
07:06:21.0328 3896 Mode: Manual; SigCheck; TDLFS;
07:06:21.0328 3896 ============================================================
07:06:21.0906 3896 Abiosdsk - ok
07:06:21.0937 3896 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:06:23.0609 3896 abp480n5 - ok
07:06:23.0828 3896 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:06:24.0031 3896 ACPI - ok
07:06:24.0062 3896 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:06:24.0218 3896 ACPIEC - ok
07:06:24.0234 3896 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:06:24.0390 3896 adpu160m - ok
07:06:24.0437 3896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:06:24.0593 3896 aec - ok
07:06:24.0656 3896 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:06:24.0750 3896 AFD - ok
07:06:24.0765 3896 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:06:24.0890 3896 agp440 - ok
07:06:24.0906 3896 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:06:25.0062 3896 agpCPQ - ok
07:06:25.0078 3896 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:06:25.0156 3896 Aha154x - ok
07:06:25.0187 3896 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:06:25.0312 3896 aic78u2 - ok
07:06:25.0328 3896 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:06:25.0453 3896 aic78xx - ok
07:06:25.0468 3896 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:06:25.0609 3896 AliIde - ok
07:06:25.0656 3896 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:06:25.0781 3896 alim1541 - ok
07:06:25.0796 3896 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:06:25.0937 3896 amdagp - ok
07:06:25.0937 3896 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
07:06:26.0000 3896 amsint - ok
07:06:26.0031 3896 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:06:26.0156 3896 Arp1394 - ok
07:06:26.0171 3896 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
07:06:26.0328 3896 asc - ok
07:06:26.0343 3896 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:06:26.0406 3896 asc3350p - ok
07:06:26.0421 3896 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:06:26.0546 3896 asc3550 - ok
07:06:26.0609 3896 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
07:06:26.0625 3896 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
07:06:26.0625 3896 ASCTRM - detected UnsignedFile.Multi.Generic (1)
07:06:26.0656 3896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:06:26.0796 3896 AsyncMac - ok
07:06:26.0796 3896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:06:26.0968 3896 atapi - ok
07:06:26.0968 3896 Atdisk - ok
07:06:27.0015 3896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:06:27.0140 3896 Atmarpc - ok
07:06:27.0187 3896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:06:27.0312 3896 audstub - ok
07:06:27.0343 3896 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
07:06:27.0453 3896 avgntflt - ok
07:06:27.0468 3896 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
07:06:27.0484 3896 avipbb - ok
07:06:27.0500 3896 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
07:06:27.0515 3896 avkmgr - ok
07:06:27.0546 3896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:06:27.0703 3896 Beep - ok
07:06:27.0718 3896 catchme - ok
07:06:27.0765 3896 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:06:27.0890 3896 cbidf - ok
07:06:27.0906 3896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:06:28.0031 3896 cbidf2k - ok
07:06:28.0046 3896 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:06:28.0140 3896 cd20xrnt - ok
07:06:28.0156 3896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:06:28.0296 3896 Cdaudio - ok
07:06:28.0312 3896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:06:28.0437 3896 Cdfs - ok
07:06:28.0468 3896 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:06:28.0593 3896 Cdrom - ok
07:06:28.0609 3896 Changer - ok
07:06:28.0625 3896 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:06:28.0750 3896 CmdIde - ok
07:06:28.0781 3896 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:06:28.0937 3896 Cpqarray - ok
07:06:29.0000 3896 CT20XUT (b9106942eb5dd0e034ab40a9d48d056e) C:\WINDOWS\system32\drivers\CT20XUT.SYS
07:06:29.0015 3896 CT20XUT - ok
07:06:29.0046 3896 CT20XUT.SYS (b9106942eb5dd0e034ab40a9d48d056e) C:\WINDOWS\System32\drivers\CT20XUT.SYS
07:06:29.0062 3896 CT20XUT.SYS - ok
07:06:29.0187 3896 ctac32k (f2b1d0a3d21bd0d9f46457cbcec1a0e9) C:\WINDOWS\system32\drivers\ctac32k.sys
07:06:29.0203 3896 ctac32k - ok
07:06:29.0265 3896 ctaud2k (44f60a5e3c3a8a6bba4c280948ea6095) C:\WINDOWS\system32\drivers\ctaud2k.sys
07:06:29.0281 3896 ctaud2k - ok
07:06:29.0343 3896 ctdvda2k (8cbe82d6bbf206e144f22cb33fab1f2c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
07:06:29.0390 3896 ctdvda2k - ok
07:06:29.0484 3896 CTEXFIFX (4ae083d16ac9fc9bdf98498f93426226) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
07:06:29.0531 3896 CTEXFIFX - ok
07:06:29.0562 3896 CTEXFIFX.SYS (4ae083d16ac9fc9bdf98498f93426226) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
07:06:29.0625 3896 CTEXFIFX.SYS - ok
07:06:29.0640 3896 CTHWIUT (b610bfe02f9fc0cb0b1cde3ec4c13ffa) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
07:06:29.0656 3896 CTHWIUT - ok
07:06:29.0656 3896 CTHWIUT.SYS (b610bfe02f9fc0cb0b1cde3ec4c13ffa) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
07:06:29.0671 3896 CTHWIUT.SYS - ok
07:06:29.0687 3896 ctprxy2k (f0f19a13c948e5289601e354b08e0941) C:\WINDOWS\system32\drivers\ctprxy2k.sys
07:06:29.0703 3896 ctprxy2k - ok
07:06:29.0750 3896 ctsfm2k (c7b2c36a6203a5f3d0a378fd78c5ddd6) C:\WINDOWS\system32\drivers\ctsfm2k.sys
07:06:29.0765 3896 ctsfm2k - ok
07:06:29.0781 3896 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:06:29.0906 3896 dac2w2k - ok
07:06:29.0921 3896 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:06:30.0078 3896 dac960nt - ok
07:06:30.0140 3896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:06:30.0265 3896 Disk - ok
07:06:30.0312 3896 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:06:30.0531 3896 dmboot - ok
07:06:30.0593 3896 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:06:30.0718 3896 dmio - ok
07:06:30.0734 3896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:06:30.0859 3896 dmload - ok
07:06:30.0921 3896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:06:31.0062 3896 DMusic - ok
07:06:31.0078 3896 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:06:31.0234 3896 dpti2o - ok
07:06:31.0265 3896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:06:31.0406 3896 drmkaud - ok
07:06:31.0421 3896 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:06:31.0484 3896 E100B - ok
07:06:31.0531 3896 emupia (fb2d6d4d14ae801f5267b0368fc0cb0c) C:\WINDOWS\system32\drivers\emupia2k.sys
07:06:31.0546 3896 emupia - ok
07:06:31.0578 3896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:06:31.0703 3896 Fastfat - ok
07:06:31.0734 3896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:06:31.0890 3896 Fdc - ok
07:06:31.0906 3896 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:06:32.0046 3896 Fips - ok
07:06:32.0078 3896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:06:32.0250 3896 Flpydisk - ok
07:06:32.0312 3896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:06:32.0437 3896 FltMgr - ok
07:06:32.0500 3896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:06:32.0640 3896 Fs_Rec - ok
07:06:32.0656 3896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:06:32.0812 3896 Ftdisk - ok
07:06:32.0875 3896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:06:32.0984 3896 Gpc - ok
07:06:33.0046 3896 ha20x2k (7ff1ced1201c169a783b0e81cc561fba) C:\WINDOWS\system32\drivers\ha20x2k.sys
07:06:33.0156 3896 ha20x2k - ok
07:06:33.0187 3896 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:06:33.0312 3896 HidUsb - ok
07:06:33.0328 3896 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
07:06:33.0453 3896 hpn - ok
07:06:33.0515 3896 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:06:33.0593 3896 HTTP - ok
07:06:33.0640 3896 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
07:06:33.0765 3896 i2omgmt - ok
07:06:33.0781 3896 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:06:33.0906 3896 i2omp - ok
07:06:33.0921 3896 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:06:34.0046 3896 i8042prt - ok
07:06:34.0125 3896 ialm (7c7560001937dd47fe933de2181227f2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:06:34.0250 3896 ialm - ok
07:06:34.0296 3896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:06:34.0437 3896 Imapi - ok
07:06:34.0453 3896 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:06:34.0578 3896 ini910u - ok
07:06:34.0609 3896 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:06:34.0765 3896 IntelIde - ok
07:06:34.0765 3896 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:06:34.0906 3896 intelppm - ok
07:06:34.0921 3896 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:06:35.0078 3896 Ip6Fw - ok
07:06:35.0109 3896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:06:35.0265 3896 IpFilterDriver - ok
07:06:35.0312 3896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:06:35.0437 3896 IpInIp - ok
07:06:35.0468 3896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:06:35.0609 3896 IpNat - ok
07:06:35.0625 3896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:06:35.0765 3896 IPSec - ok
07:06:35.0812 3896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:06:35.0953 3896 IRENUM - ok
07:06:35.0968 3896 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:06:36.0125 3896 isapnp - ok
07:06:36.0187 3896 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:06:36.0328 3896 Kbdclass - ok
07:06:36.0359 3896 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:06:36.0484 3896 kbdhid - ok
07:06:36.0515 3896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:06:36.0671 3896 kmixer - ok
07:06:36.0687 3896 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:06:36.0812 3896 KSecDD - ok
07:06:36.0828 3896 lbrtfdc - ok
07:06:36.0859 3896 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
07:06:36.0875 3896 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
07:06:36.0875 3896 MHNDRV - detected UnsignedFile.Multi.Generic (1)
07:06:36.0890 3896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:06:37.0015 3896 mnmdd - ok
07:06:37.0046 3896 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:06:37.0218 3896 Modem - ok
07:06:37.0234 3896 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:06:37.0375 3896 Mouclass - ok
07:06:37.0437 3896 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:06:37.0562 3896 mouhid - ok
07:06:37.0593 3896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:06:37.0718 3896 MountMgr - ok
07:06:37.0718 3896 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:06:37.0875 3896 mraid35x - ok
07:06:37.0906 3896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:06:38.0062 3896 MRxDAV - ok
07:06:38.0078 3896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:06:38.0234 3896 Msfs - ok
07:06:38.0281 3896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:06:38.0406 3896 MSKSSRV - ok
07:06:38.0421 3896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:06:38.0546 3896 MSPCLOCK - ok
07:06:38.0562 3896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:06:38.0734 3896 MSPQM - ok
07:06:38.0781 3896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:06:38.0906 3896 mssmbios - ok
07:06:38.0937 3896 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:06:39.0046 3896 Mup - ok
07:06:39.0093 3896 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
07:06:39.0218 3896 mxnic - ok
07:06:39.0234 3896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:06:39.0406 3896 NDIS - ok
07:06:39.0421 3896 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:06:39.0437 3896 NdisTapi - ok
07:06:39.0484 3896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:06:39.0609 3896 Ndisuio - ok
07:06:39.0625 3896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:06:39.0765 3896 NdisWan - ok
07:06:39.0812 3896 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:06:39.0921 3896 NDProxy - ok
07:06:39.0937 3896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:06:40.0078 3896 NetBIOS - ok
07:06:40.0109 3896 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:06:40.0250 3896 NetBT - ok
07:06:40.0296 3896 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:06:40.0421 3896 NIC1394 - ok
07:06:40.0437 3896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:06:40.0562 3896 Npfs - ok
07:06:40.0593 3896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:06:40.0734 3896 Ntfs - ok
07:06:40.0781 3896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:06:40.0921 3896 Null - ok
07:06:41.0000 3896 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:06:41.0250 3896 nv - ok
07:06:41.0296 3896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:06:41.0421 3896 NwlnkFlt - ok
07:06:41.0437 3896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:06:41.0578 3896 NwlnkFwd - ok
07:06:41.0640 3896 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:06:41.0781 3896 ohci1394 - ok
07:06:41.0859 3896 ossrv (ac5bf1a610effaae9cfc48cb53483f08) C:\WINDOWS\system32\drivers\ctoss2k.sys
07:06:41.0875 3896 ossrv - ok
07:06:41.0875 3896 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
07:06:42.0015 3896 P3 - ok
07:06:42.0031 3896 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:06:42.0156 3896 Parport - ok
07:06:42.0171 3896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:06:42.0296 3896 PartMgr - ok
07:06:42.0328 3896 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:06:42.0453 3896 ParVdm - ok
07:06:42.0468 3896 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:06:42.0593 3896 PCI - ok
07:06:42.0609 3896 PCIDump - ok
07:06:42.0640 3896 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:06:42.0765 3896 PCIIde - ok
07:06:42.0781 3896 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:06:42.0921 3896 Pcmcia - ok
07:06:42.0937 3896 PDCOMP - ok
07:06:42.0953 3896 PDFRAME - ok
07:06:42.0968 3896 PDRELI - ok
07:06:42.0968 3896 PDRFRAME - ok
07:06:42.0984 3896 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
07:06:43.0140 3896 perc2 - ok
07:06:43.0156 3896 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:06:43.0281 3896 perc2hib - ok
07:06:43.0343 3896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:06:43.0468 3896 PptpMiniport - ok
07:06:43.0484 3896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:06:43.0609 3896 PSched - ok
07:06:43.0640 3896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:06:43.0765 3896 Ptilink - ok
07:06:43.0781 3896 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:06:43.0796 3896 PxHelp20 - ok
07:06:43.0812 3896 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:06:43.0937 3896 ql1080 - ok
07:06:43.0953 3896 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:06:44.0078 3896 Ql10wnt - ok
07:06:44.0109 3896 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:06:44.0234 3896 ql12160 - ok
07:06:44.0234 3896 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:06:44.0375 3896 ql1240 - ok
07:06:44.0390 3896 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:06:44.0515 3896 ql1280 - ok
07:06:44.0546 3896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:06:44.0671 3896 RasAcd - ok
07:06:44.0718 3896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:06:44.0843 3896 Rasl2tp - ok
07:06:44.0859 3896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:06:44.0984 3896 RasPppoe - ok
07:06:44.0984 3896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:06:45.0125 3896 Raspti - ok
07:06:45.0140 3896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:06:45.0265 3896 Rdbss - ok
07:06:45.0281 3896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:06:45.0406 3896 RDPCDD - ok
07:06:45.0421 3896 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:06:45.0546 3896 rdpdr - ok
07:06:45.0609 3896 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
07:06:45.0671 3896 RDPWD - ok
07:06:45.0734 3896 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:06:45.0859 3896 redbook - ok
07:06:45.0937 3896 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:06:45.0953 3896 SASDIFSV - ok
07:06:45.0968 3896 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
07:06:45.0984 3896 SASKUTIL - ok
07:06:46.0031 3896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:06:46.0187 3896 Secdrv - ok
07:06:46.0234 3896 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:06:46.0359 3896 serenum - ok
07:06:46.0375 3896 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:06:46.0484 3896 Serial - ok
07:06:46.0515 3896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:06:46.0640 3896 Sfloppy - ok
07:06:46.0656 3896 Simbad - ok
07:06:46.0687 3896 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:06:46.0812 3896 sisagp - ok
07:06:46.0828 3896 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
07:06:46.0843 3896 SmartDefragDriver - ok
07:06:46.0859 3896 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:06:46.0921 3896 Sparrow - ok
07:06:46.0953 3896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:06:47.0078 3896 splitter - ok
07:06:47.0109 3896 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:06:47.0234 3896 sr - ok
07:06:47.0281 3896 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:06:47.0390 3896 Srv - ok
07:06:47.0437 3896 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
07:06:47.0453 3896 ssmdrv - ok
07:06:47.0484 3896 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys
07:06:47.0500 3896 SunkFilt ( UnsignedFile.Multi.Generic ) - warning
07:06:47.0500 3896 SunkFilt - detected UnsignedFile.Multi.Generic (1)
07:06:47.0531 3896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:06:47.0656 3896 swenum - ok
07:06:47.0671 3896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:06:47.0812 3896 swmidi - ok
07:06:47.0828 3896 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
07:06:47.0968 3896 symc810 - ok
07:06:47.0984 3896 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:06:48.0109 3896 symc8xx - ok
07:06:48.0125 3896 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:06:48.0281 3896 sym_hi - ok
07:06:48.0296 3896 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:06:48.0437 3896 sym_u3 - ok
07:06:48.0453 3896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:06:48.0578 3896 sysaudio - ok
07:06:48.0640 3896 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:06:48.0671 3896 Tcpip - ok
07:06:48.0703 3896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:06:48.0859 3896 TDPIPE - ok
07:06:48.0906 3896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:06:49.0062 3896 TDTCP - ok
07:06:49.0093 3896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:06:49.0218 3896 TermDD - ok
07:06:49.0234 3896 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
07:06:49.0375 3896 TosIde - ok
07:06:49.0421 3896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:06:49.0546 3896 Udfs - ok
07:06:49.0562 3896 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
07:06:49.0625 3896 ultra - ok
07:06:49.0656 3896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:06:49.0812 3896 Update - ok
07:06:49.0859 3896 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
07:06:50.0000 3896 usbaudio - ok
07:06:50.0062 3896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:06:50.0187 3896 usbccgp - ok
07:06:50.0203 3896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:06:50.0343 3896 usbehci - ok
07:06:50.0390 3896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:06:50.0515 3896 usbhub - ok
07:06:50.0546 3896 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:06:50.0671 3896 USBSTOR - ok
07:06:50.0687 3896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:06:50.0812 3896 usbuhci - ok
07:06:50.0875 3896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:06:51.0000 3896 VgaSave - ok
07:06:51.0015 3896 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:06:51.0140 3896 viaagp - ok
07:06:51.0171 3896 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:06:51.0296 3896 ViaIde - ok
07:06:51.0312 3896 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:06:51.0437 3896 VolSnap - ok
07:06:51.0500 3896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:06:51.0625 3896 Wanarp - ok
07:06:51.0640 3896 wanatw - ok
07:06:51.0656 3896 WDICA - ok
07:06:51.0687 3896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:06:51.0828 3896 wdmaud - ok
07:06:51.0906 3896 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:06:52.0125 3896 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:06:52.0125 3896 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:06:52.0125 3896 Boot (0x1200) (22441aec1c9344f55e95052d2afc3e15) \Device\Harddisk0\DR0\Partition0
07:06:52.0125 3896 \Device\Harddisk0\DR0\Partition0 - ok
07:06:52.0125 3896 Boot (0x1200) (2f26b1d630a2920fa1070dd0c251040d) \Device\Harddisk0\DR0\Partition1
07:06:52.0140 3896 \Device\Harddisk0\DR0\Partition1 - ok
07:06:52.0140 3896 ============================================================
07:06:52.0140 3896 Scan finished
07:06:52.0140 3896 ============================================================
07:06:52.0250 2332 Detected object count: 4
07:06:52.0250 2332 Actual detected object count: 4
07:07:00.0000 2332 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:00.0000 2332 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:07:00.0000 2332 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:00.0000 2332 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:07:00.0015 2332 SunkFilt ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:00.0015 2332 SunkFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:07:00.0015 2332 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:07:00.0015 2332 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
07:07:15.0968 2376 Deinitialize success

Edited by notinfallible, 17 December 2011 - 10:16 AM.

The most important thing in communication is to hear what isn't being said.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:02 PM

Posted 18 December 2011 - 03:15 AM

Good Evening!

Thanks for the info regarding the m.exe file.

Do you know where that threat was detected?

Avira Anti-Rootkit

Please navigate to the download page of Avira AntiRootkit and click on Download to save it to your Destop.
  • You should now find a file called: antivir_rootkit_en.zip on your Desktop.
  • Extract the file to your Desktop (you may then delete the zip file).
  • You should now have a folder with Setup.exe and some other files within it on your Desktop.
  • Double-click Setup.exe.
  • Click Next.
  • Highlight the radio button to acceppt the license agreement and then click Next.
  • Then click Next and Install to finalise the installation process.
  • Click Finish (you may now also delete the folder with the extracted files from the zip archive)
You successfully installed Avira AntiRootkit!
  • Please now navigate to Start > All Programs > Avira RootKit Detection. Then select: Avira RootKit Detection
  • Click OK when a message window pops up
  • Click Start scan and let it run
  • Click View report and copy the entire contents into your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:07:02 PM

Posted 18 December 2011 - 05:07 AM

The new detection was found in c:\system volume information\... \a0000039.ini

It didn't work the first time I tried the link. Worked the second time but didn't seem like it went smoothly.

Extracted from the zip file: the folder, avirarkd.exe, and build.dat. The doesn't have anything in it.

With the setup file missing and the strange behavior of the download, is possible that the rootkit is trying to block me from aquiring the tools to get rid of it?

Edited by notinfallible, 18 December 2011 - 05:14 AM.

The most important thing in communication is to hear what isn't being said.

#10 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:07:02 PM

Posted 18 December 2011 - 05:20 AM

Just out of curiousity I tried to download from the link you provided to see if it would work better, and now it won't let me download from it. This is close to the message that pops up when I click the link.....

Internet Explorer cannot download from this site. Internet Explorer unable to open this page because it is unavailable or not found.

Strange.

UPDATE: I can download the file if I right click then open in new window.

Edited by notinfallible, 18 December 2011 - 05:48 AM.

The most important thing in communication is to hear what isn't being said.

#11 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:07:02 PM

Posted 18 December 2011 - 05:49 AM

I ran the avirarkd.exe and here is the log from it....

Avira AntiRootkit Tool (1.3.0.1)

========================================================================================================
- Scan started Sunday, December 18, 2011 - 4:36:12 AM
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 591.67 GB
- Working disk free size : 89.21 GB (15 %)
--------------------------------------------------------------------------------------------------------

Results:
Embedded nulls : HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SAC
Embedded nulls : HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SAI

--------------------------------------------------------------------------------------------------------
Files: 0/191992
Registry items: 2/524333
Processes: 0/26
Scan time: 00:04:52
--------------------------------------------------------------------------------------------------------
Active processes:
- System (PID 4)
- svchost.exe (PID 1172)
- avgnt.exe (PID 1844)
- rsmsink.exe (PID 1856)
- vssvc.exe (PID 3316)
- winamp.exe (PID 840)
- alg.exe (PID 244)
- avguard.exe (PID 1528)
- iexplore.exe (PID 2352)
- explorer.exe (PID 1348)
- spoolsv.exe (PID 1432)
- winlogon.exe (PID 732)
- svchost.exe (PID 972)
- lsass.exe (PID 792)
- smss.exe (PID 656)
- csrss.exe (PID 704)
- services.exe (PID 780)
- svchost.exe (PID 1068)
- svchost.exe (PID 1268)
- iexplore.exe (PID 2120)
- sched.exe (PID 1492)
- dllhost.exe (PID 3008)
- avshadow.exe (PID 2004)
- dllhost.exe (PID 3060)
- avirarkd.exe (PID 764)
- rwkhzsrv.exe (PID 2928) (Avira AntiRootkit Tool)
========================================================================================================
- Scan finished Sunday, December 18, 2011 - 4:41:04 AM
========================================================================================================
The most important thing in communication is to hear what isn't being said.

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:02 PM

Posted 18 December 2011 - 05:52 AM

Hi!

The new detection was found in c:\system volume information\... \a0000039.ini

Okay. That would be in your System Restore Points, so those will be flushed out when we clean-up our tools later.

Extracted from the zip file: the folder, avirarkd.exe, and build.dat. The doesn't have anything in it.

That's my mistake my instructions for that tool are outdated, as it's been a while since I've had a user run the utility.

You will want to run the Avirakd.exe file.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:07:02 PM

Posted 18 December 2011 - 05:59 AM

We must have sent replies at the same. lol

Here is the log again in case you didn't see it.

Avira AntiRootkit Tool (1.3.0.1)

========================================================================================================
- Scan started Sunday, December 18, 2011 - 4:36:12 AM
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 591.67 GB
- Working disk free size : 89.21 GB (15 %)
--------------------------------------------------------------------------------------------------------

Results:
Embedded nulls : HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SAC
Embedded nulls : HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SAI

--------------------------------------------------------------------------------------------------------
Files: 0/191992
Registry items: 2/524333
Processes: 0/26
Scan time: 00:04:52
--------------------------------------------------------------------------------------------------------
Active processes:
- System (PID 4)
- svchost.exe (PID 1172)
- avgnt.exe (PID 1844)
- rsmsink.exe (PID 1856)
- vssvc.exe (PID 3316)
- winamp.exe (PID 840)
- alg.exe (PID 244)
- avguard.exe (PID 1528)
- iexplore.exe (PID 2352)
- explorer.exe (PID 1348)
- spoolsv.exe (PID 1432)
- winlogon.exe (PID 732)
- svchost.exe (PID 972)
- lsass.exe (PID 792)
- smss.exe (PID 656)
- csrss.exe (PID 704)
- services.exe (PID 780)
- svchost.exe (PID 1068)
- svchost.exe (PID 1268)
- iexplore.exe (PID 2120)
- sched.exe (PID 1492)
- dllhost.exe (PID 3008)
- avshadow.exe (PID 2004)
- dllhost.exe (PID 3060)
- avirarkd.exe (PID 764)
- rwkhzsrv.exe (PID 2928) (Avira AntiRootkit Tool)
========================================================================================================
- Scan finished Sunday, December 18, 2011 - 4:41:04 AM
========================================================================================================
The most important thing in communication is to hear what isn't being said.

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:02 PM

Posted 18 December 2011 - 06:44 AM

Good Morning!

Yes, it does appear we cross posted. Thanks for posting the log file for me. I appreciate it. I was hoping that was going to show me something different.

Do you have access to a USB device or flash drive? I'd like to have you run a utility in an external environment and ensure that you have no patched files.

Kindest Regards,
ST.

Edited by SweetTech, 18 December 2011 - 06:45 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:07:02 PM

Posted 18 December 2011 - 06:51 AM

I have a USB external hard drive. Will that work?

Edited by notinfallible, 18 December 2011 - 06:58 AM.

The most important thing in communication is to hear what isn't being said.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users