Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Certain websites won't open; get a "can not display" error


  • This topic is locked This topic is locked
21 replies to this topic

#1 GoofyGus

GoofyGus

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 21 January 2012 - 03:17 PM

I can connect to most websites but some (my online banking, credit card) and others that are not "https" sites like eBay.com or microlumina.com give me the "can not display" error message or "link appears broken" message. IE 8 recommends flushing the DNS (which I've done--same result) and Chrome suggests clearing the cache and cookies (tried that) or that there is "malicious software" infecting the machine. And that's why I'm here.

Thanks,
Bill

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Bill at 15:10:22 on 2012-01-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1779 [GMT -6:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.2dorks.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\bill\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [NWEReboot]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [SetDefaultMIDI] MIDIDef.exe
dRunOnce: [SetDefaultMidi] MIDIDEF.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\bill\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp psc 700 series\bin\hpobrt07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~2.lnk - c:\program files\hewlett-packard\aio\hp psc 700 series\bin\hpobrt07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\im-me.lnk - c:\windows\installer\{92f7a7a1-9576-4cd2-8d11-13cddd5b9491}\_D449D0FE307099DAF00FC9.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 213.109.65.245 213.109.76.240 1.1.1.1
TCP: Interfaces\{5D7914C2-EC12-4EAB-BD95-804A3021A435} : DhcpNameServer = 213.109.65.245 213.109.76.240 1.1.1.1
Notify: USB3Nw32 - USB3Nw32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-8 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-8 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-8 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-8 66616]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-30 136176]
S2 NecUsb;USB Service;c:\windows\system32\svchost.exe -k NecUsbSevice [2002-9-3 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-30 136176]
S3 IIUSBISP;USB Mass Storage for USB ISP;c:\windows\system32\drivers\iiusbisp.sys --> c:\windows\system32\drivers\iiusbisp.sys [?]
.
=============== Created Last 30 ================
.
2012-01-17 11:17:00 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-01-17 11:16:34 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-01-17 11:16:16 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-01-17 11:15:35 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-17 11:14:52 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-01-17 11:14:15 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-01-17 11:14:10 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-01-17 11:13:09 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
2012-01-16 18:20:04 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-01-16 18:20:03 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-16 18:20:03 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-16 17:58:42 -------- d-----w- c:\program files\MSXML 6.0
2012-01-16 17:56:58 208896 -c----w- c:\windows\system32\dllcache\unregmp2.exe
2012-01-16 17:40:27 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-01-16 17:39:46 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-01-16 17:39:22 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-01-16 17:39:20 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-01-16 17:39:06 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-01-16 17:36:57 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2012-01-16 17:36:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-01-16 17:32:33 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-01-16 17:09:15 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-01-16 17:09:14 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2012-01-16 17:09:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-01-16 17:09:14 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-01-16 17:09:14 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2012-01-16 17:09:13 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2012-01-16 17:09:13 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2012-01-16 17:09:11 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-01-16 16:57:07 -------- d-----w- c:\windows\system32\wbem\repository.003\FS
2012-01-16 16:57:07 -------- d-----w- c:\windows\system32\wbem\Repository.003
2012-01-16 16:56:57 63488 ------w- c:\program files\internet explorer\mui\041e\browselc.dll
2012-01-16 16:56:57 56832 ------w- c:\program files\internet explorer\mui\041e\mshtmler.dll
2012-01-16 16:56:57 549376 ------w- c:\program files\internet explorer\mui\041e\shdoclc.dll
2012-01-16 16:56:57 48128 ------w- c:\program files\internet explorer\mui\041e\inetres.dll
2012-01-16 16:56:57 2479616 ------w- c:\program files\internet explorer\mui\041e\msoeres.dll
2012-01-16 16:56:56 249856 ------w- c:\program files\internet explorer\mui\041e\wab32res.dll
2012-01-16 16:56:56 249856 ------w- c:\program files\common files\system\mui\041e\wab32res.dll
2012-01-16 16:56:54 380416 ------w- c:\windows\system32\irprops.cpl
2012-01-16 16:56:53 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-01-16 16:54:56 19528 ----a-w- c:\windows\005586_.tmp
2012-01-16 00:14:38 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-16 00:14:38 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-15 20:55:24 -------- d-----w- c:\windows\system32\wbem\repository.002\FS
2012-01-15 20:55:24 -------- d-----w- c:\windows\system32\wbem\Repository.002
2012-01-15 20:51:50 19569 ----a-w- c:\windows\006443_.tmp
2012-01-15 01:43:34 -------- d-----w- c:\windows\system32\wbem\repository.001\FS
2012-01-15 01:43:34 -------- d-----w- c:\windows\system32\wbem\Repository.001
2012-01-15 01:40:28 19569 ----a-w- c:\windows\003286_.tmp
2012-01-15 00:43:46 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2012-01-15 00:41:29 45568 ----a-w- c:\windows\system32\safrslv.dll
2012-01-15 00:40:30 68608 ----a-w- c:\windows\system32\access.cpl
2012-01-15 00:39:26 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2012-01-15 00:25:30 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2012-01-15 00:22:56 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2012-01-15 00:22:53 206976 ----a-w- c:\windows\system32\drivers\dot4.sys
2012-01-15 00:22:44 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-01-15 00:22:33 753664 ----a-w- c:\windows\system32\nwiz.exe
2012-01-15 00:22:33 73728 ----a-w- c:\windows\system32\nvtuicpl.cpl
2012-01-15 00:22:33 450560 ----a-w- c:\windows\system32\nvshell.dll
2012-01-15 00:22:33 397312 ----a-w- c:\windows\system32\nvappbar.exe
2012-01-15 00:22:33 1175552 ----a-w- c:\windows\system32\nview.dll
2012-01-15 00:22:33 1007616 ----a-w- c:\windows\system32\nviewimg.dll
2012-01-15 00:20:35 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2012-01-15 00:19:48 741376 ----a-w- c:\program files\common files\microsoft shared\speech\sapi.dll
2012-01-15 00:19:43 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-01-15 00:19:43 13312 ----a-w- c:\windows\system32\irclass.dll
2012-01-15 00:19:43 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2012-01-15 00:19:42 74752 ----a-w- c:\windows\system32\storprop.dll
2012-01-15 00:19:42 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-01-15 00:19:42 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-01-15 00:19:42 146432 ----a-w- c:\windows\system\winspool.drv
2012-01-15 00:19:31 13608 ----a-r- c:\windows\SET132.tmp
2012-01-15 00:19:29 1086182 ----a-r- c:\windows\SET123.tmp
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-18 20:33:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 19:29:02 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ------w- c:\windows\system32\QuickTime.qts
2011-06-29 21:53:21 158067944 ----a-w- c:\program files\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
2011-05-22 21:05:08 4738172 ----a-w- c:\program files\XnView-win.exe
2011-02-28 21:15:17 38808920 ----a-w- c:\program files\FileFormatConverters.exe
2010-02-25 22:46:30 5030616 ----a-w- c:\program files\Paint.NET.3.5.4.Install.exe
2009-08-24 18:25:03 282308 ----a-w- c:\program files\DATA RETRIEVAL.exe
.
============= FINISH: 15:11:37.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 PM

Posted 24 January 2012 - 01:45 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 GoofyGus

GoofyGus
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 25 January 2012 - 02:20 PM

Hi Gringo-
I followed your instructions and ran Combo Fix. The log is posted below. I tried to open eBay.com in both IE and Chrome but both still display the "Cannot Display Webpage" error.

Thanks,
Bill

ComboFix 12-01-23.02 - Bill 01/25/2012 12:53:04.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2165 [GMT -6:00]
Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\config.dat
c:\documents and settings\Bill\Recent\Thumbs.db
c:\documents and settings\Bill\WINDOWS
c:\windows\$NtUninstallKB4757$
c:\windows\$NtUninstallKB4757$\1822454153
c:\windows\$NtUninstallKB4757$\901916503\@
c:\windows\$NtUninstallKB4757$\901916503\bckfg.tmp
c:\windows\$NtUninstallKB4757$\901916503\cfg.ini
c:\windows\$NtUninstallKB4757$\901916503\Desktop.ini
c:\windows\$NtUninstallKB4757$\901916503\keywords
c:\windows\$NtUninstallKB4757$\901916503\kwrd.dll
c:\windows\$NtUninstallKB4757$\901916503\L\veaaomos
c:\windows\$NtUninstallKB4757$\901916503\lsflt7.ver
c:\windows\$NtUninstallKB4757$\901916503\U\00000001.@
c:\windows\$NtUninstallKB4757$\901916503\U\00000002.@
c:\windows\$NtUninstallKB4757$\901916503\U\00000004.@
c:\windows\$NtUninstallKB4757$\901916503\U\80000000.@
c:\windows\$NtUninstallKB4757$\901916503\U\80000004.@
c:\windows\$NtUninstallKB4757$\901916503\U\80000032.@
c:\windows\help\wmplayer.bak
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\ctfmon(3).exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-16 18:20 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-16 18:20 . 2011-11-04 19:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-16 17:58 . 2012-01-16 17:58 -------- d-----w- c:\program files\MSXML 6.0
2012-01-16 17:56 . 2008-04-14 10:41 81920 ------w- c:\windows\system32\ieencode.dll
2012-01-16 17:56 . 2006-12-29 06:31 19569 ----a-w- c:\windows\005757_.tmp
2012-01-16 17:56 . 2008-04-14 00:13 299520 -c----w- c:\windows\system32\dllcache\drmclien.dll
2012-01-16 17:56 . 2008-04-14 00:12 695808 -c----w- c:\windows\system32\dllcache\drmv2clt.dll
2012-01-16 17:56 . 2008-04-14 00:11 87040 -c----w- c:\windows\system32\dllcache\drmstor.dll
2012-01-16 17:56 . 2008-04-14 00:11 498742 -c----w- c:\windows\system32\dllcache\dxmasf.dll
2012-01-16 17:56 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-01-16 17:56 . 2008-04-14 00:11 286720 -c----w- c:\windows\system32\dllcache\blackbox.dll
2012-01-16 17:56 . 2008-04-13 17:23 8192 -c----w- c:\windows\system32\dllcache\asferror.dll
2012-01-16 17:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-01-16 17:41 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-01-16 17:41 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-01-16 17:41 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-01-16 17:39 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-01-16 17:09 . 2011-11-04 19:20 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-01-16 17:09 . 2010-04-16 13:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2012-01-16 17:09 . 2009-03-08 10:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2012-01-16 17:09 . 2009-03-08 10:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2012-01-16 17:09 . 2009-02-07 03:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2012-01-16 17:09 . 2011-11-04 19:20 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-01-16 16:56 . 2008-04-13 17:03 63488 ------w- c:\program files\Internet Explorer\MUI\041e\browselc.dll
2012-01-16 16:56 . 2008-04-13 17:03 549376 ------w- c:\program files\Internet Explorer\MUI\041e\shdoclc.dll
2012-01-16 16:56 . 2008-04-13 16:26 56832 ------w- c:\program files\Internet Explorer\MUI\041e\mshtmler.dll
2012-01-16 16:56 . 2008-04-13 16:23 2479616 ------w- c:\program files\Internet Explorer\MUI\041e\msoeres.dll
2012-01-16 16:56 . 2008-04-13 16:22 48128 ------w- c:\program files\Internet Explorer\MUI\041e\inetres.dll
2012-01-16 16:56 . 2008-04-13 16:21 249856 ------w- c:\program files\Internet Explorer\MUI\041e\wab32res.dll
2012-01-16 16:56 . 2008-04-13 16:21 249856 ------w- c:\program files\Common Files\System\mui\041e\wab32res.dll
2012-01-16 16:56 . 2008-04-14 11:42 380416 ------w- c:\windows\system32\irprops.cpl
2012-01-16 16:56 . 2009-08-07 01:24 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-01-16 16:54 . 2004-07-17 17:40 19528 ----a-w- c:\windows\005586_.tmp
2012-01-16 00:14 . 2012-01-16 17:01 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-15 20:51 . 2006-12-29 06:31 19569 ----a-w- c:\windows\006443_.tmp
2012-01-15 01:40 . 2006-12-29 06:31 19569 ----a-w- c:\windows\003286_.tmp
2012-01-15 00:43 . 2002-09-03 13:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2012-01-15 00:41 . 2008-04-14 00:12 45568 ----a-w- c:\windows\system32\safrslv.dll
2012-01-15 00:40 . 2008-04-14 00:12 68608 ----a-w- c:\windows\system32\access.cpl
2012-01-15 00:39 . 2008-04-14 06:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2012-01-15 00:25 . 2008-04-14 06:15 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2012-01-15 00:22 . 2008-04-14 06:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2012-01-15 00:22 . 2008-04-14 06:09 206976 ----a-w- c:\windows\system32\drivers\dot4.sys
2012-01-15 00:22 . 2008-04-14 06:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-01-15 00:22 . 2003-11-17 15:33 753664 ----a-w- c:\windows\system32\nwiz.exe
2012-01-15 00:22 . 2003-11-17 15:33 73728 ----a-w- c:\windows\system32\nvtuicpl.cpl
2012-01-15 00:22 . 2003-11-17 15:33 450560 ----a-w- c:\windows\system32\nvshell.dll
2012-01-15 00:22 . 2003-11-17 15:33 397312 ----a-w- c:\windows\system32\nvappbar.exe
2012-01-15 00:22 . 2003-11-17 15:33 1175552 ----a-w- c:\windows\system32\nview.dll
2012-01-15 00:22 . 2003-11-17 15:33 1007616 ----a-w- c:\windows\system32\nviewimg.dll
2012-01-15 00:20 . 2008-04-14 11:43 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2012-01-15 00:19 . 2008-04-14 00:12 741376 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapi.dll
2012-01-15 00:19 . 2008-04-13 18:54 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2012-01-15 00:19 . 2002-09-03 13:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-01-15 00:19 . 2002-09-03 13:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-01-15 00:19 . 2008-04-14 11:42 74752 ----a-w- c:\windows\system32\storprop.dll
2012-01-15 00:19 . 2008-04-14 00:12 146432 ----a-w- c:\windows\system\winspool.drv
2012-01-15 00:19 . 2002-09-03 13:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-01-15 00:19 . 2002-09-03 13:00 13608 ----a-r- c:\windows\SET132.tmp
2012-01-15 00:19 . 2002-09-03 13:00 1086182 ----a-r- c:\windows\SET123.tmp
2012-01-09 21:34 . 2012-01-09 21:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2011-04-21 18:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2002-09-03 13:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2002-09-03 13:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2002-09-03 13:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2002-09-03 13:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2002-09-03 13:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2002-09-03 13:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-07-08 03:49 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2003-05-30 14:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2003-05-30 14:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2002-09-03 13:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2002-09-03 13:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-06-29 21:53 . 2011-06-29 21:53 158067944 ----a-w- c:\program files\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
2011-05-22 21:05 . 2011-05-22 21:05 4738172 ----a-w- c:\program files\XnView-win.exe
2011-02-28 21:15 . 2011-02-28 21:15 38808920 ----a-w- c:\program files\FileFormatConverters.exe
2010-02-25 22:46 . 2010-04-20 21:51 5030616 ----a-w- c:\program files\Paint.NET.3.5.4.Install.exe
2009-08-24 18:25 . 2009-08-24 18:25 282308 ----a-w- c:\program files\DATA RETRIEVAL.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-17 3022848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2003-06-20 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2003-06-20 49152]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\Bill\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HPAiODevice(hp psc 700 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [2002-4-30 487484]
HPAiODevice(hp psc 700 series) - 2.lnk - c:\program files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [2002-4-30 487484]
IM-me.lnk - c:\windows\Installer\{92F7A7A1-9576-4CD2-8D11-13CDDD5B9491}\_D449D0FE307099DAF00FC9.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/8/2009 12:20 PM 136360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2010 10:56 AM 136176]
S2 NecUsb;USB Service;c:\windows\System32\svchost.exe -k NecUsbSevice [9/3/2002 7:00 AM 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2010 10:56 AM 136176]
S3 IIUSBISP;USB Mass Storage for USB ISP;c:\windows\system32\Drivers\iiusbisp.sys --> c:\windows\system32\Drivers\iiusbisp.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsbSevice REG_MULTI_SZ NecUsb
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-30 16:56]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-30 16:56]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-706699826-1801674531-1004Core.job
- c:\documents and settings\Bill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-16 20:02]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-706699826-1801674531-1004UA.job
- c:\documents and settings\Bill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-16 20:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.2dorks.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 213.109.65.245 213.109.76.240 1.1.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-NWEReboot - (no file)
HKLM-Run-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Notify-USB3Nw32 - USB3Nw32.dll
SafeBoot-27684547.sys
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-25 13:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\System32\locator.exe
c:\windows\system32\CTHELPER.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\hpoipm07.exe
c:\program files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
c:\program files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
.
**************************************************************************
.
Completion time: 2012-01-25 13:14:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-25 19:14
.
Pre-Run: 88,381,661,184 bytes free
Post-Run: 89,354,969,088 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - AC4A1AEBB00A93F7B6DBB5BB7E0D6BD1

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 PM

Posted 25 January 2012 - 04:42 PM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 GoofyGus

GoofyGus
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 25 January 2012 - 06:00 PM

Hi Gringo-
I ran the FSS, but after I did, I was unable to get back on this thread at BleepingComputer. I'm currently at my neighbors house using a Mac. (perhaps BleepingComputer was down momentarily) Anyway, here's the log:


Farbar Service Scanner Version: 18-01-2012 01
Ran by Bill (administrator) on 25-01-2012 at 16:25:52
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(9) PSched(7) Tcpip(4) Tcpip6(8)
0x09000000050000000100000002000000030000000400000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

Edited by GoofyGus, 25 January 2012 - 06:04 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 PM

Posted 25 January 2012 - 06:53 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 GoofyGus

GoofyGus
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 25 January 2012 - 07:22 PM

Okay...here's the report from TDSS:

18:23:13.0875 3076 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
18:23:14.0140 3076 ============================================================
18:23:14.0140 3076 Current date / time: 2012/01/25 18:23:14.0140
18:23:14.0140 3076 SystemInfo:
18:23:14.0140 3076
18:23:14.0140 3076 OS Version: 5.1.2600 ServicePack: 3.0
18:23:14.0140 3076 Product type: Workstation
18:23:14.0140 3076 ComputerName: HOMEOFFI-R55AQ3
18:23:14.0140 3076 UserName: Bill
18:23:14.0140 3076 Windows directory: C:\WINDOWS
18:23:14.0140 3076 System windows directory: C:\WINDOWS
18:23:14.0140 3076 Processor architecture: Intel x86
18:23:14.0140 3076 Number of processors: 2
18:23:14.0140 3076 Page size: 0x1000
18:23:14.0140 3076 Boot type: Normal boot
18:23:14.0140 3076 ============================================================
18:23:15.0484 3076 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:23:15.0625 3076 Initialize success
18:23:17.0812 2580 ============================================================
18:23:17.0812 2580 Scan started
18:23:17.0812 2580 Mode: Manual;
18:23:17.0812 2580 ============================================================
18:23:18.0406 2580 Abiosdsk - ok
18:23:18.0453 2580 abp480n5 - ok
18:23:18.0484 2580 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:23:18.0500 2580 ACPI - ok
18:23:18.0546 2580 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:23:18.0546 2580 ACPIEC - ok
18:23:18.0578 2580 adpu160m - ok
18:23:18.0609 2580 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:23:18.0625 2580 aec - ok
18:23:18.0656 2580 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:23:18.0656 2580 AFD - ok
18:23:18.0687 2580 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:23:18.0687 2580 agp440 - ok
18:23:18.0703 2580 Aha154x - ok
18:23:18.0718 2580 aic78u2 - ok
18:23:18.0734 2580 aic78xx - ok
18:23:18.0750 2580 AliIde - ok
18:23:18.0765 2580 amsint - ok
18:23:18.0796 2580 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:23:18.0812 2580 Arp1394 - ok
18:23:18.0828 2580 asc - ok
18:23:18.0843 2580 asc3350p - ok
18:23:18.0859 2580 asc3550 - ok
18:23:18.0906 2580 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:23:18.0906 2580 AsyncMac - ok
18:23:18.0921 2580 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:23:18.0921 2580 atapi - ok
18:23:18.0937 2580 Atdisk - ok
18:23:18.0968 2580 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:23:18.0984 2580 Atmarpc - ok
18:23:19.0015 2580 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:23:19.0015 2580 audstub - ok
18:23:19.0078 2580 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:23:19.0093 2580 avgio - ok
18:23:19.0109 2580 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:23:19.0109 2580 avgntflt - ok
18:23:19.0156 2580 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:23:19.0156 2580 avipbb - ok
18:23:19.0187 2580 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:23:19.0187 2580 Beep - ok
18:23:19.0203 2580 catchme - ok
18:23:19.0234 2580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:23:19.0250 2580 cbidf2k - ok
18:23:19.0250 2580 cd20xrnt - ok
18:23:19.0281 2580 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:23:19.0281 2580 Cdaudio - ok
18:23:19.0312 2580 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:23:19.0312 2580 Cdfs - ok
18:23:19.0343 2580 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:23:19.0343 2580 Cdrom - ok
18:23:19.0359 2580 Changer - ok
18:23:19.0390 2580 CmdIde - ok
18:23:19.0406 2580 Cpqarray - ok
18:23:19.0468 2580 ctac32k (a5e67327b49e1f4341d470d8bbcbc401) C:\WINDOWS\system32\drivers\ctac32k.sys
18:23:19.0500 2580 ctac32k - ok
18:23:19.0531 2580 ctaud2k (f71702257ff8c8793f7922c589c81a8c) C:\WINDOWS\system32\drivers\ctaud2k.sys
18:23:19.0546 2580 ctaud2k - ok
18:23:19.0593 2580 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
18:23:19.0656 2580 ctdvda2k - ok
18:23:19.0687 2580 ctprxy2k (c7fc5d87b06207a5d34697b627826618) C:\WINDOWS\system32\drivers\ctprxy2k.sys
18:23:19.0687 2580 ctprxy2k - ok
18:23:19.0718 2580 ctsfm2k (2c0af71cf0e1224a2dfc2b67e63b02b1) C:\WINDOWS\system32\drivers\ctsfm2k.sys
18:23:19.0718 2580 ctsfm2k - ok
18:23:19.0734 2580 dac2w2k - ok
18:23:19.0750 2580 dac960nt - ok
18:23:19.0781 2580 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:23:19.0796 2580 Disk - ok
18:23:19.0843 2580 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:23:19.0906 2580 dmboot - ok
18:23:19.0921 2580 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:23:19.0937 2580 dmio - ok
18:23:19.0984 2580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:23:20.0015 2580 dmload - ok
18:23:20.0171 2580 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:23:20.0187 2580 DMusic - ok
18:23:20.0265 2580 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
18:23:20.0281 2580 dot4 - ok
18:23:20.0328 2580 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
18:23:20.0328 2580 Dot4Print - ok
18:23:20.0375 2580 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
18:23:20.0375 2580 Dot4Scan - ok
18:23:20.0406 2580 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
18:23:20.0421 2580 dot4usb - ok
18:23:20.0421 2580 dpti2o - ok
18:23:20.0468 2580 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:23:20.0468 2580 drmkaud - ok
18:23:20.0515 2580 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:23:20.0515 2580 E100B - ok
18:23:20.0562 2580 emupia (091d37e0f5193f708c9006b1f2e23ee4) C:\WINDOWS\system32\drivers\emupia2k.sys
18:23:20.0562 2580 emupia - ok
18:23:20.0609 2580 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:23:20.0609 2580 Fastfat - ok
18:23:20.0656 2580 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:23:20.0656 2580 Fdc - ok
18:23:20.0671 2580 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:23:20.0687 2580 Fips - ok
18:23:20.0687 2580 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:23:20.0703 2580 Flpydisk - ok
18:23:20.0750 2580 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:23:20.0750 2580 FltMgr - ok
18:23:20.0765 2580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:23:20.0765 2580 Fs_Rec - ok
18:23:20.0781 2580 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:23:20.0781 2580 Ftdisk - ok
18:23:20.0828 2580 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:23:20.0828 2580 GEARAspiWDM - ok
18:23:20.0859 2580 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:23:20.0859 2580 Gpc - ok
18:23:20.0921 2580 ha10kx2k (1ad88bcf3d043baa58c15eb262625f9b) C:\WINDOWS\system32\drivers\ha10kx2k.sys
18:23:20.0953 2580 ha10kx2k - ok
18:23:21.0000 2580 hap16v2k (8ff42f63c722a1dd4c91ff6a497fd6b2) C:\WINDOWS\system32\drivers\hap16v2k.sys
18:23:21.0015 2580 hap16v2k - ok
18:23:21.0062 2580 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:23:21.0078 2580 hidusb - ok
18:23:21.0093 2580 hpn - ok
18:23:21.0125 2580 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:23:21.0140 2580 HTTP - ok
18:23:21.0156 2580 i2omgmt - ok
18:23:21.0171 2580 i2omp - ok
18:23:21.0203 2580 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:23:21.0218 2580 i8042prt - ok
18:23:21.0234 2580 IIUSBISP - ok
18:23:21.0250 2580 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:23:21.0250 2580 Imapi - ok
18:23:21.0281 2580 ini910u - ok
18:23:21.0343 2580 IntelC51 (dd476200776d9bd8b693ad733d33cdfd) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
18:23:21.0359 2580 IntelC51 - ok
18:23:21.0390 2580 IntelC52 (633ce6c73add83b2cbd3d121978d74c4) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
18:23:21.0406 2580 IntelC52 - ok
18:23:21.0406 2580 IntelC53 (ddc319760dfc9f898682599f4ae025ea) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
18:23:21.0421 2580 IntelC53 - ok
18:23:21.0437 2580 IntelIde - ok
18:23:21.0468 2580 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:23:21.0484 2580 intelppm - ok
18:23:21.0500 2580 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:23:21.0500 2580 ip6fw - ok
18:23:21.0546 2580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:23:21.0546 2580 IpFilterDriver - ok
18:23:21.0593 2580 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:23:21.0593 2580 IpInIp - ok
18:23:21.0656 2580 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:23:21.0656 2580 IpNat - ok
18:23:21.0687 2580 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:23:21.0687 2580 IPSec - ok
18:23:21.0718 2580 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:23:21.0734 2580 IRENUM - ok
18:23:21.0750 2580 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:23:21.0750 2580 isapnp - ok
18:23:21.0781 2580 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:23:21.0781 2580 Kbdclass - ok
18:23:21.0796 2580 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:23:21.0796 2580 kbdhid - ok
18:23:21.0828 2580 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:23:21.0843 2580 kmixer - ok
18:23:21.0875 2580 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:23:21.0890 2580 KSecDD - ok
18:23:21.0906 2580 lbrtfdc - ok
18:23:21.0937 2580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:23:21.0953 2580 mnmdd - ok
18:23:21.0984 2580 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:23:21.0984 2580 Modem - ok
18:23:22.0000 2580 mohfilt (b23378126af4e02dc691e9f5880f2acd) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
18:23:22.0000 2580 mohfilt - ok
18:23:22.0015 2580 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:23:22.0015 2580 Mouclass - ok
18:23:22.0046 2580 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:23:22.0046 2580 mouhid - ok
18:23:22.0062 2580 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:23:22.0062 2580 MountMgr - ok
18:23:22.0078 2580 mraid35x - ok
18:23:22.0109 2580 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:23:22.0109 2580 MRxDAV - ok
18:23:22.0140 2580 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:23:22.0140 2580 MRxSmb - ok
18:23:22.0171 2580 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:23:22.0171 2580 Msfs - ok
18:23:22.0203 2580 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:23:22.0203 2580 MSKSSRV - ok
18:23:22.0218 2580 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:23:22.0234 2580 MSPCLOCK - ok
18:23:22.0250 2580 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:23:22.0250 2580 MSPQM - ok
18:23:22.0296 2580 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:23:22.0296 2580 mssmbios - ok
18:23:22.0312 2580 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:23:22.0328 2580 Mup - ok
18:23:22.0343 2580 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:23:22.0343 2580 NDIS - ok
18:23:22.0375 2580 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:23:22.0375 2580 NdisTapi - ok
18:23:22.0390 2580 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:23:22.0390 2580 Ndisuio - ok
18:23:22.0406 2580 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:23:22.0421 2580 NdisWan - ok
18:23:22.0437 2580 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:23:22.0453 2580 NDProxy - ok
18:23:22.0468 2580 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:23:22.0468 2580 NetBIOS - ok
18:23:22.0484 2580 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:23:22.0500 2580 NetBT - ok
18:23:22.0546 2580 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:23:22.0546 2580 NIC1394 - ok
18:23:22.0578 2580 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:23:22.0578 2580 Npfs - ok
18:23:22.0609 2580 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:23:22.0609 2580 Ntfs - ok
18:23:22.0671 2580 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
18:23:22.0671 2580 NuidFltr - ok
18:23:22.0703 2580 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:23:22.0703 2580 Null - ok
18:23:22.0812 2580 nv (981666c0fbd10816db943cbceac82ab3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:23:22.0843 2580 nv - ok
18:23:22.0890 2580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:23:22.0890 2580 NwlnkFlt - ok
18:23:22.0906 2580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:23:22.0921 2580 NwlnkFwd - ok
18:23:22.0953 2580 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:23:22.0953 2580 ohci1394 - ok
18:23:23.0000 2580 ossrv (04fd6d19435b7b192a29428a2f60ac31) C:\WINDOWS\system32\drivers\ctoss2k.sys
18:23:23.0015 2580 ossrv - ok
18:23:23.0031 2580 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:23:23.0046 2580 Parport - ok
18:23:23.0062 2580 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:23:23.0062 2580 PartMgr - ok
18:23:23.0109 2580 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:23:23.0109 2580 ParVdm - ok
18:23:23.0125 2580 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:23:23.0125 2580 PCI - ok
18:23:23.0140 2580 PCIDump - ok
18:23:23.0171 2580 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:23:23.0171 2580 PCIIde - ok
18:23:23.0203 2580 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:23:23.0218 2580 Pcmcia - ok
18:23:23.0218 2580 PDCOMP - ok
18:23:23.0234 2580 PDFRAME - ok
18:23:23.0250 2580 PDRELI - ok
18:23:23.0265 2580 PDRFRAME - ok
18:23:23.0281 2580 perc2 - ok
18:23:23.0296 2580 perc2hib - ok
18:23:23.0343 2580 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:23:23.0359 2580 PptpMiniport - ok
18:23:23.0375 2580 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:23:23.0375 2580 Processor - ok
18:23:23.0390 2580 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:23:23.0406 2580 PSched - ok
18:23:23.0437 2580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:23:23.0437 2580 Ptilink - ok
18:23:23.0453 2580 ql1080 - ok
18:23:23.0468 2580 Ql10wnt - ok
18:23:23.0484 2580 ql12160 - ok
18:23:23.0500 2580 ql1240 - ok
18:23:23.0515 2580 ql1280 - ok
18:23:23.0531 2580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:23:23.0531 2580 RasAcd - ok
18:23:23.0578 2580 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:23:23.0578 2580 Rasl2tp - ok
18:23:23.0609 2580 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:23:23.0625 2580 RasPppoe - ok
18:23:23.0625 2580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:23:23.0640 2580 Raspti - ok
18:23:23.0656 2580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:23:23.0656 2580 Rdbss - ok
18:23:23.0671 2580 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:23:23.0671 2580 RDPCDD - ok
18:23:23.0718 2580 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:23:23.0734 2580 RDPWD - ok
18:23:23.0765 2580 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:23:23.0765 2580 redbook - ok
18:23:23.0796 2580 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
18:23:23.0796 2580 sbp2port - ok
18:23:23.0843 2580 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:23:23.0843 2580 Secdrv - ok
18:23:23.0875 2580 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:23:23.0875 2580 serenum - ok
18:23:23.0906 2580 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:23:23.0906 2580 Serial - ok
18:23:23.0937 2580 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:23:23.0937 2580 Sfloppy - ok
18:23:23.0953 2580 Simbad - ok
18:23:23.0968 2580 Sparrow - ok
18:23:24.0000 2580 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:23:24.0015 2580 splitter - ok
18:23:24.0031 2580 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:23:24.0031 2580 sr - ok
18:23:24.0062 2580 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:23:24.0078 2580 Srv - ok
18:23:24.0140 2580 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:23:24.0156 2580 ssmdrv - ok
18:23:24.0234 2580 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:23:24.0234 2580 StillCam - ok
18:23:24.0265 2580 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:23:24.0265 2580 swenum - ok
18:23:24.0296 2580 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:23:24.0296 2580 swmidi - ok
18:23:24.0312 2580 symc810 - ok
18:23:24.0328 2580 symc8xx - ok
18:23:24.0343 2580 sym_hi - ok
18:23:24.0359 2580 sym_u3 - ok
18:23:24.0390 2580 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:23:24.0390 2580 sysaudio - ok
18:23:24.0437 2580 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:23:24.0437 2580 Tcpip - ok
18:23:24.0453 2580 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
18:23:24.0468 2580 Tcpip6 - ok
18:23:24.0484 2580 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:23:24.0500 2580 TDPIPE - ok
18:23:24.0515 2580 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:23:24.0531 2580 TDTCP - ok
18:23:24.0546 2580 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:23:24.0562 2580 TermDD - ok
18:23:24.0578 2580 TosIde - ok
18:23:24.0609 2580 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
18:23:24.0625 2580 tunmp - ok
18:23:24.0640 2580 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:23:24.0640 2580 Udfs - ok
18:23:24.0656 2580 ultra - ok
18:23:24.0703 2580 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:23:24.0718 2580 Update - ok
18:23:24.0750 2580 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:23:24.0750 2580 USBAAPL - ok
18:23:24.0796 2580 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:23:24.0812 2580 usbaudio - ok
18:23:24.0828 2580 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:23:24.0828 2580 usbccgp - ok
18:23:24.0843 2580 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:23:24.0859 2580 usbehci - ok
18:23:24.0875 2580 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:23:24.0890 2580 usbhub - ok
18:23:24.0921 2580 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:23:24.0921 2580 usbscan - ok
18:23:24.0953 2580 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:23:24.0953 2580 usbstor - ok
18:23:25.0000 2580 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:23:25.0000 2580 usbuhci - ok
18:23:25.0046 2580 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:23:25.0046 2580 VgaSave - ok
18:23:25.0078 2580 ViaIde - ok
18:23:25.0109 2580 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:23:25.0109 2580 VolSnap - ok
18:23:25.0140 2580 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:23:25.0140 2580 Wanarp - ok
18:23:25.0203 2580 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:23:25.0218 2580 Wdf01000 - ok
18:23:25.0234 2580 WDICA - ok
18:23:25.0281 2580 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:23:25.0281 2580 wdmaud - ok
18:23:25.0359 2580 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:23:25.0359 2580 WS2IFSL - ok
18:23:25.0406 2580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:23:25.0546 2580 \Device\Harddisk0\DR0 - ok
18:23:25.0546 2580 Boot (0x1200) (4175cbcaa9b8829f435c8fd2794f713f) \Device\Harddisk0\DR0\Partition0
18:23:25.0562 2580 \Device\Harddisk0\DR0\Partition0 - ok
18:23:25.0578 2580 Boot (0x1200) (f89d7315f166586f05cba1471b3e2b57) \Device\Harddisk0\DR0\Partition1
18:23:25.0578 2580 \Device\Harddisk0\DR0\Partition1 - ok
18:23:25.0578 2580 ============================================================
18:23:25.0578 2580 Scan finished
18:23:25.0578 2580 ============================================================
18:23:25.0593 1156 Detected object count: 0
18:23:25.0593 1156 Actual detected object count: 0
18:23:34.0812 1944 ============================================================
18:23:34.0812 1944 Scan started
18:23:34.0812 1944 Mode: Manual;
18:23:34.0812 1944 ============================================================
18:23:35.0062 1944 Abiosdsk - ok
18:23:35.0078 1944 abp480n5 - ok
18:23:35.0125 1944 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:23:35.0125 1944 ACPI - ok
18:23:35.0156 1944 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:23:35.0171 1944 ACPIEC - ok
18:23:35.0171 1944 adpu160m - ok
18:23:35.0218 1944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:23:35.0218 1944 aec - ok
18:23:35.0265 1944 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:23:35.0265 1944 AFD - ok
18:23:35.0296 1944 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:23:35.0296 1944 agp440 - ok
18:23:35.0296 1944 Aha154x - ok
18:23:35.0312 1944 aic78u2 - ok
18:23:35.0328 1944 aic78xx - ok
18:23:35.0359 1944 AliIde - ok
18:23:35.0375 1944 amsint - ok
18:23:35.0390 1944 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:23:35.0406 1944 Arp1394 - ok
18:23:35.0406 1944 asc - ok
18:23:35.0421 1944 asc3350p - ok
18:23:35.0437 1944 asc3550 - ok
18:23:35.0468 1944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:23:35.0468 1944 AsyncMac - ok
18:23:35.0484 1944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:23:35.0484 1944 atapi - ok
18:23:35.0500 1944 Atdisk - ok
18:23:35.0531 1944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:23:35.0531 1944 Atmarpc - ok
18:23:35.0562 1944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:23:35.0562 1944 audstub - ok
18:23:35.0656 1944 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:23:35.0656 1944 avgio - ok
18:23:35.0718 1944 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:23:35.0718 1944 avgntflt - ok
18:23:35.0750 1944 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:23:35.0765 1944 avipbb - ok
18:23:35.0781 1944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:23:35.0781 1944 Beep - ok
18:23:35.0828 1944 catchme - ok
18:23:35.0859 1944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:23:35.0859 1944 cbidf2k - ok
18:23:35.0859 1944 cd20xrnt - ok
18:23:35.0890 1944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:23:35.0890 1944 Cdaudio - ok
18:23:35.0906 1944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:23:35.0906 1944 Cdfs - ok
18:23:35.0937 1944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:23:35.0937 1944 Cdrom - ok
18:23:35.0953 1944 Changer - ok
18:23:35.0984 1944 CmdIde - ok
18:23:36.0000 1944 Cpqarray - ok
18:23:36.0062 1944 ctac32k (a5e67327b49e1f4341d470d8bbcbc401) C:\WINDOWS\system32\drivers\ctac32k.sys
18:23:36.0078 1944 ctac32k - ok
18:23:36.0109 1944 ctaud2k (f71702257ff8c8793f7922c589c81a8c) C:\WINDOWS\system32\drivers\ctaud2k.sys
18:23:36.0109 1944 ctaud2k - ok
18:23:36.0140 1944 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
18:23:36.0140 1944 ctdvda2k - ok
18:23:36.0171 1944 ctprxy2k (c7fc5d87b06207a5d34697b627826618) C:\WINDOWS\system32\drivers\ctprxy2k.sys
18:23:36.0171 1944 ctprxy2k - ok
18:23:36.0187 1944 ctsfm2k (2c0af71cf0e1224a2dfc2b67e63b02b1) C:\WINDOWS\system32\drivers\ctsfm2k.sys
18:23:36.0187 1944 ctsfm2k - ok
18:23:36.0203 1944 dac2w2k - ok
18:23:36.0218 1944 dac960nt - ok
18:23:36.0265 1944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:23:36.0265 1944 Disk - ok
18:23:36.0312 1944 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:23:36.0328 1944 dmboot - ok
18:23:36.0343 1944 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:23:36.0359 1944 dmio - ok
18:23:36.0390 1944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:23:36.0390 1944 dmload - ok
18:23:36.0421 1944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:23:36.0437 1944 DMusic - ok
18:23:36.0468 1944 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
18:23:36.0468 1944 dot4 - ok
18:23:36.0500 1944 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
18:23:36.0500 1944 Dot4Print - ok
18:23:36.0546 1944 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
18:23:36.0546 1944 Dot4Scan - ok
18:23:36.0593 1944 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
18:23:36.0593 1944 dot4usb - ok
18:23:36.0609 1944 dpti2o - ok
18:23:36.0625 1944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:23:36.0625 1944 drmkaud - ok
18:23:36.0671 1944 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:23:36.0671 1944 E100B - ok
18:23:36.0718 1944 emupia (091d37e0f5193f708c9006b1f2e23ee4) C:\WINDOWS\system32\drivers\emupia2k.sys
18:23:36.0718 1944 emupia - ok
18:23:36.0765 1944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:23:36.0765 1944 Fastfat - ok
18:23:36.0796 1944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:23:36.0796 1944 Fdc - ok
18:23:36.0812 1944 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:23:36.0812 1944 Fips - ok
18:23:36.0828 1944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:23:36.0828 1944 Flpydisk - ok
18:23:36.0875 1944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:23:36.0875 1944 FltMgr - ok
18:23:36.0890 1944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:23:36.0890 1944 Fs_Rec - ok
18:23:36.0906 1944 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:23:36.0906 1944 Ftdisk - ok
18:23:36.0953 1944 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:23:36.0953 1944 GEARAspiWDM - ok
18:23:37.0000 1944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:23:37.0000 1944 Gpc - ok
18:23:37.0046 1944 ha10kx2k (1ad88bcf3d043baa58c15eb262625f9b) C:\WINDOWS\system32\drivers\ha10kx2k.sys
18:23:37.0062 1944 ha10kx2k - ok
18:23:37.0078 1944 hap16v2k (8ff42f63c722a1dd4c91ff6a497fd6b2) C:\WINDOWS\system32\drivers\hap16v2k.sys
18:23:37.0078 1944 hap16v2k - ok
18:23:37.0125 1944 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:23:37.0125 1944 hidusb - ok
18:23:37.0156 1944 hpn - ok
18:23:37.0203 1944 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:23:37.0203 1944 HTTP - ok
18:23:37.0218 1944 i2omgmt - ok
18:23:37.0234 1944 i2omp - ok
18:23:37.0250 1944 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:23:37.0250 1944 i8042prt - ok
18:23:37.0265 1944 IIUSBISP - ok
18:23:37.0281 1944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:23:37.0281 1944 Imapi - ok
18:23:37.0296 1944 ini910u - ok
18:23:37.0375 1944 IntelC51 (dd476200776d9bd8b693ad733d33cdfd) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
18:23:37.0375 1944 IntelC51 - ok
18:23:37.0421 1944 IntelC52 (633ce6c73add83b2cbd3d121978d74c4) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
18:23:37.0421 1944 IntelC52 - ok
18:23:37.0437 1944 IntelC53 (ddc319760dfc9f898682599f4ae025ea) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
18:23:37.0437 1944 IntelC53 - ok
18:23:37.0453 1944 IntelIde - ok
18:23:37.0500 1944 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:23:37.0500 1944 intelppm - ok
18:23:37.0515 1944 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:23:37.0515 1944 ip6fw - ok
18:23:37.0562 1944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:23:37.0562 1944 IpFilterDriver - ok
18:23:37.0578 1944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:23:37.0578 1944 IpInIp - ok
18:23:37.0609 1944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:23:37.0609 1944 IpNat - ok
18:23:37.0656 1944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:23:37.0656 1944 IPSec - ok
18:23:37.0687 1944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:23:37.0687 1944 IRENUM - ok
18:23:37.0718 1944 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:23:37.0718 1944 isapnp - ok
18:23:37.0750 1944 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:23:37.0750 1944 Kbdclass - ok
18:23:37.0750 1944 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:23:37.0765 1944 kbdhid - ok
18:23:37.0781 1944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:23:37.0781 1944 kmixer - ok
18:23:37.0796 1944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:23:37.0812 1944 KSecDD - ok
18:23:37.0828 1944 lbrtfdc - ok
18:23:37.0859 1944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:23:37.0875 1944 mnmdd - ok
18:23:37.0890 1944 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:23:37.0906 1944 Modem - ok
18:23:37.0921 1944 mohfilt (b23378126af4e02dc691e9f5880f2acd) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
18:23:37.0921 1944 mohfilt - ok
18:23:37.0937 1944 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:23:37.0937 1944 Mouclass - ok
18:23:37.0968 1944 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:23:37.0968 1944 mouhid - ok
18:23:38.0015 1944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:23:38.0015 1944 MountMgr - ok
18:23:38.0031 1944 mraid35x - ok
18:23:38.0062 1944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:23:38.0062 1944 MRxDAV - ok
18:23:38.0093 1944 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:23:38.0093 1944 MRxSmb - ok
18:23:38.0140 1944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:23:38.0140 1944 Msfs - ok
18:23:38.0171 1944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:23:38.0171 1944 MSKSSRV - ok
18:23:38.0218 1944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:23:38.0218 1944 MSPCLOCK - ok
18:23:38.0234 1944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:23:38.0234 1944 MSPQM - ok
18:23:38.0281 1944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:23:38.0281 1944 mssmbios - ok
18:23:38.0296 1944 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:23:38.0296 1944 Mup - ok
18:23:38.0312 1944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:23:38.0312 1944 NDIS - ok
18:23:38.0343 1944 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:23:38.0343 1944 NdisTapi - ok
18:23:38.0375 1944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:23:38.0375 1944 Ndisuio - ok
18:23:38.0390 1944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:23:38.0390 1944 NdisWan - ok
18:23:38.0421 1944 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:23:38.0421 1944 NDProxy - ok
18:23:38.0437 1944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:23:38.0437 1944 NetBIOS - ok
18:23:38.0468 1944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:23:38.0468 1944 NetBT - ok
18:23:38.0515 1944 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:23:38.0515 1944 NIC1394 - ok
18:23:38.0546 1944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:23:38.0546 1944 Npfs - ok
18:23:38.0578 1944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:23:38.0578 1944 Ntfs - ok
18:23:38.0625 1944 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
18:23:38.0625 1944 NuidFltr - ok
18:23:38.0640 1944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:23:38.0640 1944 Null - ok
18:23:38.0734 1944 nv (981666c0fbd10816db943cbceac82ab3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:23:38.0734 1944 nv - ok
18:23:38.0796 1944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:23:38.0796 1944 NwlnkFlt - ok
18:23:38.0812 1944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:23:38.0812 1944 NwlnkFwd - ok
18:23:38.0875 1944 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:23:38.0875 1944 ohci1394 - ok
18:23:38.0937 1944 ossrv (04fd6d19435b7b192a29428a2f60ac31) C:\WINDOWS\system32\drivers\ctoss2k.sys
18:23:38.0937 1944 ossrv - ok
18:23:38.0968 1944 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:23:38.0968 1944 Parport - ok
18:23:38.0984 1944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:23:38.0984 1944 PartMgr - ok
18:23:39.0031 1944 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:23:39.0031 1944 ParVdm - ok
18:23:39.0062 1944 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:23:39.0062 1944 PCI - ok
18:23:39.0078 1944 PCIDump - ok
18:23:39.0093 1944 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:23:39.0093 1944 PCIIde - ok
18:23:39.0125 1944 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:23:39.0125 1944 Pcmcia - ok
18:23:39.0140 1944 PDCOMP - ok
18:23:39.0156 1944 PDFRAME - ok
18:23:39.0171 1944 PDRELI - ok
18:23:39.0187 1944 PDRFRAME - ok
18:23:39.0203 1944 perc2 - ok
18:23:39.0218 1944 perc2hib - ok
18:23:39.0265 1944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:23:39.0265 1944 PptpMiniport - ok
18:23:39.0281 1944 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:23:39.0281 1944 Processor - ok
18:23:39.0296 1944 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:23:39.0296 1944 PSched - ok
18:23:39.0328 1944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:23:39.0328 1944 Ptilink - ok
18:23:39.0343 1944 ql1080 - ok
18:23:39.0359 1944 Ql10wnt - ok
18:23:39.0375 1944 ql12160 - ok
18:23:39.0390 1944 ql1240 - ok
18:23:39.0406 1944 ql1280 - ok
18:23:39.0421 1944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:23:39.0421 1944 RasAcd - ok
18:23:39.0453 1944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:23:39.0453 1944 Rasl2tp - ok
18:23:39.0468 1944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:23:39.0468 1944 RasPppoe - ok
18:23:39.0484 1944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:23:39.0484 1944 Raspti - ok
18:23:39.0500 1944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:23:39.0515 1944 Rdbss - ok
18:23:39.0531 1944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:23:39.0531 1944 RDPCDD - ok
18:23:39.0578 1944 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:23:39.0578 1944 RDPWD - ok
18:23:39.0609 1944 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:23:39.0609 1944 redbook - ok
18:23:39.0640 1944 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
18:23:39.0640 1944 sbp2port - ok
18:23:39.0687 1944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:23:39.0687 1944 Secdrv - ok
18:23:39.0703 1944 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:23:39.0703 1944 serenum - ok
18:23:39.0734 1944 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:23:39.0734 1944 Serial - ok
18:23:39.0765 1944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:23:39.0765 1944 Sfloppy - ok
18:23:39.0781 1944 Simbad - ok
18:23:39.0812 1944 Sparrow - ok
18:23:39.0828 1944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:23:39.0828 1944 splitter - ok
18:23:39.0843 1944 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:23:39.0843 1944 sr - ok
18:23:39.0906 1944 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:23:39.0906 1944 Srv - ok
18:23:39.0968 1944 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:23:39.0968 1944 ssmdrv - ok
18:23:40.0015 1944 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:23:40.0015 1944 StillCam - ok
18:23:40.0062 1944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:23:40.0062 1944 swenum - ok
18:23:40.0093 1944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:23:40.0093 1944 swmidi - ok
18:23:40.0125 1944 symc810 - ok
18:23:40.0140 1944 symc8xx - ok
18:23:40.0156 1944 sym_hi - ok
18:23:40.0171 1944 sym_u3 - ok
18:23:40.0187 1944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:23:40.0187 1944 sysaudio - ok
18:23:40.0218 1944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:23:40.0218 1944 Tcpip - ok
18:23:40.0234 1944 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
18:23:40.0250 1944 Tcpip6 - ok
18:23:40.0265 1944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:23:40.0265 1944 TDPIPE - ok
18:23:40.0296 1944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:23:40.0296 1944 TDTCP - ok
18:23:40.0328 1944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:23:40.0328 1944 TermDD - ok
18:23:40.0343 1944 TosIde - ok
18:23:40.0390 1944 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
18:23:40.0390 1944 tunmp - ok
18:23:40.0406 1944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:23:40.0406 1944 Udfs - ok
18:23:40.0421 1944 ultra - ok
18:23:40.0468 1944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:23:40.0468 1944 Update - ok
18:23:40.0500 1944 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:23:40.0500 1944 USBAAPL - ok
18:23:40.0531 1944 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:23:40.0546 1944 usbaudio - ok
18:23:40.0562 1944 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:23:40.0562 1944 usbccgp - ok
18:23:40.0578 1944 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:23:40.0578 1944 usbehci - ok
18:23:40.0593 1944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:23:40.0593 1944 usbhub - ok
18:23:40.0625 1944 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:23:40.0625 1944 usbscan - ok
18:23:40.0656 1944 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:23:40.0656 1944 usbstor - ok
18:23:40.0671 1944 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:23:40.0671 1944 usbuhci - ok
18:23:40.0703 1944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:23:40.0718 1944 VgaSave - ok
18:23:40.0734 1944 ViaIde - ok
18:23:40.0765 1944 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:23:40.0765 1944 VolSnap - ok
18:23:40.0796 1944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:23:40.0796 1944 Wanarp - ok
18:23:40.0859 1944 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:23:40.0859 1944 Wdf01000 - ok
18:23:40.0875 1944 WDICA - ok
18:23:40.0921 1944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:23:40.0921 1944 wdmaud - ok
18:23:41.0000 1944 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:23:41.0000 1944 WS2IFSL - ok
18:23:41.0046 1944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:23:41.0187 1944 \Device\Harddisk0\DR0 - ok
18:23:41.0187 1944 Boot (0x1200) (4175cbcaa9b8829f435c8fd2794f713f) \Device\Harddisk0\DR0\Partition0
18:23:41.0187 1944 \Device\Harddisk0\DR0\Partition0 - ok
18:23:41.0203 1944 Boot (0x1200) (f89d7315f166586f05cba1471b3e2b57) \Device\Harddisk0\DR0\Partition1
18:23:41.0203 1944 \Device\Harddisk0\DR0\Partition1 - ok
18:23:41.0203 1944 ============================================================
18:23:41.0203 1944 Scan finished
18:23:41.0203 1944 ============================================================
18:23:41.0218 2492 Detected object count: 0
18:23:41.0218 2492 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 PM

Posted 26 January 2012 - 08:10 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 GoofyGus

GoofyGus
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 26 January 2012 - 01:52 PM

Hi Gringo-

Here's the log:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-26 12:24:35
-----------------------------
12:24:35.500 OS Version: Windows 5.1.2600 Service Pack 3
12:24:35.500 Number of processors: 2 586 0x303
12:24:35.500 ComputerName: HOMEOFFI-R55AQ3 UserName: Bill
12:24:36.406 Initialize success
12:26:08.875 AVAST engine defs: 12012601
12:27:24.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
12:27:24.406 Disk 0 Vendor: WDC_WD2500JS-00NCB1 10.02E02 Size: 238475MB BusType: 3
12:27:24.421 Disk 0 MBR read successfully
12:27:24.421 Disk 0 MBR scan
12:27:24.453 Disk 0 Windows XP default MBR code
12:27:24.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131069 MB offset 63
12:27:24.468 Disk 0 Partition - 00 0F Extended LBA 107403 MB offset 268430085
12:27:24.484 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 107403 MB offset 268430148
12:27:24.484 Disk 0 scanning sectors +488392065
12:27:24.546 Disk 0 scanning C:\WINDOWS\system32\drivers
12:27:38.734 Service scanning
12:27:39.796 Modules scanning
12:27:44.078 Disk 0 trace - called modules:
12:27:44.093 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:27:44.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a62eab8]
12:27:44.093 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a6699e8]
12:27:44.093 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a636940]
12:27:45.015 AVAST engine scan C:\WINDOWS
12:28:02.875 AVAST engine scan C:\WINDOWS\system32
12:32:00.515 AVAST engine scan C:\WINDOWS\system32\drivers
12:32:22.437 AVAST engine scan C:\Documents and Settings\Bill
12:45:48.843 AVAST engine scan C:\Documents and Settings\All Users
12:52:43.640 Scan finished successfully
12:53:17.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bill\Desktop\MBR.dat"
12:53:17.187 The log file has been saved successfully to "C:\Documents and Settings\Bill\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 PM

Posted 26 January 2012 - 04:02 PM

Hello

Are you still having the same problem?


Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 PM

Posted 26 January 2012 - 04:02 PM

Hello

Are you still having the same problem?


Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 GoofyGus

GoofyGus
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 26 January 2012 - 04:32 PM

Hi Gringo-
I just ran the OTL and posted OTL.txt below. Just tried to open eBay and still got the same error message.

OTL logfile created on: 1/26/2012 3:16:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bill\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 75.97% Memory free
4.35 Gb Paging File | 3.88 Gb Available in Paging File | 89.21% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128.00 Gb Total Space | 83.02 Gb Free Space | 64.86% Space Free | Partition Type: NTFS
Drive D: | 104.89 Gb Total Space | 102.31 Gb Free Space | 97.55% Space Free | Partition Type: NTFS

Computer Name: HOMEOFFI-R55AQ3 | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bill\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\system32\hpoipm07.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll ()
MOD - C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\avutil-51.dll ()
MOD - C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\avformat-53.dll ()
MOD - C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\avcodec-53.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()


========== Win32 Services (SafeList) ==========

SRV - (NecUsb) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-73586283-706699826-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2dorks.com/
IE - HKU\S-1-5-21-73586283-706699826-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-73586283-706699826-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.2dorks.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Bill\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2011/10/27 16:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2012/01/19 13:47:07 | 000,000,000 | ---D | M]

[2009/07/07 18:58:29 | 000,000,000 | ---D | M] (Netscape 9 Migrator) -- C:\PROGRAM FILES\NETSCAPE\NAVIGATOR 9\EXTENSIONS\NETSCAPE9MIGRATOR@FLOCK.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Bill\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/01/25 13:07:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMidi] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMidi] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 2.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IM-me.lnk = File not found
O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-706699826-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73586283-706699826-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-73586283-706699826-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-73586283-706699826-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.245 213.109.76.240 1.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7914C2-EC12-4EAB-BD95-804A3021A435}: DhcpNameServer = 213.109.65.245 213.109.76.240 1.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/07 14:26:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/20 21:26:13 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/26 15:15:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe
[2012/01/26 12:24:21 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Bill\Desktop\aswMBR.exe
[2012/01/25 18:22:41 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bill\Desktop\tdsskiller.exe
[2012/01/25 12:46:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/25 12:36:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/25 12:36:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/25 12:36:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/25 12:36:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/25 12:36:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/25 12:36:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/25 12:35:05 | 004,388,468 | R--- | C] (Swearware) -- C:\Documents and Settings\Bill\Desktop\ComboFix.exe
[2012/01/22 09:52:32 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/22 09:39:52 | 000,248,480 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Bill\My Documents\uninstall_flash_player_32bit.exe
[2012/01/19 15:10:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bill\Start Menu\Programs\Administrative Tools
[2012/01/19 15:10:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Bill\Desktop\dds.scr
[2012/01/18 16:32:13 | 039,401,336 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Bill\My Documents\QuickTimeInstaller.exe
[2012/01/17 05:17:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2012/01/17 05:17:00 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/01/17 05:16:34 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/01/17 05:16:16 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/01/17 05:15:35 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/01/17 05:14:52 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/01/17 05:14:15 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/01/17 05:14:10 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/01/16 14:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Start Menu\Programs\Google Chrome
[2012/01/16 13:39:28 | 000,606,576 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Bill\My Documents\ChromeSetup.exe
[2012/01/16 13:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/16 12:20:03 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/01/16 11:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2012/01/16 11:57:02 | 001,119,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe2.dll
[2012/01/16 11:57:02 | 001,001,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmoe2.dll
[2012/01/16 11:57:02 | 000,897,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmoe.dll
[2012/01/16 11:57:02 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmstream.dll
[2012/01/16 11:57:02 | 000,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmv8ds32.ax
[2012/01/16 11:57:02 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvds32.ax
[2012/01/16 11:57:02 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2012/01/16 11:57:02 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe.dll
[2012/01/16 11:57:02 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpshell.dll
[2012/01/16 11:57:02 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpui.dll
[2012/01/16 11:57:01 | 004,874,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2012/01/16 11:57:01 | 002,940,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmploc.dll
[2012/01/16 11:57:01 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpdxm.dll
[2012/01/16 11:57:01 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpasf.dll
[2012/01/16 11:57:01 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2012/01/16 11:57:01 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2012/01/16 11:57:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcore.dll
[2012/01/16 11:57:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcd.dll
[2012/01/16 11:57:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.ocx
[2012/01/16 11:57:00 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmerror.dll
[2012/01/16 11:57:00 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidx.dll
[2012/01/16 11:56:58 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unregmp2.exe
[2012/01/16 11:56:53 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shmedia.dll
[2012/01/16 11:56:53 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2012/01/16 11:56:52 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2012/01/16 11:56:46 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2012/01/16 11:56:46 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2012/01/16 11:56:46 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2012/01/16 11:56:45 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2012/01/16 11:56:45 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2012/01/16 11:56:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscds32.ax
[2012/01/16 11:56:45 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsnsv.dll
[2012/01/16 11:56:44 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msnetobj.dll
[2012/01/16 11:56:38 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdmod.dll
[2012/01/16 11:56:38 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2012/01/16 11:56:38 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp43dmod.dll
[2012/01/16 11:56:38 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2012/01/16 11:56:38 | 000,262,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax
[2012/01/16 11:56:38 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4dmod.dll
[2012/01/16 11:56:38 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds32.ax
[2012/01/16 11:56:38 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2012/01/16 11:56:38 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2012/01/16 11:56:37 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2012/01/16 11:56:34 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2012/01/16 11:56:32 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2012/01/16 11:56:28 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmv2clt.dll
[2012/01/16 11:56:28 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmclien.dll
[2012/01/16 11:56:28 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmstor.dll
[2012/01/16 11:56:27 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2012/01/16 11:56:23 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\blackbox.dll
[2012/01/16 11:56:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asferror.dll
[2012/01/16 11:41:54 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2012/01/16 11:41:50 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/01/16 11:41:41 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2012/01/16 11:41:34 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012/01/16 11:41:34 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012/01/16 11:41:31 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2012/01/16 11:41:30 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/01/16 11:41:30 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/01/16 11:41:29 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/01/16 11:41:04 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2012/01/16 11:40:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2012/01/16 11:39:46 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2012/01/16 11:39:20 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2012/01/16 11:39:06 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2012/01/16 11:36:57 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2012/01/16 11:36:41 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2012/01/16 11:33:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2012/01/16 11:09:15 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/01/16 11:09:14 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/01/16 11:09:14 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2012/01/16 11:09:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/01/16 11:09:14 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2012/01/16 11:09:13 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2012/01/16 11:09:13 | 001,241,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2012/01/16 11:09:13 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2012/01/16 11:09:11 | 011,081,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012/01/16 10:56:54 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irprops.cpl
[2012/01/16 10:56:53 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/01/15 20:30:49 | 278,927,592 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bill\My Documents\WindowsXP-KB835935-SP2-ENU.exe
[2012/01/15 20:10:41 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bill\My Documents\IE7-WindowsXP-x86-enu.exe
[2012/01/15 20:04:14 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bill\My Documents\IE8-WindowsXP-x86-ENU.exe
[2012/01/15 18:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/01/14 19:39:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/01/14 19:25:12 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bill\My Documents\WindowsXP-KB936929-SP3-x86-ENU.exe
[2012/01/14 19:23:09 | 040,110,272 | ---- | C] (Hewlett-Packard Company ) -- C:\Documents and Settings\Bill\My Documents\a1403_05_enu_xp.exe
[2012/01/14 18:44:56 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012/01/14 18:44:56 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012/01/14 18:44:55 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012/01/14 18:44:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012/01/14 18:44:50 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2012/01/14 18:44:50 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2012/01/14 18:44:50 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2012/01/14 18:44:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2012/01/14 18:44:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2012/01/14 18:44:49 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012/01/14 18:44:49 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012/01/14 18:44:49 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012/01/14 18:44:47 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012/01/14 18:44:46 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2012/01/14 18:44:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012/01/14 18:44:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2012/01/14 18:44:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012/01/14 18:44:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012/01/14 18:44:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012/01/14 18:44:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2012/01/14 18:44:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
[2012/01/14 18:44:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012/01/14 18:44:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012/01/14 18:44:43 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012/01/14 18:44:43 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012/01/14 18:44:43 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012/01/14 18:44:43 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012/01/14 18:44:43 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012/01/14 18:44:43 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012/01/14 18:44:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012/01/14 18:44:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012/01/14 18:44:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012/01/14 18:44:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012/01/14 18:44:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012/01/14 18:44:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2012/01/14 18:44:40 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
[2012/01/14 18:44:40 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012/01/14 18:44:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012/01/14 18:44:39 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/01/14 18:44:39 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/01/14 18:44:39 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
[2012/01/14 18:44:37 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012/01/14 18:44:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012/01/14 18:44:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012/01/14 18:44:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012/01/14 18:44:34 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012/01/14 18:44:34 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2012/01/14 18:44:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2012/01/14 18:44:34 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012/01/14 18:44:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012/01/14 18:44:33 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2012/01/14 18:44:32 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2012/01/14 18:44:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2012/01/14 18:44:30 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012/01/14 18:44:28 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2012/01/14 18:44:25 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2012/01/14 18:44:24 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2012/01/14 18:44:21 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012/01/14 18:44:21 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012/01/14 18:44:19 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012/01/14 18:44:17 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2012/01/14 18:44:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2012/01/14 18:44:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2012/01/14 18:44:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2012/01/14 18:44:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2012/01/14 18:44:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2012/01/14 18:44:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2012/01/14 18:44:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2012/01/14 18:44:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2012/01/14 18:44:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2012/01/14 18:44:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2012/01/14 18:44:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2012/01/14 18:44:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2012/01/14 18:44:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2012/01/14 18:44:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2012/01/14 18:44:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2012/01/14 18:44:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2012/01/14 18:44:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2012/01/14 18:44:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2012/01/14 18:44:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2012/01/14 18:44:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2012/01/14 18:44:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2012/01/14 18:44:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2012/01/14 18:44:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2012/01/14 18:44:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2012/01/14 18:44:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2012/01/14 18:44:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2012/01/14 18:44:13 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012/01/14 18:44:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2012/01/14 18:44:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2012/01/14 18:44:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2012/01/14 18:44:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2012/01/14 18:44:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2012/01/14 18:44:10 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2012/01/14 18:44:10 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2012/01/14 18:44:09 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2012/01/14 18:44:08 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2012/01/14 18:44:07 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2012/01/14 18:44:07 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2012/01/14 18:44:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2012/01/14 18:44:00 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2012/01/14 18:43:46 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012/01/14 18:43:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2012/01/14 18:43:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2012/01/14 18:43:43 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2012/01/14 18:43:42 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2012/01/14 18:43:42 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2012/01/14 18:43:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2012/01/14 18:43:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012/01/14 18:43:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012/01/14 18:43:40 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012/01/14 18:43:40 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012/01/14 18:43:40 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012/01/14 18:43:40 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012/01/14 18:43:34 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012/01/14 18:43:32 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2012/01/14 18:43:32 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2012/01/14 18:43:32 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2012/01/14 18:43:32 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2012/01/14 18:43:31 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2012/01/14 18:43:31 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2012/01/14 18:43:30 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2012/01/14 18:43:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012/01/14 18:43:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012/01/14 18:43:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012/01/14 18:43:29 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012/01/14 18:43:28 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/01/14 18:43:28 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2012/01/14 18:43:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2012/01/14 18:43:19 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2012/01/14 18:43:19 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012/01/14 18:43:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012/01/14 18:43:14 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll
[2012/01/14 18:43:14 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll
[2012/01/14 18:41:29 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2012/01/14 18:41:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2012/01/14 18:41:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2012/01/14 18:41:29 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2012/01/14 18:41:28 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2012/01/14 18:41:27 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2012/01/14 18:41:27 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2012/01/14 18:41:27 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2012/01/14 18:41:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2012/01/14 18:41:26 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2012/01/14 18:41:26 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2012/01/14 18:41:26 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2012/01/14 18:41:25 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2012/01/14 18:41:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2012/01/14 18:41:22 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2012/01/14 18:41:19 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2012/01/14 18:41:19 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr(2)(2).dll
[2012/01/14 18:41:19 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr(3).dll
[2012/01/14 18:41:19 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc(2)(2).dll
[2012/01/14 18:41:19 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc(4).dll
[2012/01/14 18:41:19 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient(2)(2).dll
[2012/01/14 18:41:19 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient(3).dll
[2012/01/14 18:41:18 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2012/01/14 18:41:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2012/01/14 18:41:18 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2012/01/14 18:41:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2012/01/14 18:41:16 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2012/01/14 18:41:16 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2012/01/14 18:41:15 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask(2)(2).dll
[2012/01/14 18:41:15 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask(3).dll
[2012/01/14 18:41:15 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc(2)(2).dll
[2012/01/14 18:41:15 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc(4).dll
[2012/01/14 18:41:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2012/01/14 18:40:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2012/01/14 18:40:30 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2012/01/14 18:40:29 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2012/01/14 18:40:29 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2012/01/14 18:40:29 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2012/01/14 18:40:29 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci(3).dll
[2012/01/14 18:40:29 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci(2).dll
[2012/01/14 18:40:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2012/01/14 18:40:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2012/01/14 18:40:28 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2012/01/14 18:40:28 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2012/01/14 18:40:28 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2012/01/14 18:40:28 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2012/01/14 18:40:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2012/01/14 18:40:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2012/01/14 18:40:27 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2012/01/14 18:40:27 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq(2)(2).dll
[2012/01/14 18:40:27 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq(4).dll
[2012/01/14 18:40:27 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv(2)(2).dll
[2012/01/14 18:40:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv(4).dll
[2012/01/14 18:40:27 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2012/01/14 18:40:27 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2012/01/14 18:40:27 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2012/01/14 18:40:27 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2012/01/14 18:40:27 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact(2)(2).dll
[2012/01/14 18:40:27 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2012/01/14 18:40:27 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact(4).dll
[2012/01/14 18:40:27 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2012/01/14 18:40:27 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2012/01/14 18:40:25 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2012/01/14 18:40:25 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2012/01/14 18:40:25 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2012/01/14 18:40:24 | 001,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/01/14 18:40:24 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2012/01/14 18:40:24 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2012/01/14 18:40:24 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2012/01/14 18:40:24 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2012/01/14 18:40:24 | 000,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/01/14 18:40:23 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2012/01/14 18:40:23 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2012/01/14 18:40:23 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2012/01/14 18:40:23 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv(4).dll
[2012/01/14 18:40:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv(2)(2).dll
[2012/01/14 18:40:22 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut(2)(2).dll
[2012/01/14 18:40:22 | 000,582,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut(4).dll
[2012/01/14 18:40:22 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2012/01/14 18:40:22 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv(2)(2).dll
[2012/01/14 18:40:22 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv(4).dll
[2012/01/14 18:40:22 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2012/01/14 18:40:22 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2012/01/14 18:40:22 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2012/01/14 18:40:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2012/01/14 18:40:22 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi(2)(2).dll
[2012/01/14 18:40:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi(4).dll
[2012/01/14 18:40:21 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs(2)(2).dll
[2012/01/14 18:40:21 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs(4).dll
[2012/01/14 18:40:19 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2012/01/14 18:22:33 | 001,175,552 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nview.dll
[2012/01/14 18:22:33 | 001,007,616 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nviewimg.dll
[2012/01/14 18:22:33 | 000,753,664 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nwiz.exe
[2012/01/14 18:22:33 | 000,450,560 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvshell.dll
[2012/01/14 18:22:33 | 000,397,312 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvappbar.exe
[2012/01/14 18:22:33 | 000,073,728 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvtuicpl.cpl
[2012/01/14 18:19:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2012/01/14 18:19:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2012/01/14 18:19:42 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2012/01/14 18:19:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2012/01/14 18:19:42 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2012/01/14 18:19:42 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2012/01/10 16:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\Downloads
[2012/01/09 15:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/01/09 14:58:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/05/22 15:05:08 | 004,738,172 | ---- | C] (Gougelet Pierre-e ) -- C:\Program Files\XnView-win.exe
[2011/02/28 15:15:15 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
[2003/11/13 10:54:38 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2003/03/14 02:33:40 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/26 15:15:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe
[2012/01/26 15:07:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-706699826-1801674531-1004UA.job
[2012/01/26 14:36:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/26 14:07:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-706699826-1801674531-1004Core.job
[2012/01/26 12:53:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\MBR.dat
[2012/01/26 12:24:21 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Bill\Desktop\aswMBR.exe
[2012/01/26 06:36:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/26 03:16:10 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2012/01/26 03:16:10 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2012/01/26 03:16:10 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2012/01/26 03:16:10 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2012/01/26 03:16:10 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/01/26 03:16:10 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/01/26 03:16:10 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2012/01/26 03:16:10 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2012/01/26 03:15:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/26 00:08:12 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/26 00:08:11 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Google Chrome.lnk
[2012/01/25 18:22:49 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bill\Desktop\tdsskiller.exe
[2012/01/25 16:16:32 | 000,334,429 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\FSS.exe
[2012/01/25 13:07:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/25 12:46:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/25 12:35:09 | 004,388,468 | R--- | M] (Swearware) -- C:\Documents and Settings\Bill\Desktop\ComboFix.exe
[2012/01/22 09:52:32 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/22 09:39:53 | 000,248,480 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Bill\My Documents\uninstall_flash_player_32bit.exe
[2012/01/20 10:48:58 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\gmer.zip
[2012/01/19 15:33:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/19 15:10:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Bill\Desktop\dds.scr
[2012/01/19 15:08:27 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Defogger.exe
[2012/01/18 16:32:15 | 039,401,336 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Bill\My Documents\QuickTimeInstaller.exe
[2012/01/18 03:25:17 | 000,142,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/18 03:09:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/18 03:05:44 | 000,436,188 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/18 03:05:44 | 000,069,520 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/16 16:48:42 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/16 13:39:28 | 000,606,576 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Bill\My Documents\ChromeSetup.exe
[2012/01/16 13:12:26 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/01/16 13:11:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/16 12:37:30 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/16 11:25:14 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Launch Internet Explorer Browser.lnk
[2012/01/16 10:57:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/01/16 10:55:27 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2012/01/15 20:30:49 | 278,927,592 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Bill\My Documents\WindowsXP-KB835935-SP2-ENU.exe
[2012/01/15 20:10:41 | 015,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Bill\My Documents\IE7-WindowsXP-x86-enu.exe
[2012/01/15 20:04:14 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Bill\My Documents\IE8-WindowsXP-x86-ENU.exe
[2012/01/14 19:40:59 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/01/14 19:34:48 | 000,001,165 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 2.lnk
[2012/01/14 19:25:12 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Bill\My Documents\WindowsXP-KB936929-SP3-x86-ENU.exe
[2012/01/14 19:23:09 | 040,110,272 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Bill\My Documents\a1403_05_enu_xp.exe
[2012/01/14 18:59:11 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/14 18:46:04 | 000,000,293 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/01/14 18:42:44 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2012/01/14 18:42:43 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/01/14 18:42:43 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/01/14 18:42:42 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2012/01/14 18:42:33 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/14 18:40:59 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/14 18:10:28 | 000,016,667 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2012/01/13 16:11:04 | 000,001,131 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000001-00001102-00000004-20041102}.CDF
[2012/01/13 16:11:04 | 000,001,131 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000001-00001102-00000004-20041102}.BAK
[2012/01/13 16:11:04 | 000,000,315 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.RPT
[2012/01/13 15:49:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/11 08:19:09 | 000,103,733 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
[2012/01/11 08:19:09 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/01/09 11:44:33 | 000,016,404 | -HS- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf
[2012/01/09 11:44:33 | 000,016,404 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf
[2012/01/05 14:41:13 | 000,017,850 | -HS- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\872rg84cx66l04530614pkeqpc4t840qvf7vs84130x
[2012/01/05 14:41:13 | 000,017,850 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\872rg84cx66l04530614pkeqpc4t840qvf7vs84130x
[2012/01/05 11:17:12 | 000,016,880 | -HS- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\365ca37cy33q13173681bwfcor3m531tll1kl15165h
[2012/01/05 11:17:12 | 000,016,880 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\365ca37cy33q13173681bwfcor3m531tll1kl15165h
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/26 12:53:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\MBR.dat
[2012/01/25 16:16:32 | 000,334,429 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\FSS.exe
[2012/01/25 12:46:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/25 12:46:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/25 12:36:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/25 12:36:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/25 12:36:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/25 12:36:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/25 12:36:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/20 10:49:55 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\gmer.exe
[2012/01/20 10:48:47 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\gmer.zip
[2012/01/19 15:08:27 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Defogger.exe
[2012/01/17 05:13:09 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2012/01/16 14:03:08 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Google Chrome.lnk
[2012/01/16 14:03:08 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/16 14:02:24 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-706699826-1801674531-1004UA.job
[2012/01/16 14:02:23 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-706699826-1801674531-1004Core.job
[2012/01/16 11:57:02 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2012/01/16 11:57:02 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2012/01/16 11:57:01 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2012/01/16 11:57:00 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2012/01/16 11:57:00 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2012/01/16 11:56:53 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2012/01/16 11:56:50 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2012/01/16 11:56:39 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2012/01/16 11:56:39 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2012/01/16 11:56:38 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2012/01/16 11:56:28 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2012/01/16 11:56:24 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2012/01/16 11:18:36 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\Launch Internet Explorer Browser.lnk
[2012/01/14 19:43:17 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2012/01/14 19:43:17 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2012/01/14 19:43:17 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2012/01/14 19:43:17 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2012/01/14 19:43:17 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2012/01/14 19:43:16 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2012/01/14 19:43:16 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2012/01/14 19:43:16 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2012/01/14 19:43:16 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2012/01/14 19:43:16 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2012/01/14 19:43:16 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2012/01/14 19:43:16 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2012/01/14 19:43:16 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2012/01/14 19:43:16 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2012/01/14 19:43:16 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2012/01/14 19:43:16 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2012/01/14 19:43:16 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2012/01/14 19:43:16 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2012/01/14 19:43:16 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2012/01/14 19:43:16 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2012/01/14 19:43:16 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2012/01/14 19:43:16 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2012/01/14 19:43:16 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2012/01/14 19:43:16 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2012/01/14 19:43:16 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2012/01/14 19:43:16 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2012/01/14 19:43:16 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2012/01/14 19:43:16 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2012/01/14 19:43:16 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2012/01/14 19:43:16 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2012/01/14 19:43:16 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2012/01/14 19:43:16 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2012/01/14 19:43:16 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2012/01/14 19:43:16 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2012/01/14 19:43:16 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2012/01/14 19:43:16 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2012/01/14 19:43:16 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2012/01/14 19:43:16 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2012/01/14 19:43:16 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2012/01/14 19:43:16 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2012/01/14 19:43:16 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2012/01/14 19:43:16 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2012/01/14 19:43:16 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2012/01/14 19:43:16 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2012/01/14 19:43:16 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2012/01/14 19:43:16 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2012/01/14 19:43:16 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2012/01/14 19:43:16 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2012/01/14 19:43:16 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2012/01/14 19:43:16 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2012/01/14 19:43:16 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2012/01/14 19:43:16 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2012/01/14 19:43:16 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2012/01/14 19:43:16 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2012/01/14 19:43:16 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2012/01/14 19:43:16 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2012/01/14 19:43:16 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2012/01/14 19:43:15 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2012/01/14 19:43:15 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2012/01/14 19:43:15 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2012/01/14 19:43:15 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2012/01/14 19:43:15 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2012/01/14 19:43:15 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2012/01/14 19:43:15 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2012/01/14 19:43:15 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2012/01/14 19:43:15 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2012/01/14 19:43:15 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2012/01/14 19:43:15 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2012/01/14 19:43:15 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2012/01/14 19:43:15 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2012/01/14 19:43:15 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2012/01/14 19:34:48 | 000,001,165 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 2.lnk
[2012/01/14 18:44:17 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/01/14 18:44:10 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/01/14 18:44:06 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/01/14 18:43:45 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/01/14 18:43:32 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/01/14 18:22:28 | 000,001,131 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000001-00001102-00000004-20041102}.BAK
[2012/01/14 18:19:54 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/01/14 18:19:35 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/01/14 18:19:35 | 000,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT
[2012/01/14 18:19:35 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/01/14 18:19:35 | 000,390,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WFC.CAT
[2012/01/14 18:19:35 | 000,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT
[2012/01/14 18:19:35 | 000,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT
[2012/01/14 18:19:35 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/01/14 18:19:35 | 000,022,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\TCLASSES.CAT
[2012/01/14 18:19:35 | 000,021,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\XMLDSOC.CAT
[2012/01/14 18:19:35 | 000,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT
[2012/01/14 18:19:35 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/01/14 18:19:35 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/01/14 18:19:35 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/01/13 16:38:43 | 000,001,165 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk
[2012/01/13 16:38:42 | 000,002,369 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IM-me.lnk
[2012/01/13 16:38:42 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/01/13 16:15:40 | 000,016,667 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2012/01/13 16:11:04 | 000,001,131 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000001-00001102-00000004-20041102}.CDF
[2012/01/13 16:11:04 | 000,000,315 | ---- | C] () -- C:\WINDOWS\System32\CTHELPER.RPT
[2012/01/11 08:19:09 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2012/01/11 08:19:09 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/01/09 11:39:23 | 000,016,404 | -HS- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf
[2012/01/09 11:39:23 | 000,016,404 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf
[2012/01/05 14:39:00 | 000,017,850 | -HS- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\872rg84cx66l04530614pkeqpc4t840qvf7vs84130x
[2012/01/05 14:39:00 | 000,017,850 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\872rg84cx66l04530614pkeqpc4t840qvf7vs84130x
[2012/01/04 16:04:37 | 000,016,880 | -HS- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\365ca37cy33q13173681bwfcor3m531tll1kl15165h
[2012/01/04 16:04:37 | 000,016,880 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\365ca37cy33q13173681bwfcor3m531tll1kl15165h
[2011/12/19 11:08:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/18 20:54:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2011/11/18 20:22:03 | 000,000,293 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2011/11/18 20:21:46 | 000,000,442 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2011/06/29 15:53:17 | 158,067,944 | ---- | C] () -- C:\Program Files\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
[2011/04/21 13:27:32 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/28 09:31:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/01/31 14:26:46 | 000,000,244 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/01/31 14:26:46 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/01/31 14:26:37 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/01/31 14:26:37 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/01/31 14:26:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08a.dat
[2011/01/31 14:26:17 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2011/01/31 14:20:44 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/12/14 14:11:35 | 001,094,021 | ---- | C] () -- C:\Program Files\dvdshrink32setup.zip
[2010/11/23 20:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Edmark.ini
[2010/11/23 20:09:55 | 000,000,519 | ---- | C] () -- C:\WINDOWS\pipeline.ini
[2010/11/23 20:05:54 | 000,000,716 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/11/23 18:53:10 | 000,000,264 | ---- | C] () -- C:\WINDOWS\KA.INI
[2010/04/20 15:51:46 | 005,030,616 | ---- | C] () -- C:\Program Files\Paint.NET.3.5.4.Install.exe
[2009/09/28 14:41:40 | 000,023,572 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/24 12:25:03 | 000,282,308 | ---- | C] () -- C:\Program Files\DATA RETRIEVAL.exe
[2009/07/25 17:43:25 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/07/08 12:14:21 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2009/07/07 22:11:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/07 18:58:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/07 16:22:28 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2009/07/07 16:22:28 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2009/07/07 14:42:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/07 14:37:15 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/07/07 14:23:51 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/07 09:18:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/07 09:17:44 | 000,142,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/02/18 14:40:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/12/22 07:41:42 | 000,015,866 | ---- | C] () -- C:\WINDOWS\System32\aud2_gw.ini
[2003/11/26 06:11:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/11/26 05:29:54 | 000,127,226 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2003/11/13 11:21:04 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2003/11/13 10:54:06 | 000,053,312 | ---- | C] () -- C:\WINDOWS\System32\upddrv9x.dll
[2003/05/30 08:00:02 | 001,962,496 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2003/05/30 08:00:02 | 001,962,496 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/05/30 08:00:02 | 000,449,024 | ---- | C] () -- C:\WINDOWS\System32\qdvd(3).dll
[2003/05/30 08:00:02 | 000,449,024 | ---- | C] () -- C:\WINDOWS\System32\qdvd(2).dll
[2003/05/30 08:00:02 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\devenum(3).dll
[2003/05/30 08:00:02 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/03/31 06:00:00 | 000,436,188 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 06:00:00 | 000,069,520 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/21 10:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2002/12/11 23:14:32 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\qedit(3).dll
[2002/12/11 23:14:32 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\qedit(2).dll
[2002/12/11 23:14:32 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll
[2002/12/11 23:14:32 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2002/09/03 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 07:00:00 | 000,498,205 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(5).dll
[2002/09/03 07:00:00 | 000,498,205 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(4).dll
[2002/09/03 07:00:00 | 000,498,205 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(3).dll
[2002/09/03 07:00:00 | 000,498,205 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(2).dll
[2002/09/03 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 07:00:00 | 000,005,114 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/06/28 05:05:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2001/06/27 11:31:00 | 000,039,611 | ---- | C] () -- C:\WINDOWS\System32\biosid.exe

< End of report >

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 PM

Posted 27 January 2012 - 07:17 AM

I see something in the report so we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 GoofyGus

GoofyGus
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 27 January 2012 - 12:43 PM

Hi Gringo-

Here's the log:



Windows IP Configuration



Host Name . . . . . . . . . . . . : homeoffi-r55aq3

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : Yes



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-0C-F1-E3-8E-79

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.105

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::20c:f1ff:fee3:8e79%4

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 213.109.65.245

213.109.76.240

1.1.1.1

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Lease Obtained. . . . . . . . . . : Friday, January 27, 2012 3:16:02 AM

Lease Expires . . . . . . . . . . : Saturday, January 28, 2012 3:16:02 AM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-69

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.105%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 213.109.65.245

Name: google.com
Addresses: 74.125.113.103, 74.125.113.104, 74.125.113.105, 74.125.113.106
74.125.113.147, 74.125.113.99

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 213.109.65.245

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149



Pinging google.com [74.125.113.99] with 32 bytes of data:



Reply from 74.125.113.99: bytes=32 time=45ms TTL=51

Reply from 74.125.113.99: bytes=32 time=46ms TTL=51



Ping statistics for 74.125.113.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 46ms, Average = 45ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=37ms TTL=49

Reply from 209.191.122.70: bytes=32 time=38ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 37ms, Maximum = 38ms, Average = 37ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c f1 e3 8e 79 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.105 192.168.1.105 20
192.168.1.0 255.255.255.0 192.168.1.105 192.168.1.105 20
192.168.1.105 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.105 192.168.1.105 20
224.0.0.0 240.0.0.0 192.168.1.105 192.168.1.105 20
255.255.255.255 255.255.255.255 192.168.1.105 192.168.1.105 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 PM

Posted 27 January 2012 - 03:04 PM

Hello

Yes it looks like the DNS settings on the router have been changed.

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users