Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searching Hijacked by GimmieAnswers


  • This topic is locked This topic is locked
22 replies to this topic

#1 senare

senare

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 26 February 2012 - 07:19 PM

Thank you boopme for pointing me in the right direction!
~~~~~~~~~~
My searches are being hijacked and rerouted to GimmieAnswers. I was looking for a keygen for Ciscos Network Magic since they won't help me recover my lost one. Anywho. I've recently wiped and reinstalled XP Professional and hadn't downloaded an anti-malware yet. *head desk* Since GimmieAnswers has reared its ugly head I've been getting errors from Opera about a corrupt file (I use Opera and FireFox - searching has been hijacked with both). It may be related and it may not but thought I would include it in case it gives anyone a better idea of what is going on. Last night I turned the comp off and the Opera issue started today when I turned back on. If its not part of the issue no worries I'll drop it until the Gimmie Answers is fixed.

I have run Malwarebytes Anti-Malware and CCleaner. I searched through the posts on here (I love this site) to see what I could do but decided that it might be best to ask for help instead. lol So I've also downloaded tdsskiller (just remembered that I've run that and didn't find anything) and combofix (after reading the instructions thought I better ask for help before running).

I have followed the instructions in the preparation guide 6 - 9 as per boopme said after posting in the wrong place (sorry!)
~~~~~~~~~~
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 15:00:29 on 2012-02-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.141 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=28b550eb0000000000000019db5269fe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120223171408.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SDMSSplash] "c:\program files\hp_sdms\sdmssplash\launcher.exe" "launchdir=c:\program files\hp_sdms\SDMSSplash"
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{4CA5E36F-B441-4B41-B7D6-0290C1050B51} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\s7vculjx.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://bardicweb.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 28b550eb0000000000000019db5269fe
FF - user.js: extensions.BabylonToolbar_i.hardId - 28b550eb0000000000000019db5269fe
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15395
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:20:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extentions.y2layers.installId - f7b9e0ee-0ab6-4e99-a4b3-b87395427044
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464176]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-2-23 84200]
R2 DAZContentManagementService;DAZ Content Management Service;c:\program files\daz 3d\content management service\ContentManagementServer.exe [2012-2-25 18432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-26 652360]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-2-23 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-2-23 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-2-23 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-2-23 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-2-23 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-2-23 150856]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2012-2-23 540448]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-2-23 56064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-26 20464]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-2-23 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-2-23 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-2-23 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-2-23 88736]
S2 avg7core;VHidMinidrv;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 avg7updsvc;Lvselsus;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 avgfwsrv;Hdthermal;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 avhook;EpmShd;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 aw_host;Hotkey;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 DirectUpdate;TIEHDUSB;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ikhlayer;Pktfilter;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 lfsfilt;UPATC;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 mcupdmgr.exe;Utilman;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 navap;Cpqfws2e;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ofcpfwsvc;Pae_1394;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 pavagente;U81xmdfl;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 RAPIProtocol;Update;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 savrt;Iclarityqosservice;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 symantecantibotfilter;Nlsvc;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 symantecantibotshim;Palmusbd;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 vetfddnt;Symdns;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-2-23 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-2-23 84488]
.
=============== Created Last 30 ================
.
2012-02-26 16:30:51 -------- d-----w- c:\program files\CCleaner
2012-02-26 16:30:20 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-02-26 16:30:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-26 16:30:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-26 16:30:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-25 20:35:20 -------- d-----w- c:\windows\system32\appmgmt
2012-02-25 19:04:26 -------- d-----w- c:\documents and settings\administrator\local settings\application data\WeatherBug
2012-02-25 19:04:18 -------- d-----w- c:\documents and settings\administrator\application data\WeatherBug
2012-02-25 19:04:17 18944 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{8f018a9e-56de-4a79-a5ef-25f413f1d538}\IconBB6A16301.exe
2012-02-25 19:03:43 -------- d-----w- c:\program files\Yontoo
2012-02-25 19:03:40 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2012-02-25 18:40:29 -------- d-----w- c:\documents and settings\administrator\application data\FreeTorrentViewer
2012-02-25 17:58:34 -------- d-----w- c:\documents and settings\all users\application data\Protexis
2012-02-25 17:56:31 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Corel PaintShop Pro
2012-02-25 17:55:01 -------- d-----w- c:\program files\common files\Protexis
2012-02-25 17:55:01 -------- d-----w- c:\documents and settings\all users\application data\Corel
2012-02-25 17:49:05 -------- d-----w- c:\program files\Corel
2012-02-25 17:49:00 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2012-02-25 15:04:50 -------- d-----w- C:\Pixologic
2012-02-25 14:19:36 -------- d-----w- c:\program files\common files\DAZ
2012-02-25 14:14:37 -------- d-----w- C:\DAZ 3D
2012-02-25 14:11:42 -------- d-----w- c:\program files\DAZ 3D
2012-02-25 12:29:06 -------- d-----w- c:\documents and settings\all users\application data\DAZ 3D
2012-02-25 11:55:42 -------- d-----w- c:\documents and settings\administrator\application data\DAZ 3D
2012-02-24 12:45:04 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
2012-02-24 12:44:39 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2012-02-24 12:39:29 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2012-02-24 12:23:33 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-02-24 12:22:58 -------- d-----w- c:\windows\ie8updates
2012-02-24 12:22:42 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-24 12:22:41 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-24 12:22:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-24 12:22:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-24 12:22:41 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-02-24 12:22:40 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-24 12:22:40 11082240 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-02-24 12:21:19 -------- dc-h--w- c:\windows\ie8
2012-02-24 12:06:35 81920 ------w- c:\windows\system32\ieencode.dll
2012-02-24 12:06:35 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2012-02-24 12:06:17 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-24 12:06:17 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-24 12:02:13 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-24 12:02:07 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-24 12:01:52 758784 ----a-w- c:\windows\system32\dllcache\vgx.dll
2012-02-24 12:01:36 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-02-24 11:58:14 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-24 11:57:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-02-24 11:57:28 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2012-02-24 11:57:28 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-02-24 11:57:28 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-24 11:56:35 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-02-24 01:24:57 -------- d-----w- c:\windows\system32\scripting
2012-02-24 01:24:57 -------- d-----w- c:\windows\l2schemas
2012-02-24 01:24:56 -------- d-----w- c:\windows\system32\en
2012-02-24 01:24:56 -------- d-----w- c:\windows\system32\bits
2012-02-24 01:19:36 -------- d-----w- c:\windows\network diagnostic
2012-02-24 00:39:29 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Opera
2012-02-24 00:04:24 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Thunderbird
2012-02-23 23:55:43 -------- d-----w- c:\windows\ServicePackFiles
2012-02-23 23:53:56 -------- d-----w- c:\program files\MSXML 4.0
2012-02-23 23:49:23 -------- d-----w- c:\documents and settings\administrator\application data\Media Finder
2012-02-23 23:48:52 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-02-23 23:48:49 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Babylon
2012-02-23 23:48:48 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2012-02-23 23:48:48 -------- d-----w- c:\documents and settings\administrator\application data\Babylon
2012-02-23 23:48:02 95424 ------w- c:\windows\system32\drivers\slnthal.sys
2012-02-23 23:48:02 404990 ------w- c:\windows\system32\drivers\slntamr.sys
2012-02-23 23:48:02 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
2012-02-23 23:48:02 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
2012-02-23 23:48:01 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
2012-02-23 23:48:01 13776 ------w- c:\windows\system32\drivers\recagent.sys
2012-02-23 23:48:00 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-23 23:47:59 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2012-02-23 23:47:59 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2012-02-23 23:47:59 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2012-02-23 23:47:59 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
2012-02-23 23:47:57 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2012-02-23 23:47:53 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2012-02-23 23:47:53 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2012-02-23 23:47:52 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2012-02-23 23:31:40 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-23 23:31:33 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2012-02-23 23:31:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 23:31:04 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2012-02-23 23:31:01 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2012-02-23 23:28:59 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2012-02-23 23:28:15 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2012-02-23 23:28:14 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-02-23 23:28:04 357888 ------w- c:\windows\system32\dllcache\srv.sys
2012-02-23 23:27:56 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-23 23:26:30 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-02-23 23:26:29 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-02-23 23:26:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2012-02-23 23:26:17 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2012-02-23 23:24:12 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2012-02-23 23:23:47 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2012-02-23 23:23:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-02-23 23:23:18 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2012-02-23 23:14:08 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2012-02-23 23:14:07 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-23 23:14:01 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-02-23 23:14:01 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-23 23:14:01 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-02-23 23:14:01 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-23 23:14:01 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-23 23:14:01 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-23 23:14:01 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-23 23:13:56 -------- d-----w- c:\program files\common files\Mcafee
2012-02-23 23:13:55 -------- d-----w- c:\program files\McAfee.com
2012-02-23 23:13:48 -------- d-----w- c:\program files\McAfee
2012-02-23 23:03:28 150856 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-23 22:27:53 -------- d-sh--w- c:\documents and settings\administrator\UserData
2012-02-23 22:19:02 -------- d-----w- c:\program files\Program Shortcuts
2012-02-23 22:17:38 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-02-23 22:07:15 278 ----a-w- c:\windows\logonper2.reg
2012-02-23 22:07:15 192 ----a-w- c:\windows\logoffper2.reg
2012-02-23 22:05:39 -------- d-----w- c:\program files\Compaq
2012-02-23 22:05:37 -------- d-----w- c:\program files\HP_SDMS
2012-02-23 22:05:28 15632 ----a-w- c:\windows\system32\pdfc_port.dll
2012-02-23 22:05:25 -------- d-----w- c:\program files\PDF Complete
2012-02-23 22:02:48 49152 ----a-w- c:\windows\system32\ChCfg.exe
2012-02-23 22:01:59 -------- d-----w- c:\program files\ATI Technologies
2012-02-23 22:01:50 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-02-23 22:01:50 225280 ----a-w- c:\program files\common files\installshield\iscript\IScript.dll
2012-02-23 22:01:50 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-02-23 22:01:49 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-02-23 22:01:49 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2012-02-23 22:00:51 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-02-23 22:00:38 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2012-02-23 22:00:12 -------- d-----w- c:\documents and settings\administrator\local settings\application data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2012-02-23 21:58:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\ApplicationHistory
2012-02-23 21:57:34 -------- d-----w- c:\windows\system32\URTTemp
2012-02-23 21:56:20 -------- d-----w- c:\windows\system32\ReinstallBackups
2012-02-23 21:49:15 -------- d-----w- c:\program files\Pure Networks
2012-02-23 21:47:41 -------- d-----w- c:\program files\WebEx
2012-02-23 21:47:15 -------- d-----w- c:\program files\common files\Pure Networks Shared
2012-02-23 21:42:26 -------- d-----w- c:\windows\system32\LogFiles
2012-02-23 21:39:37 -------- d-----w- c:\program files\Linksys
2012-02-23 21:39:34 8892928 ----a-w- c:\documents and settings\all users\application data\atscie.msi
2012-02-23 21:39:26 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2012-02-23 21:39:23 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2012-02-23 21:38:45 -------- d-----w- c:\documents and settings\all users\application data\Pure Networks
2012-02-23 21:32:57 -------- d-----w- c:\documents and settings\all users\application data\WEBREG
2012-02-23 21:19:25 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2012-02-23 21:19:24 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2012-02-23 21:19:10 267864 ----a-r- c:\windows\system32\hpzids01.dll
2012-02-23 21:19:08 274944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
2012-02-23 21:19:08 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2012-02-23 21:19:03 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2012-02-23 21:18:45 675840 ----a-r- c:\windows\system32\hpowiax3.dll
2012-02-23 21:18:45 569344 ----a-r- c:\windows\system32\hpotscl3.dll
2012-02-23 21:18:45 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2012-02-23 21:18:45 309760 ----a-r- c:\windows\system32\difxapi.dll
2012-02-23 21:18:45 303104 ----a-r- c:\windows\system32\hpovst10.dll
2012-02-23 21:18:44 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-02-23 20:26:13 -------- d-----w- c:\program files\common files\HP
2012-02-23 20:25:53 -------- d-----w- c:\program files\common files\Hewlett-Packard
2012-02-23 20:25:01 -------- d-----w- c:\program files\HP
2012-02-23 20:24:59 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-02-23 20:24:58 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-02-23 20:20:38 221184 ----a-w- c:\windows\system32\wmpns.dll
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 15:01:39.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 AM

Posted 27 February 2012 - 03:04 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 senare

senare
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 27 February 2012 - 11:06 AM

I had to delete the antivirus because the instructions weren't working for the version of McAfee as its through the Cox Security suite. But other wise I really didn't have any trouble. I have no trouble searching in IE, or FireFox. When I open Opera though AbNow.com comes up and the home page is set up as http://redir.opera.com/portal/home/. I haven't changed it because I thought I better wait until someone says its okay.

ComboFix Log

ComboFix 12-02-25.02 - Administrator 02/27/2012 9:47.1.1 - x86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\windows\$NtUninstallKB47222$
c:\windows\$NtUninstallKB47222$\1692279639\@
c:\windows\$NtUninstallKB47222$\1692279639\L\leebmpoi
c:\windows\$NtUninstallKB47222$\1692279639\loader.tlb
c:\windows\$NtUninstallKB47222$\1692279639\U\@00000001
c:\windows\$NtUninstallKB47222$\1692279639\U\@000000c0
c:\windows\$NtUninstallKB47222$\1692279639\U\@000000cb
c:\windows\$NtUninstallKB47222$\1692279639\U\@000000cf
c:\windows\$NtUninstallKB47222$\1692279639\U\@80000000
c:\windows\$NtUninstallKB47222$\1692279639\U\@800000c0
c:\windows\$NtUninstallKB47222$\1692279639\U\@800000cb
c:\windows\$NtUninstallKB47222$\1692279639\U\@800000cf
c:\windows\$NtUninstallKB47222$\2758070515
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\dds_log_trash.cmd
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RADIOSVR
-------\Service_radiosvr
.
.
((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 14:31 . 2012-02-27 14:31 -------- d-----w- C:\found.000
2012-02-25 18:20 . 2012-02-25 18:20 237 ----a-w- C:\user.js
2012-02-25 15:04 . 2012-02-25 15:04 -------- d-----w- C:\Pixologic
2012-02-25 14:14 . 2012-02-25 14:14 -------- d-----w- C:\DAZ 3D
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-04 06:17 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2004-08-04 07:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 07:56 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-02-16 14:40 . 2012-02-23 23:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11 194848 ----a-w- c:\program files\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-14 77824]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-04-13 331552]
"SDMSSplash"="c:\program files\HP_SDMS\SDMSSplash\launcher.exe" [2006-03-10 86016]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
R2 DAZContentManagementService;DAZ Content Management Service;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2/25/2012 8:14 AM 18432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/26/2012 10:30 AM 652360]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2/23/2012 4:05 PM 540448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/26/2012 10:30 AM 20464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
WacomVKHid
rnadirmultiplexor
hwpsgt
defragfs
rvsinst
lfsfilt
MSCamSvc
avg7updsvc
avg7core
WmVirHid
SndTDriverV32
mcupdmgr.exe
hap16v2k
roxwatch
ROB_V
s716mdfl
DNE
MRESP50a64
streamip
Sunkfiltp
DirectUpdate
cis1284
transarcafsdaemon
ShockMgr
lkclassads
ATIBTXBAR
lilsgt
NSSvcMgr
RAPIProtocol
speedfan
Exportit
3c1807pd
ofcpfwsvc
dnetc
symantecantibotfilter
navap
sit_flt
UBHelper
PBADRV
NVR0Dev
hmonitor
eectrl
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
BrUsbSer
DcLps
ultra66
dimension4
p17
SED133x
avhook
ispwdsvc
rnadiagreceiver
olregcap
upsentry_smart
sympxsvc
pwkntmon
bthpan
savrt
CTEDSPIO.DLL
gearsecurity
KR10I
SerTVOutCtlr
NPPTNT
amusbprt
{95808DC4-FA4A-4c74-92FE-5B863F82066B}
spbbcdrv
asuskeyboardservice
zpcollector
epsonstatusagent2
npapimon
epfw
nsengine
VCIDRV
websensecpmcommunicationagent
vetfddnt
oraclexeclragent
nnsvc
Cam5603D
vstor2
avgfwsrv
cqcpu
HWIONT
PID_08A0
lxda_device
issm
s616mdfl
tomcatcws3
yediex
SlWdmSup
vcdsecs
ikhlayer
aw_host
XBCD
STV672
WcesComm
egathdrv
Mtlmnt5
oraclesnmppeermasteragent
regmanserv
k750obex
W2acehid
winss
s116mgmt
oracle_load_balancer_60_server-forms6i
tunmp
HPFECP20
smsmdd
pdlnemap
papyjoy
cfosspeeds
acnusvc
mi-raysat_3dsMax2008_32
NOWMEMDF
btkrnl
sit_prt
A88xTuner
smtpd32
license
pmem
rppkt
MREMP50a64
lhidflt2
tga
symantecantibotshim
cqmgserv
Nsynas32
dsproct
screadspool
asmagent
thpsrv
vsserv
se59obex
CTERFXFX.DLL
dm1service
PGPwded
epson_pm_rpcv4_01
MREMP50
dbmanagerscheduler
LVRS
MREMPR5
isdrv122
sfhlp01
yukonwxp
SQLAgent$MICROSOFTBCM
vmkbd
ovepstatusengine
ntservice1
dashsvc
ASMMAP
CoachAud
W55U01
mwspollserver
bmuservice
QWAVEDRV
ipsecmon
pduip6000dmemcrdmgr
NICSer_WPC54G
portio
mysqlinventime
Cardex
nmwcdcj
nwlnkspx
RR2Ctrl
hsf_dp
IWCA
se58mdm
olcamsrv
avidsdmservice
BASFND
rtl8029
RTHDMIAzAudService
apache
unlockerdriver5
MRESP50
tng-dtmg
appdrv
usbmate
nsm1serd
EhttpSrv
statusagent4
ssm_mdfl
Jukebox
pavagente
sentinelprotectionserver
sscdmdm
uleadburninghelper
regspy
dlcq_device
oracle%oracle_home_service%clientcache80
tsmapip
scsiaccess
NVNET
aeaudio
NETMDUSB
keriomailserver
telnet
wtwservice
vmnetbridge
DC21x4
vpn5000service
schscnt
psdvdisk
IPSECSHM
L8042mou
clnt_clientman
axskbus
dvpapi
AF15BDA
https-nassry
fsaua
psdistributionagent
openvpnservice
bhmonitorservice
dlbx_device
gagp30kx
ASInsHelp
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=28b550eb0000000000000019db5269fe
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://bardicweb.com
FF - user.js: extensions.BabylonToolbar_i.id - 28b550eb0000000000000019db5269fe
FF - user.js: extensions.BabylonToolbar_i.hardId - 28b550eb0000000000000019db5269fe
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15395
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extentions.y2layers.installId - f7b9e0ee-0ab6-4e99-a4b3-b87395427044
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-27 09:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4165708174-4294439347-1972931525-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,b2,ed,bd,62,1d,ee,41,a5,3e,74,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1712)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2012-02-27 09:57:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-27 15:57
.
Pre-Run: 64,527,495,168 bytes free
Post-Run: 64,877,723,648 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 60097D2C2D3F795A1EF9BF0068F1AC6C

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 AM

Posted 27 February 2012 - 12:47 PM

Greetings

Yes go ahead and change your home page

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 senare

senare
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 27 February 2012 - 02:33 PM

I have a MBR.dat file on my desktop after saving the aswMBR log, is that suppose to be there?

tdsskiller:
11:57:51.0875 1044 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
11:57:52.0343 1044 ============================================================
11:57:52.0343 1044 Current date / time: 2012/02/27 11:57:52.0343
11:57:52.0343 1044 SystemInfo:
11:57:52.0343 1044
11:57:52.0343 1044 OS Version: 5.1.2600 ServicePack: 3.0
11:57:52.0343 1044 Product type: Workstation
11:57:52.0343 1044 ComputerName: DESKTOP
11:57:52.0359 1044 UserName: Administrator
11:57:52.0359 1044 Windows directory: C:\WINDOWS
11:57:52.0359 1044 System windows directory: C:\WINDOWS
11:57:52.0359 1044 Processor architecture: Intel x86
11:57:52.0359 1044 Number of processors: 1
11:57:52.0359 1044 Page size: 0x1000
11:57:52.0359 1044 Boot type: Normal boot
11:57:52.0359 1044 ============================================================
11:57:54.0062 1044 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:57:54.0078 1044 \Device\Harddisk0\DR0:
11:57:54.0078 1044 MBR used
11:57:54.0078 1044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
11:57:54.0218 1044 Initialize success
11:57:54.0218 1044 ============================================================
11:58:24.0687 2620 ============================================================
11:58:24.0687 2620 Scan started
11:58:24.0687 2620 Mode: Manual;
11:58:24.0687 2620 ============================================================
11:58:25.0265 2620 Abiosdsk - ok
11:58:25.0406 2620 abp480n5 - ok
11:58:25.0500 2620 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
11:58:25.0531 2620 ac97intc - ok
11:58:25.0750 2620 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:58:25.0750 2620 ACPI - ok
11:58:26.0078 2620 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:58:26.0109 2620 ACPIEC - ok
11:58:26.0375 2620 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:58:26.0375 2620 adpu160m - ok
11:58:26.0625 2620 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
11:58:26.0640 2620 adpu320 - ok
11:58:27.0015 2620 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:58:27.0015 2620 aec - ok
11:58:27.0312 2620 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:58:27.0343 2620 AFD - ok
11:58:27.0562 2620 Aha154x - ok
11:58:28.0078 2620 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:58:28.0078 2620 aic78u2 - ok
11:58:28.0515 2620 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:58:28.0515 2620 aic78xx - ok
11:58:28.0718 2620 AliIde - ok
11:58:29.0109 2620 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
11:58:29.0109 2620 AmdK8 - ok
11:58:29.0312 2620 AmdLLD (e7314d43cd2be981d8bc4826b50eaf05) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
11:58:29.0312 2620 AmdLLD - ok
11:58:29.0546 2620 amsint - ok
11:58:29.0734 2620 asc - ok
11:58:29.0796 2620 asc3350p - ok
11:58:29.0890 2620 asc3550 - ok
11:58:30.0062 2620 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:58:30.0093 2620 AsyncMac - ok
11:58:30.0593 2620 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:58:30.0593 2620 atapi - ok
11:58:30.0875 2620 Atdisk - ok
11:58:31.0093 2620 ati2mtag (c702e0c01a24d45662af91f43397d72c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:58:31.0203 2620 ati2mtag - ok
11:58:31.0468 2620 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:58:31.0500 2620 Atmarpc - ok
11:58:31.0796 2620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:58:31.0812 2620 audstub - ok
11:58:32.0078 2620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:58:32.0093 2620 Beep - ok
11:58:32.0109 2620 catchme - ok
11:58:32.0375 2620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:58:32.0375 2620 cbidf2k - ok
11:58:32.0515 2620 cd20xrnt - ok
11:58:32.0625 2620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:58:32.0625 2620 Cdaudio - ok
11:58:32.0781 2620 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:58:32.0796 2620 Cdfs - ok
11:58:33.0062 2620 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:58:33.0109 2620 Cdrom - ok
11:58:33.0343 2620 Changer - ok
11:58:33.0546 2620 CmdIde - ok
11:58:33.0781 2620 Cpqarray - ok
11:58:34.0031 2620 dac2w2k - ok
11:58:34.0062 2620 dac960nt - ok
11:58:34.0406 2620 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:34.0406 2620 Disk - ok
11:58:34.0750 2620 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:58:34.0781 2620 dmboot - ok
11:58:35.0187 2620 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:58:35.0218 2620 dmio - ok
11:58:35.0515 2620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:58:35.0515 2620 dmload - ok
11:58:35.0734 2620 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:58:35.0734 2620 DMusic - ok
11:58:35.0984 2620 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:58:35.0984 2620 dpti2o - ok
11:58:36.0281 2620 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:58:36.0296 2620 drmkaud - ok
11:58:36.0500 2620 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:58:36.0500 2620 E100B - ok
11:58:36.0921 2620 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:58:36.0937 2620 Fastfat - ok
11:58:37.0187 2620 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:58:37.0203 2620 Fdc - ok
11:58:37.0359 2620 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:58:37.0359 2620 Fips - ok
11:58:37.0390 2620 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:58:37.0406 2620 Flpydisk - ok
11:58:37.0500 2620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:58:37.0515 2620 FltMgr - ok
11:58:37.0734 2620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:58:37.0750 2620 Fs_Rec - ok
11:58:37.0828 2620 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:58:37.0828 2620 Ftdisk - ok
11:58:37.0953 2620 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:58:37.0953 2620 Gpc - ok
11:58:38.0234 2620 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:58:38.0265 2620 HDAudBus - ok
11:58:38.0500 2620 hpn - ok
11:58:38.0562 2620 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:58:38.0578 2620 HPZid412 - ok
11:58:38.0671 2620 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:58:38.0671 2620 HPZipr12 - ok
11:58:38.0890 2620 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:58:38.0890 2620 HPZius12 - ok
11:58:39.0093 2620 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:58:39.0093 2620 HTTP - ok
11:58:39.0171 2620 i2omgmt - ok
11:58:39.0234 2620 i2omp - ok
11:58:39.0312 2620 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:58:39.0312 2620 i8042prt - ok
11:58:39.0531 2620 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
11:58:39.0546 2620 i81x - ok
11:58:39.0718 2620 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
11:58:39.0718 2620 iAimFP0 - ok
11:58:39.0968 2620 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
11:58:39.0968 2620 iAimFP1 - ok
11:58:40.0156 2620 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
11:58:40.0156 2620 iAimFP2 - ok
11:58:40.0218 2620 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
11:58:40.0218 2620 iAimFP3 - ok
11:58:40.0265 2620 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
11:58:40.0265 2620 iAimFP4 - ok
11:58:40.0312 2620 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
11:58:40.0312 2620 iAimFP5 - ok
11:58:40.0437 2620 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
11:58:40.0437 2620 iAimFP6 - ok
11:58:40.0671 2620 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
11:58:40.0703 2620 iAimFP7 - ok
11:58:40.0906 2620 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
11:58:40.0906 2620 iAimTV0 - ok
11:58:41.0156 2620 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
11:58:41.0171 2620 iAimTV1 - ok
11:58:41.0515 2620 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
11:58:41.0515 2620 iAimTV3 - ok
11:58:41.0671 2620 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
11:58:41.0671 2620 iAimTV4 - ok
11:58:41.0859 2620 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
11:58:41.0859 2620 iAimTV5 - ok
11:58:42.0062 2620 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
11:58:42.0062 2620 iAimTV6 - ok
11:58:42.0296 2620 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:58:42.0296 2620 Imapi - ok
11:58:42.0531 2620 ini910u - ok
11:58:42.0781 2620 IntcAzAudAddService (58b079ba8c4a53406a02d66069451ce5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:58:42.0921 2620 IntcAzAudAddService - ok
11:58:43.0171 2620 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:58:43.0171 2620 IntelIde - ok
11:58:43.0453 2620 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:58:43.0453 2620 Ip6Fw - ok
11:58:43.0640 2620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:58:43.0640 2620 IpFilterDriver - ok
11:58:43.0937 2620 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:58:43.0937 2620 IpInIp - ok
11:58:44.0078 2620 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:58:44.0078 2620 IpNat - ok
11:58:44.0125 2620 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:58:44.0125 2620 IPSec - ok
11:58:44.0312 2620 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:58:44.0312 2620 IRENUM - ok
11:58:44.0453 2620 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:58:44.0453 2620 isapnp - ok
11:58:44.0531 2620 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:58:44.0531 2620 Kbdclass - ok
11:58:44.0609 2620 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:58:44.0609 2620 kmixer - ok
11:58:44.0875 2620 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:58:44.0875 2620 KSecDD - ok
11:58:45.0140 2620 lbrtfdc - ok
11:58:45.0515 2620 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:58:45.0515 2620 MBAMProtector - ok
11:58:45.0984 2620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:58:45.0984 2620 mnmdd - ok
11:58:46.0328 2620 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:58:46.0328 2620 Modem - ok
11:58:46.0468 2620 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:58:46.0468 2620 Mouclass - ok
11:58:46.0765 2620 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:58:46.0765 2620 MountMgr - ok
11:58:47.0093 2620 mraid35x - ok
11:58:47.0281 2620 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:58:47.0312 2620 MRxDAV - ok
11:58:47.0734 2620 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:58:47.0796 2620 MRxSmb - ok
11:58:48.0062 2620 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:58:48.0062 2620 Msfs - ok
11:58:48.0343 2620 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:58:48.0343 2620 MSKSSRV - ok
11:58:48.0500 2620 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:58:48.0500 2620 MSPCLOCK - ok
11:58:48.0625 2620 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:58:48.0625 2620 MSPQM - ok
11:58:48.0921 2620 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:58:48.0921 2620 mssmbios - ok
11:58:49.0171 2620 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:58:49.0171 2620 Mup - ok
11:58:49.0546 2620 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:58:49.0546 2620 NDIS - ok
11:58:49.0796 2620 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:58:49.0796 2620 NdisTapi - ok
11:58:50.0125 2620 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:58:50.0140 2620 Ndisuio - ok
11:58:50.0546 2620 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:58:50.0578 2620 NdisWan - ok
11:58:50.0890 2620 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:58:50.0890 2620 NDProxy - ok
11:58:51.0218 2620 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:58:51.0218 2620 NetBIOS - ok
11:58:51.0515 2620 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:58:51.0515 2620 NetBT - ok
11:58:51.0859 2620 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:58:51.0859 2620 Npfs - ok
11:58:52.0234 2620 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:58:52.0250 2620 Ntfs - ok
11:58:52.0484 2620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:58:52.0484 2620 Null - ok
11:58:52.0796 2620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:58:52.0796 2620 NwlnkFlt - ok
11:58:53.0156 2620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:58:53.0171 2620 NwlnkFwd - ok
11:58:53.0562 2620 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
11:58:53.0562 2620 P3 - ok
11:58:53.0828 2620 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:58:53.0828 2620 Parport - ok
11:58:54.0078 2620 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:58:54.0078 2620 PartMgr - ok
11:58:54.0250 2620 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:58:54.0250 2620 ParVdm - ok
11:58:54.0500 2620 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:58:54.0609 2620 PCI - ok
11:58:54.0953 2620 PCIDump - ok
11:58:55.0218 2620 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:58:55.0218 2620 PCIIde - ok
11:58:55.0687 2620 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:58:55.0750 2620 Pcmcia - ok
11:58:56.0203 2620 PDCOMP - ok
11:58:56.0687 2620 PDFRAME - ok
11:58:57.0359 2620 PDRELI - ok
11:58:57.0890 2620 PDRFRAME - ok
11:58:58.0062 2620 perc2 - ok
11:58:58.0171 2620 perc2hib - ok
11:58:58.0500 2620 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
11:58:58.0500 2620 pnarp - ok
11:58:58.0781 2620 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:58:58.0796 2620 PptpMiniport - ok
11:58:59.0031 2620 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:58:59.0031 2620 Processor - ok
11:58:59.0250 2620 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:58:59.0250 2620 PSched - ok
11:58:59.0531 2620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:58:59.0531 2620 Ptilink - ok
11:58:59.0921 2620 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
11:58:59.0937 2620 purendis - ok
11:59:00.0171 2620 ql1080 - ok
11:59:00.0437 2620 Ql10wnt - ok
11:59:00.0500 2620 ql12160 - ok
11:59:00.0531 2620 ql1240 - ok
11:59:00.0531 2620 ql1280 - ok
11:59:00.0609 2620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:59:00.0609 2620 RasAcd - ok
11:59:00.0765 2620 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:59:00.0765 2620 Rasl2tp - ok
11:59:00.0937 2620 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:59:00.0937 2620 RasPppoe - ok
11:59:01.0046 2620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:59:01.0062 2620 Raspti - ok
11:59:01.0312 2620 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:59:01.0312 2620 Rdbss - ok
11:59:01.0578 2620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:59:01.0578 2620 RDPCDD - ok
11:59:01.0843 2620 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:59:01.0875 2620 rdpdr - ok
11:59:02.0062 2620 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:59:02.0062 2620 RDPWD - ok
11:59:02.0265 2620 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:59:02.0265 2620 redbook - ok
11:59:02.0656 2620 RTL8023xp (911e07056b865760c0762f6221145999) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
11:59:02.0671 2620 RTL8023xp - ok
11:59:02.0890 2620 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:59:02.0890 2620 rtl8139 - ok
11:59:03.0156 2620 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:59:03.0171 2620 Secdrv - ok
11:59:03.0406 2620 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:59:03.0406 2620 serenum - ok
11:59:03.0546 2620 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:59:03.0546 2620 Serial - ok
11:59:03.0734 2620 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:59:03.0734 2620 Sfloppy - ok
11:59:03.0906 2620 Simbad - ok
11:59:04.0000 2620 Sparrow - ok
11:59:04.0109 2620 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:59:04.0109 2620 splitter - ok
11:59:04.0187 2620 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:59:04.0187 2620 sr - ok
11:59:04.0375 2620 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:59:04.0390 2620 Srv - ok
11:59:04.0671 2620 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:59:04.0671 2620 swenum - ok
11:59:04.0843 2620 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:59:04.0843 2620 swmidi - ok
11:59:04.0968 2620 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:59:04.0968 2620 symc810 - ok
11:59:05.0015 2620 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:59:05.0015 2620 symc8xx - ok
11:59:05.0093 2620 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
11:59:05.0093 2620 Symmpi - ok
11:59:05.0187 2620 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:59:05.0187 2620 sym_hi - ok
11:59:05.0359 2620 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:59:05.0359 2620 sym_u3 - ok
11:59:05.0593 2620 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:59:05.0593 2620 sysaudio - ok
11:59:05.0765 2620 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:59:05.0765 2620 Tcpip - ok
11:59:06.0046 2620 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:59:06.0046 2620 TDPIPE - ok
11:59:06.0187 2620 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:59:06.0187 2620 TDTCP - ok
11:59:06.0453 2620 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:59:06.0468 2620 TermDD - ok
11:59:06.0718 2620 TosIde - ok
11:59:06.0890 2620 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:59:06.0890 2620 Udfs - ok
11:59:07.0062 2620 ultra - ok
11:59:07.0296 2620 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:59:07.0296 2620 usbccgp - ok
11:59:07.0546 2620 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:59:07.0546 2620 usbehci - ok
11:59:07.0765 2620 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:59:07.0765 2620 usbhub - ok
11:59:07.0937 2620 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:59:07.0937 2620 usbohci - ok
11:59:08.0156 2620 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:59:08.0187 2620 usbprint - ok
11:59:08.0390 2620 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:59:08.0390 2620 usbscan - ok
11:59:08.0718 2620 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:59:08.0718 2620 USBSTOR - ok
11:59:09.0015 2620 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:59:09.0015 2620 usbuhci - ok
11:59:09.0187 2620 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:59:09.0187 2620 VgaSave - ok
11:59:09.0421 2620 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:59:09.0421 2620 ViaIde - ok
11:59:09.0687 2620 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:59:09.0687 2620 VolSnap - ok
11:59:09.0984 2620 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:59:09.0984 2620 Wanarp - ok
11:59:10.0156 2620 WDICA - ok
11:59:10.0296 2620 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:59:10.0312 2620 wdmaud - ok
11:59:10.0828 2620 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:59:10.0828 2620 WS2IFSL - ok
11:59:10.0875 2620 MBR (0x1B8) (df9769dbafc477636448ab0154b8bbc9) \Device\Harddisk0\DR0
11:59:11.0093 2620 \Device\Harddisk0\DR0 - ok
11:59:11.0093 2620 Boot (0x1200) (acdba31836787ff66c8772b24fd3e43d) \Device\Harddisk0\DR0\Partition0
11:59:11.0093 2620 \Device\Harddisk0\DR0\Partition0 - ok
11:59:11.0093 2620 ============================================================
11:59:11.0093 2620 Scan finished
11:59:11.0093 2620 ============================================================
11:59:11.0109 4016 Detected object count: 0
11:59:11.0109 4016 Actual detected object count: 0
11:59:54.0812 3936 ============================================================
11:59:54.0812 3936 Scan started
11:59:54.0812 3936 Mode: Manual;
11:59:54.0812 3936 ============================================================
11:59:55.0312 3936 Abiosdsk - ok
11:59:55.0515 3936 abp480n5 - ok
11:59:55.0609 3936 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
11:59:55.0609 3936 ac97intc - ok
11:59:55.0906 3936 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:59:55.0906 3936 ACPI - ok
11:59:56.0203 3936 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:59:56.0203 3936 ACPIEC - ok
11:59:56.0750 3936 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:59:56.0750 3936 adpu160m - ok
11:59:57.0359 3936 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
11:59:57.0359 3936 adpu320 - ok
11:59:57.0578 3936 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:59:57.0578 3936 aec - ok
11:59:57.0921 3936 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:59:57.0921 3936 AFD - ok
11:59:58.0171 3936 Aha154x - ok
11:59:59.0312 3936 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:59:59.0312 3936 aic78u2 - ok
12:00:00.0078 3936 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:00:00.0078 3936 aic78xx - ok
12:00:01.0062 3936 AliIde - ok
12:00:01.0843 3936 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:00:01.0843 3936 AmdK8 - ok
12:00:02.0093 3936 AmdLLD (e7314d43cd2be981d8bc4826b50eaf05) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
12:00:02.0093 3936 AmdLLD - ok
12:00:02.0234 3936 amsint - ok
12:00:02.0281 3936 asc - ok
12:00:02.0328 3936 asc3350p - ok
12:00:02.0406 3936 asc3550 - ok
12:00:02.0593 3936 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:00:02.0593 3936 AsyncMac - ok
12:00:02.0781 3936 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:00:02.0781 3936 atapi - ok
12:00:02.0953 3936 Atdisk - ok
12:00:03.0109 3936 ati2mtag (c702e0c01a24d45662af91f43397d72c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:00:03.0125 3936 ati2mtag - ok
12:00:03.0281 3936 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:00:03.0281 3936 Atmarpc - ok
12:00:03.0531 3936 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:00:03.0531 3936 audstub - ok
12:00:03.0796 3936 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:00:03.0796 3936 Beep - ok
12:00:03.0843 3936 catchme - ok
12:00:04.0062 3936 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:00:04.0062 3936 cbidf2k - ok
12:00:04.0140 3936 cd20xrnt - ok
12:00:04.0234 3936 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:00:04.0234 3936 Cdaudio - ok
12:00:04.0359 3936 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:00:04.0359 3936 Cdfs - ok
12:00:04.0500 3936 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:00:04.0500 3936 Cdrom - ok
12:00:04.0656 3936 Changer - ok
12:00:04.0718 3936 CmdIde - ok
12:00:04.0921 3936 Cpqarray - ok
12:00:04.0968 3936 dac2w2k - ok
12:00:05.0062 3936 dac960nt - ok
12:00:05.0156 3936 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:00:05.0156 3936 Disk - ok
12:00:05.0234 3936 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:00:05.0234 3936 dmboot - ok
12:00:05.0281 3936 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:00:05.0281 3936 dmio - ok
12:00:05.0343 3936 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:00:05.0343 3936 dmload - ok
12:00:05.0671 3936 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:00:05.0671 3936 DMusic - ok
12:00:06.0125 3936 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:00:06.0125 3936 dpti2o - ok
12:00:06.0921 3936 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:00:06.0921 3936 drmkaud - ok
12:00:07.0187 3936 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:00:07.0187 3936 E100B - ok
12:00:07.0390 3936 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:00:07.0406 3936 Fastfat - ok
12:00:07.0734 3936 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:00:07.0734 3936 Fdc - ok
12:00:08.0015 3936 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:00:08.0015 3936 Fips - ok
12:00:08.0281 3936 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:00:08.0281 3936 Flpydisk - ok
12:00:08.0453 3936 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:00:08.0453 3936 FltMgr - ok
12:00:08.0671 3936 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:00:08.0671 3936 Fs_Rec - ok
12:00:08.0921 3936 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:00:08.0937 3936 Ftdisk - ok
12:00:09.0203 3936 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:00:09.0203 3936 Gpc - ok
12:00:09.0671 3936 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:00:09.0671 3936 HDAudBus - ok
12:00:09.0890 3936 hpn - ok
12:00:10.0046 3936 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:00:10.0046 3936 HPZid412 - ok
12:00:10.0312 3936 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:00:10.0312 3936 HPZipr12 - ok
12:00:10.0515 3936 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:00:10.0515 3936 HPZius12 - ok
12:00:10.0734 3936 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:00:10.0734 3936 HTTP - ok
12:00:10.0984 3936 i2omgmt - ok
12:00:11.0125 3936 i2omp - ok
12:00:11.0218 3936 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:00:11.0218 3936 i8042prt - ok
12:00:11.0609 3936 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
12:00:11.0625 3936 i81x - ok
12:00:11.0812 3936 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
12:00:11.0828 3936 iAimFP0 - ok
12:00:11.0968 3936 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
12:00:11.0968 3936 iAimFP1 - ok
12:00:12.0234 3936 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
12:00:12.0234 3936 iAimFP2 - ok
12:00:12.0515 3936 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
12:00:12.0515 3936 iAimFP3 - ok
12:00:12.0750 3936 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
12:00:12.0765 3936 iAimFP4 - ok
12:00:12.0953 3936 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
12:00:12.0953 3936 iAimFP5 - ok
12:00:13.0250 3936 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
12:00:13.0250 3936 iAimFP6 - ok
12:00:13.0484 3936 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
12:00:13.0484 3936 iAimFP7 - ok
12:00:13.0796 3936 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
12:00:13.0796 3936 iAimTV0 - ok
12:00:14.0062 3936 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
12:00:14.0078 3936 iAimTV1 - ok
12:00:14.0296 3936 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
12:00:14.0296 3936 iAimTV3 - ok
12:00:14.0562 3936 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
12:00:14.0562 3936 iAimTV4 - ok
12:00:15.0000 3936 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
12:00:15.0000 3936 iAimTV5 - ok
12:00:15.0250 3936 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
12:00:15.0250 3936 iAimTV6 - ok
12:00:15.0515 3936 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:00:15.0515 3936 Imapi - ok
12:00:16.0031 3936 ini910u - ok
12:00:16.0265 3936 IntcAzAudAddService (58b079ba8c4a53406a02d66069451ce5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:00:16.0296 3936 IntcAzAudAddService - ok
12:00:16.0515 3936 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:00:16.0515 3936 IntelIde - ok
12:00:16.0687 3936 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:00:16.0687 3936 Ip6Fw - ok
12:00:16.0796 3936 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:00:16.0796 3936 IpFilterDriver - ok
12:00:16.0953 3936 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:00:16.0953 3936 IpInIp - ok
12:00:17.0062 3936 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:00:17.0062 3936 IpNat - ok
12:00:17.0281 3936 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:00:17.0281 3936 IPSec - ok
12:00:17.0625 3936 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:00:17.0625 3936 IRENUM - ok
12:00:17.0859 3936 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:00:17.0859 3936 isapnp - ok
12:00:18.0156 3936 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:00:18.0156 3936 Kbdclass - ok
12:00:18.0265 3936 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:00:18.0265 3936 kmixer - ok
12:00:18.0468 3936 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:00:18.0468 3936 KSecDD - ok
12:00:18.0625 3936 lbrtfdc - ok
12:00:18.0828 3936 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
12:00:18.0828 3936 MBAMProtector - ok
12:00:19.0234 3936 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:00:19.0250 3936 mnmdd - ok
12:00:19.0468 3936 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:00:19.0468 3936 Modem - ok
12:00:19.0625 3936 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:00:19.0625 3936 Mouclass - ok
12:00:19.0812 3936 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:00:19.0812 3936 MountMgr - ok
12:00:20.0046 3936 mraid35x - ok
12:00:20.0328 3936 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:00:20.0328 3936 MRxDAV - ok
12:00:20.0625 3936 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:00:20.0640 3936 MRxSmb - ok
12:00:20.0984 3936 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:00:20.0984 3936 Msfs - ok
12:00:21.0218 3936 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:00:21.0218 3936 MSKSSRV - ok
12:00:21.0515 3936 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:00:21.0515 3936 MSPCLOCK - ok
12:00:21.0671 3936 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:00:21.0671 3936 MSPQM - ok
12:00:21.0859 3936 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:00:21.0859 3936 mssmbios - ok
12:00:22.0046 3936 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:00:22.0046 3936 Mup - ok
12:00:22.0265 3936 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:00:22.0296 3936 NDIS - ok
12:00:22.0546 3936 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:00:22.0546 3936 NdisTapi - ok
12:00:22.0781 3936 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:00:22.0781 3936 Ndisuio - ok
12:00:22.0859 3936 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:00:22.0859 3936 NdisWan - ok
12:00:23.0000 3936 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:00:23.0000 3936 NDProxy - ok
12:00:23.0218 3936 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:00:23.0218 3936 NetBIOS - ok
12:00:23.0468 3936 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:00:23.0468 3936 NetBT - ok
12:00:23.0796 3936 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:00:23.0796 3936 Npfs - ok
12:00:23.0984 3936 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:00:24.0000 3936 Ntfs - ok
12:00:24.0218 3936 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:00:24.0218 3936 Null - ok
12:00:24.0500 3936 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:00:24.0500 3936 NwlnkFlt - ok
12:00:24.0562 3936 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:00:24.0562 3936 NwlnkFwd - ok
12:00:24.0765 3936 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
12:00:24.0781 3936 P3 - ok
12:00:25.0015 3936 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:00:25.0015 3936 Parport - ok
12:00:25.0265 3936 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:00:25.0281 3936 PartMgr - ok
12:00:25.0453 3936 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:00:25.0453 3936 ParVdm - ok
12:00:25.0609 3936 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:00:25.0609 3936 PCI - ok
12:00:25.0687 3936 PCIDump - ok
12:00:25.0750 3936 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:00:25.0750 3936 PCIIde - ok
12:00:25.0828 3936 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:00:25.0828 3936 Pcmcia - ok
12:00:25.0859 3936 PDCOMP - ok
12:00:25.0890 3936 PDFRAME - ok
12:00:25.0968 3936 PDRELI - ok
12:00:26.0015 3936 PDRFRAME - ok
12:00:26.0078 3936 perc2 - ok
12:00:26.0093 3936 perc2hib - ok
12:00:26.0203 3936 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
12:00:26.0203 3936 pnarp - ok
12:00:26.0421 3936 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:00:26.0421 3936 PptpMiniport - ok
12:00:26.0625 3936 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:00:26.0625 3936 Processor - ok
12:00:26.0859 3936 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:00:26.0859 3936 PSched - ok
12:00:27.0046 3936 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:00:27.0046 3936 Ptilink - ok
12:00:27.0125 3936 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
12:00:27.0125 3936 purendis - ok
12:00:27.0250 3936 ql1080 - ok
12:00:27.0312 3936 Ql10wnt - ok
12:00:27.0375 3936 ql12160 - ok
12:00:27.0437 3936 ql1240 - ok
12:00:27.0484 3936 ql1280 - ok
12:00:27.0593 3936 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:00:27.0593 3936 RasAcd - ok
12:00:27.0671 3936 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:00:27.0671 3936 Rasl2tp - ok
12:00:27.0718 3936 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:00:27.0718 3936 RasPppoe - ok
12:00:27.0890 3936 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:00:27.0890 3936 Raspti - ok
12:00:28.0015 3936 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:00:28.0015 3936 Rdbss - ok
12:00:28.0250 3936 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:00:28.0250 3936 RDPCDD - ok
12:00:28.0484 3936 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:00:28.0484 3936 rdpdr - ok
12:00:28.0781 3936 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:00:28.0781 3936 RDPWD - ok
12:00:29.0078 3936 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:00:29.0078 3936 redbook - ok
12:00:29.0484 3936 RTL8023xp (911e07056b865760c0762f6221145999) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
12:00:29.0484 3936 RTL8023xp - ok
12:00:30.0109 3936 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:00:30.0109 3936 rtl8139 - ok
12:00:31.0890 3936 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:00:31.0890 3936 Secdrv - ok
12:00:33.0406 3936 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:00:33.0406 3936 serenum - ok
12:00:34.0375 3936 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:00:34.0375 3936 Serial - ok
12:00:35.0593 3936 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:00:35.0640 3936 Sfloppy - ok
12:00:36.0140 3936 Simbad - ok
12:00:37.0046 3936 Sparrow - ok
12:00:38.0000 3936 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:00:38.0000 3936 splitter - ok
12:00:39.0421 3936 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:00:39.0453 3936 sr - ok
12:00:40.0640 3936 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:00:40.0640 3936 Srv - ok
12:00:42.0078 3936 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:00:42.0078 3936 swenum - ok
12:00:43.0328 3936 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:00:43.0328 3936 swmidi - ok
12:00:44.0437 3936 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:00:44.0437 3936 symc810 - ok
12:00:45.0125 3936 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:00:45.0265 3936 symc8xx - ok
12:00:46.0078 3936 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
12:00:46.0078 3936 Symmpi - ok
12:00:46.0750 3936 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:00:46.0765 3936 sym_hi - ok
12:00:47.0343 3936 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:00:47.0343 3936 sym_u3 - ok
12:00:47.0921 3936 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:00:47.0921 3936 sysaudio - ok
12:00:48.0343 3936 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:00:48.0390 3936 Tcpip - ok
12:00:49.0015 3936 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:00:49.0015 3936 TDPIPE - ok
12:00:49.0843 3936 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:00:49.0843 3936 TDTCP - ok
12:00:50.0531 3936 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:00:50.0593 3936 TermDD - ok
12:00:51.0437 3936 TosIde - ok
12:00:53.0296 3936 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:00:53.0296 3936 Udfs - ok
12:00:54.0484 3936 ultra - ok
12:00:55.0546 3936 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:00:55.0593 3936 usbccgp - ok
12:00:56.0703 3936 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:00:56.0703 3936 usbehci - ok
12:00:57.0578 3936 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:00:57.0640 3936 usbhub - ok
12:00:58.0234 3936 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:00:58.0234 3936 usbohci - ok
12:00:58.0656 3936 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:00:58.0656 3936 usbprint - ok
12:00:59.0781 3936 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:00:59.0781 3936 usbscan - ok
12:01:00.0468 3936 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:01:00.0484 3936 USBSTOR - ok
12:01:01.0687 3936 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:01:01.0687 3936 usbuhci - ok
12:01:02.0843 3936 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:01:02.0968 3936 VgaSave - ok
12:01:04.0250 3936 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:01:04.0296 3936 ViaIde - ok
12:01:05.0250 3936 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:01:05.0250 3936 VolSnap - ok
12:01:08.0140 3936 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:01:08.0140 3936 Wanarp - ok
12:01:09.0093 3936 WDICA - ok
12:01:10.0046 3936 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:01:10.0109 3936 wdmaud - ok
12:01:11.0156 3936 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:01:11.0156 3936 WS2IFSL - ok
12:01:11.0546 3936 MBR (0x1B8) (df9769dbafc477636448ab0154b8bbc9) \Device\Harddisk0\DR0
12:01:13.0218 3936 \Device\Harddisk0\DR0 - ok
12:01:13.0250 3936 Boot (0x1200) (acdba31836787ff66c8772b24fd3e43d) \Device\Harddisk0\DR0\Partition0
12:01:13.0250 3936 \Device\Harddisk0\DR0\Partition0 - ok
12:01:13.0250 3936 ============================================================
12:01:13.0250 3936 Scan finished
12:01:13.0250 3936 ============================================================
12:01:13.0328 0844 Detected object count: 0
12:01:13.0328 0844 Actual detected object count: 0
12:01:22.0265 3432 ============================================================
12:01:22.0265 3432 Scan started
12:01:22.0265 3432 Mode: Manual;
12:01:22.0265 3432 ============================================================
12:01:22.0765 3432 Abiosdsk - ok
12:01:22.0796 3432 abp480n5 - ok
12:01:22.0906 3432 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
12:01:22.0906 3432 ac97intc - ok
12:01:23.0140 3432 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:01:23.0140 3432 ACPI - ok
12:01:23.0343 3432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:01:23.0343 3432 ACPIEC - ok
12:01:23.0468 3432 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:01:23.0468 3432 adpu160m - ok
12:01:23.0562 3432 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
12:01:23.0562 3432 adpu320 - ok
12:01:23.0687 3432 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:01:23.0687 3432 aec - ok
12:01:23.0765 3432 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:01:23.0765 3432 AFD - ok
12:01:23.0812 3432 Aha154x - ok
12:01:23.0906 3432 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:01:23.0906 3432 aic78u2 - ok
12:01:23.0953 3432 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:01:23.0953 3432 aic78xx - ok
12:01:24.0000 3432 AliIde - ok
12:01:24.0078 3432 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:01:24.0078 3432 AmdK8 - ok
12:01:24.0140 3432 AmdLLD (e7314d43cd2be981d8bc4826b50eaf05) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
12:01:24.0140 3432 AmdLLD - ok
12:01:24.0171 3432 amsint - ok
12:01:24.0218 3432 asc - ok
12:01:24.0265 3432 asc3350p - ok
12:01:24.0296 3432 asc3550 - ok
12:01:24.0421 3432 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:01:24.0421 3432 AsyncMac - ok
12:01:24.0453 3432 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:01:24.0453 3432 atapi - ok
12:01:24.0484 3432 Atdisk - ok
12:01:24.0609 3432 ati2mtag (c702e0c01a24d45662af91f43397d72c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:01:24.0609 3432 ati2mtag - ok
12:01:24.0687 3432 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:01:24.0687 3432 Atmarpc - ok
12:01:24.0750 3432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:01:24.0750 3432 audstub - ok
12:01:24.0906 3432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:01:24.0906 3432 Beep - ok
12:01:24.0984 3432 catchme - ok
12:01:25.0328 3432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:01:25.0328 3432 cbidf2k - ok
12:01:25.0453 3432 cd20xrnt - ok
12:01:25.0500 3432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:01:25.0500 3432 Cdaudio - ok
12:01:25.0609 3432 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:01:25.0609 3432 Cdfs - ok
12:01:25.0828 3432 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:01:25.0828 3432 Cdrom - ok
12:01:25.0906 3432 Changer - ok
12:01:25.0984 3432 CmdIde - ok
12:01:26.0015 3432 Cpqarray - ok
12:01:26.0140 3432 dac2w2k - ok
12:01:26.0187 3432 dac960nt - ok
12:01:26.0328 3432 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:01:26.0328 3432 Disk - ok
12:01:26.0421 3432 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:01:26.0421 3432 dmboot - ok
12:01:26.0468 3432 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:01:26.0468 3432 dmio - ok
12:01:26.0531 3432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:01:26.0531 3432 dmload - ok
12:01:26.0671 3432 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:01:26.0671 3432 DMusic - ok
12:01:26.0921 3432 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:01:26.0921 3432 dpti2o - ok
12:01:27.0187 3432 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:01:27.0187 3432 drmkaud - ok
12:01:27.0437 3432 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:01:27.0437 3432 E100B - ok
12:01:27.0671 3432 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:01:27.0671 3432 Fastfat - ok
12:01:27.0765 3432 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:01:27.0765 3432 Fdc - ok
12:01:27.0875 3432 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:01:27.0875 3432 Fips - ok
12:01:27.0937 3432 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:01:27.0937 3432 Flpydisk - ok
12:01:28.0015 3432 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:01:28.0015 3432 FltMgr - ok
12:01:28.0171 3432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:01:28.0171 3432 Fs_Rec - ok
12:01:28.0234 3432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:01:28.0234 3432 Ftdisk - ok
12:01:28.0343 3432 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:01:28.0343 3432 Gpc - ok
12:01:28.0421 3432 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:01:28.0421 3432 HDAudBus - ok
12:01:28.0531 3432 hpn - ok
12:01:28.0625 3432 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:01:28.0625 3432 HPZid412 - ok
12:01:28.0718 3432 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:01:28.0718 3432 HPZipr12 - ok
12:01:28.0796 3432 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:01:28.0796 3432 HPZius12 - ok
12:01:28.0859 3432 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:01:28.0875 3432 HTTP - ok
12:01:28.0906 3432 i2omgmt - ok
12:01:28.0953 3432 i2omp - ok
12:01:29.0062 3432 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:01:29.0062 3432 i8042prt - ok
12:01:29.0140 3432 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
12:01:29.0140 3432 i81x - ok
12:01:29.0218 3432 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
12:01:29.0234 3432 iAimFP0 - ok
12:01:29.0265 3432 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
12:01:29.0265 3432 iAimFP1 - ok
12:01:29.0312 3432 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
12:01:29.0312 3432 iAimFP2 - ok
12:01:29.0421 3432 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
12:01:29.0421 3432 iAimFP3 - ok
12:01:29.0671 3432 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
12:01:29.0671 3432 iAimFP4 - ok
12:01:29.0812 3432 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
12:01:29.0828 3432 iAimFP5 - ok
12:01:30.0906 3432 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
12:01:30.0906 3432 iAimFP6 - ok
12:01:31.0968 3432 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
12:01:32.0031 3432 iAimFP7 - ok
12:01:33.0062 3432 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
12:01:33.0125 3432 iAimTV0 - ok
12:01:34.0421 3432 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
12:01:34.0421 3432 iAimTV1 - ok
12:01:35.0515 3432 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
12:01:35.0515 3432 iAimTV3 - ok
12:01:37.0062 3432 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
12:01:37.0062 3432 iAimTV4 - ok
12:01:38.0062 3432 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
12:01:38.0062 3432 iAimTV5 - ok
12:01:38.0984 3432 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
12:01:38.0984 3432 iAimTV6 - ok
12:01:39.0921 3432 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:01:39.0921 3432 Imapi - ok
12:01:40.0593 3432 ini910u - ok
12:01:45.0171 3432 IntcAzAudAddService (58b079ba8c4a53406a02d66069451ce5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:01:46.0546 3432 IntcAzAudAddService - ok
12:01:47.0390 3432 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:01:47.0390 3432 IntelIde - ok
12:01:48.0796 3432 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:01:48.0796 3432 Ip6Fw - ok
12:01:50.0140 3432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:01:50.0140 3432 IpFilterDriver - ok
12:01:50.0812 3432 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:01:50.0812 3432 IpInIp - ok
12:01:51.0218 3432 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:01:51.0218 3432 IpNat - ok
12:01:52.0437 3432 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:01:52.0484 3432 IPSec - ok
12:01:53.0593 3432 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:01:53.0593 3432 IRENUM - ok
12:01:53.0890 3432 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:01:53.0890 3432 isapnp - ok
12:01:54.0140 3432 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:01:54.0156 3432 Kbdclass - ok
12:01:54.0468 3432 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:01:54.0468 3432 kmixer - ok
12:01:54.0796 3432 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:01:54.0796 3432 KSecDD - ok
12:01:55.0000 3432 lbrtfdc - ok
12:01:55.0265 3432 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
12:01:55.0281 3432 MBAMProtector - ok
12:01:55.0546 3432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:01:55.0546 3432 mnmdd - ok
12:01:55.0859 3432 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:01:55.0859 3432 Modem - ok
12:01:56.0171 3432 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:01:56.0187 3432 Mouclass - ok
12:01:56.0515 3432 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:01:56.0515 3432 MountMgr - ok
12:01:56.0718 3432 mraid35x - ok
12:01:56.0921 3432 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:01:56.0921 3432 MRxDAV - ok
12:01:57.0265 3432 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:01:57.0281 3432 MRxSmb - ok
12:01:57.0546 3432 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:01:57.0562 3432 Msfs - ok
12:01:57.0921 3432 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:01:57.0921 3432 MSKSSRV - ok
12:01:58.0187 3432 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:01:58.0187 3432 MSPCLOCK - ok
12:01:58.0406 3432 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:01:58.0406 3432 MSPQM - ok
12:01:58.0640 3432 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:01:58.0640 3432 mssmbios - ok
12:01:58.0812 3432 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:01:58.0828 3432 Mup - ok
12:01:59.0000 3432 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:01:59.0046 3432 NDIS - ok
12:02:00.0109 3432 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:02:00.0125 3432 NdisTapi - ok
12:02:00.0687 3432 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:02:00.0687 3432 Ndisuio - ok
12:02:01.0109 3432 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:02:01.0125 3432 NdisWan - ok
12:02:02.0359 3432 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:02:02.0375 3432 NDProxy - ok
12:02:03.0500 3432 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:02:03.0515 3432 NetBIOS - ok
12:02:04.0437 3432 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:02:04.0468 3432 NetBT - ok
12:02:05.0625 3432 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:02:05.0640 3432 Npfs - ok
12:02:08.0046 3432 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:02:08.0296 3432 Ntfs - ok
12:02:09.0156 3432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:02:09.0187 3432 Null - ok
12:02:09.0515 3432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:02:09.0531 3432 NwlnkFlt - ok
12:02:09.0843 3432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:02:09.0859 3432 NwlnkFwd - ok
12:02:10.0546 3432 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
12:02:10.0546 3432 P3 - ok
12:02:11.0250 3432 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:02:11.0265 3432 Parport - ok
12:02:13.0156 3432 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:02:13.0171 3432 PartMgr - ok
12:02:15.0250 3432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:02:15.0265 3432 ParVdm - ok
12:02:16.0578 3432 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:02:16.0593 3432 PCI - ok
12:02:17.0125 3432 PCIDump - ok
12:02:17.0546 3432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:02:17.0562 3432 PCIIde - ok
12:02:18.0156 3432 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:02:18.0156 3432 Pcmcia - ok
12:02:18.0625 3432 PDCOMP - ok
12:02:19.0046 3432 PDFRAME - ok
12:02:19.0281 3432 PDRELI - ok
12:02:19.0609 3432 PDRFRAME - ok
12:02:19.0890 3432 perc2 - ok
12:02:20.0937 3432 perc2hib - ok
12:02:21.0359 3432 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
12:02:21.0375 3432 pnarp - ok
12:02:21.0609 3432 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:02:21.0609 3432 PptpMiniport - ok
12:02:21.0921 3432 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:02:21.0937 3432 Processor - ok
12:02:22.0296 3432 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:02:22.0296 3432 PSched - ok
12:02:22.0890 3432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:02:22.0890 3432 Ptilink - ok
12:02:24.0062 3432 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
12:02:24.0093 3432 purendis - ok
12:02:25.0062 3432 ql1080 - ok
12:02:25.0656 3432 Ql10wnt - ok
12:02:26.0468 3432 ql12160 - ok
12:02:27.0171 3432 ql1240 - ok
12:02:27.0531 3432 ql1280 - ok
12:02:28.0218 3432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:02:28.0218 3432 RasAcd - ok
12:02:29.0484 3432 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:02:29.0500 3432 Rasl2tp - ok
12:02:30.0562 3432 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:02:30.0578 3432 RasPppoe - ok
12:02:31.0046 3432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:02:31.0046 3432 Raspti - ok
12:02:31.0218 3432 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:02:31.0218 3432 Rdbss - ok
12:02:31.0265 3432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:02:31.0265 3432 RDPCDD - ok
12:02:31.0328 3432 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:02:31.0328 3432 rdpdr - ok
12:02:31.0406 3432 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:02:31.0406 3432 RDPWD - ok
12:02:31.0484 3432 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:02:31.0484 3432 redbook - ok
12:02:31.0640 3432 RTL8023xp (911e07056b865760c0762f6221145999) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
12:02:31.0640 3432 RTL8023xp - ok
12:02:31.0718 3432 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:02:31.0718 3432 rtl8139 - ok
12:02:31.0890 3432 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:02:31.0890 3432 Secdrv - ok
12:02:31.0953 3432 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:02:31.0968 3432 serenum - ok
12:02:32.0000 3432 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:02:32.0000 3432 Serial - ok
12:02:32.0062 3432 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:02:32.0078 3432 Sfloppy - ok
12:02:32.0218 3432 Simbad - ok
12:02:32.0296 3432 Sparrow - ok
12:02:32.0390 3432 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:02:32.0390 3432 splitter - ok
12:02:32.0515 3432 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:02:32.0531 3432 sr - ok
12:02:32.0703 3432 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:02:32.0703 3432 Srv - ok
12:02:32.0875 3432 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:02:32.0890 3432 swenum - ok
12:02:33.0296 3432 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:02:33.0296 3432 swmidi - ok
12:02:33.0515 3432 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:02:33.0515 3432 symc810 - ok
12:02:33.0546 3432 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:02:33.0546 3432 symc8xx - ok
12:02:33.0625 3432 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
12:02:33.0625 3432 Symmpi - ok
12:02:33.0703 3432 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:02:33.0703 3432 sym_hi - ok
12:02:33.0796 3432 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:02:33.0796 3432 sym_u3 - ok
12:02:34.0687 3432 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:02:34.0718 3432 sysaudio - ok
12:02:35.0078 3432 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:02:35.0093 3432 Tcpip - ok
12:02:35.0359 3432 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:02:35.0375 3432 TDPIPE - ok
12:02:35.0718 3432 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:02:35.0718 3432 TDTCP - ok
12:02:35.0890 3432 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:02:35.0890 3432 TermDD - ok
12:02:36.0031 3432 TosIde - ok
12:02:36.0312 3432 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:02:36.0390 3432 Udfs - ok
12:02:36.0578 3432 ultra - ok
12:02:36.0625 3432 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:02:36.0625 3432 usbccgp - ok
12:02:36.0734 3432 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:02:36.0734 3432 usbehci - ok
12:02:36.0796 3432 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:02:36.0796 3432 usbhub - ok
12:02:36.0953 3432 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:02:36.0953 3432 usbohci - ok
12:02:37.0031 3432 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:02:37.0031 3432 usbprint - ok
12:02:37.0171 3432 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:02:37.0171 3432 usbscan - ok
12:02:37.0859 3432 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:02:37.0859 3432 USBSTOR - ok
12:02:37.0984 3432 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:02:37.0984 3432 usbuhci - ok
12:02:38.0031 3432 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:02:38.0031 3432 VgaSave - ok
12:02:38.0296 3432 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:02:38.0296 3432 ViaIde - ok
12:02:38.0468 3432 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:02:38.0500 3432 VolSnap - ok
12:02:38.0734 3432 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:02:38.0750 3432 Wanarp - ok
12:02:38.0921 3432 WDICA - ok
12:02:38.0984 3432 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:02:38.0984 3432 wdmaud - ok
12:02:39.0218 3432 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:02:39.0234 3432 WS2IFSL - ok
12:02:39.0328 3432 MBR (0x1B8) (df9769dbafc477636448ab0154b8bbc9) \Device\Harddisk0\DR0
12:02:39.0718 3432 \Device\Harddisk0\DR0 - ok
12:02:39.0734 3432 Boot (0x1200) (acdba31836787ff66c8772b24fd3e43d) \Device\Harddisk0\DR0\Partition0
12:02:39.0734 3432 \Device\Harddisk0\DR0\Partition0 - ok
12:02:39.0734 3432 ============================================================
12:02:39.0734 3432 Scan finished
12:02:39.0734 3432 ============================================================
12:02:39.0750 2776 Detected object count: 0
12:02:39.0750 2776 Actual detected object count: 0


aswMBR
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-27 12:44:09
-----------------------------
12:44:09.281 OS Version: Windows 5.1.2600 Service Pack 3
12:44:09.281 Number of processors: 1 586 0x5F02
12:44:09.281 ComputerName: DESKTOP UserName:
12:44:09.578 Initialize success
12:44:19.375 AVAST engine defs: 12022700
12:44:40.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:44:40.578 Disk 0 Vendor: ST380815AS 3.CHF Size: 76319MB BusType: 3
12:44:40.609 Disk 0 MBR read successfully
12:44:40.609 Disk 0 MBR scan
12:44:40.671 Disk 0 Windows XP default MBR code
12:44:40.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
12:44:40.734 Disk 0 scanning sectors +156280320
12:44:40.875 Disk 0 scanning C:\WINDOWS\system32\drivers
12:44:59.046 Service scanning
12:45:18.421 Modules scanning
12:45:42.296 Disk 0 trace - called modules:
12:45:42.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:45:42.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8574aab8]
12:45:42.328 3 CLASSPNP.SYS[f75e8fd7] -> nt!IofCallDriver -> \Device\0000005f[0x8576ff18]
12:45:42.328 5 ACPI.sys[f747f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85774940]
12:45:42.765 AVAST engine scan C:\WINDOWS
12:45:52.421 AVAST engine scan C:\WINDOWS\system32
12:48:37.281 File: C:\WINDOWS\assembly\GAC_MSIL\ **INFECTED** Win32:Dropper-gen [Drp]
12:48:47.500 AVAST engine scan C:\WINDOWS\system32\drivers
12:49:12.515 AVAST engine scan C:\Documents and Settings\Administrator
12:53:55.203 AVAST engine scan C:\Documents and Settings\All Users
12:54:59.703 Scan finished successfully
13:30:57.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
13:30:57.578 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 AM

Posted 27 February 2012 - 10:36 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Yontoo

DDS::
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=28b550eb0000000000000019db5269fe


FireFox::
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - user.js: extensions.BabylonToolbar_i.id - 28b550eb0000000000000019db5269fe
FF - user.js: extensions.BabylonToolbar_i.hardId - 28b550eb0000000000000019db5269fe
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15395
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extentions.y2layers.installId - f7b9e0ee-0ab6-4e99-a4b3-b87395427044
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 senare

senare
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 28 February 2012 - 10:19 AM

Everything seems to be working fine.

ComboFix 12-02-25.02 - Administrator 02/28/2012 8:54.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.598 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Yontoo
c:\program files\Yontoo\YontooIEClient.dll
c:\windows\system32\SET21F.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-27 14:31 . 2012-02-27 14:31 -------- d-----w- C:\found.000
2012-02-25 18:20 . 2012-02-25 18:20 237 ----a-w- C:\user.js
2012-02-25 15:04 . 2012-02-25 15:04 -------- d-----w- C:\Pixologic
2012-02-25 14:14 . 2012-02-25 14:14 -------- d-----w- C:\DAZ 3D
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-04 06:17 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2004-08-04 07:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 07:56 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-02-16 14:40 . 2012-02-23 23:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-27_15.54.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-02-25 17:54 . 2012-02-25 17:54 53248 c:\windows\Installer\{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}\ARPPRODUCTICON.exe
+ 2012-02-27 17:10 . 2012-02-27 17:10 53248 c:\windows\Installer\{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}\ARPPRODUCTICON.exe
+ 2012-02-27 16:36 . 2008-08-18 17:39 274944 c:\windows\system32\spool\prtprocs\w32x86\hpzpp64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:18 670208 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzss64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:39 853504 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzse64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:39 299520 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzpr64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:38 783360 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzle64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:39 446976 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzev64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:39 233472 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzc364X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:46 977920 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpz3c64X.dll
+ 2012-02-27 16:36 . 2006-12-06 22:31 113152 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpfrs64X.dll
+ 2012-02-27 16:36 . 2007-02-20 17:29 337920 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpfig64X.dll
+ 2012-02-27 16:36 . 2007-02-23 01:35 314880 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpfie64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:18 670208 c:\windows\system32\spool\drivers\w32x86\3\hpzss64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:39 853504 c:\windows\system32\spool\drivers\w32x86\3\hpzse64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:39 299520 c:\windows\system32\spool\drivers\w32x86\3\hpzpr64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:38 783360 c:\windows\system32\spool\drivers\w32x86\3\hpzle64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:39 446976 c:\windows\system32\spool\drivers\w32x86\3\hpzev64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:39 233472 c:\windows\system32\spool\drivers\w32x86\3\hpzc364X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:46 977920 c:\windows\system32\spool\drivers\w32x86\3\hpz3c64X.dll
+ 2012-02-27 16:36 . 2006-12-06 22:31 113152 c:\windows\system32\spool\drivers\w32x86\3\hpfrs64X.dll
+ 2012-02-27 16:36 . 2007-02-20 17:29 337920 c:\windows\system32\spool\drivers\w32x86\3\hpfig64X.dll
+ 2012-02-27 16:36 . 2007-02-23 01:35 314880 c:\windows\system32\spool\drivers\w32x86\3\hpfie64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:39 117760 c:\windows\system32\hpzll64X.dll
+ 2012-02-23 21:19 . 2010-05-06 10:51 271704 c:\windows\system32\hpzids01.dll
+ 2012-02-27 16:36 . 2007-03-30 15:07 267864 c:\windows\LastGood\System32\hpzids01.dll
+ 2012-02-27 16:36 . 2008-08-18 17:46 3419648 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzur64X.dll
+ 2012-02-27 16:36 . 2008-11-24 21:37 3292672 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzui64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:46 8602112 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzst64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:39 5189632 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzla64X.dll
+ 2012-02-27 16:36 . 2008-11-24 21:26 1738240 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpz3r64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:46 3419648 c:\windows\system32\spool\drivers\w32x86\3\hpzur64X.dll
+ 2012-02-27 16:36 . 2008-11-24 21:37 3292672 c:\windows\system32\spool\drivers\w32x86\3\hpzui64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:46 8602112 c:\windows\system32\spool\drivers\w32x86\3\hpzst64X.dll
+ 2012-02-27 16:36 . 2008-08-18 17:39 5189632 c:\windows\system32\spool\drivers\w32x86\3\hpzla64X.dll
+ 2012-02-27 16:36 . 2008-11-24 21:26 1738240 c:\windows\system32\spool\drivers\w32x86\3\hpz3r64X.dll
+ 2012-02-27 17:10 . 2012-02-27 17:10 2961408 c:\windows\Installer\3e39dd.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-14 77824]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-04-13 331552]
"SDMSSplash"="c:\program files\HP_SDMS\SDMSSplash\launcher.exe" [2006-03-10 86016]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/26/2012 10:30 AM 652360]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2/23/2012 4:05 PM 540448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/26/2012 10:30 AM 20464]
S2 DAZContentManagementService;DAZ Content Management Service;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2/25/2012 8:14 AM 18432]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 50718509
*NewlyCreated* - 63825650
*NewlyCreated* - ASWMBR
*Deregistered* - 50718509
*Deregistered* - 63825650
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
WacomVKHid
rnadirmultiplexor
hwpsgt
defragfs
rvsinst
lfsfilt
MSCamSvc
avg7updsvc
avg7core
WmVirHid
SndTDriverV32
mcupdmgr.exe
hap16v2k
roxwatch
ROB_V
s716mdfl
DNE
MRESP50a64
streamip
Sunkfiltp
DirectUpdate
cis1284
transarcafsdaemon
ShockMgr
lkclassads
ATIBTXBAR
lilsgt
NSSvcMgr
RAPIProtocol
speedfan
Exportit
3c1807pd
ofcpfwsvc
dnetc
symantecantibotfilter
navap
sit_flt
UBHelper
PBADRV
NVR0Dev
hmonitor
eectrl
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
BrUsbSer
DcLps
ultra66
dimension4
p17
SED133x
avhook
ispwdsvc
rnadiagreceiver
olregcap
upsentry_smart
sympxsvc
pwkntmon
bthpan
savrt
CTEDSPIO.DLL
gearsecurity
KR10I
SerTVOutCtlr
NPPTNT
amusbprt
{95808DC4-FA4A-4c74-92FE-5B863F82066B}
spbbcdrv
asuskeyboardservice
zpcollector
epsonstatusagent2
npapimon
epfw
nsengine
VCIDRV
websensecpmcommunicationagent
vetfddnt
oraclexeclragent
nnsvc
Cam5603D
vstor2
avgfwsrv
cqcpu
HWIONT
PID_08A0
lxda_device
issm
s616mdfl
tomcatcws3
yediex
SlWdmSup
vcdsecs
ikhlayer
aw_host
XBCD
STV672
WcesComm
egathdrv
Mtlmnt5
oraclesnmppeermasteragent
regmanserv
k750obex
W2acehid
winss
s116mgmt
oracle_load_balancer_60_server-forms6i
tunmp
HPFECP20
smsmdd
pdlnemap
papyjoy
cfosspeeds
acnusvc
mi-raysat_3dsMax2008_32
NOWMEMDF
btkrnl
sit_prt
A88xTuner
smtpd32
license
pmem
rppkt
MREMP50a64
lhidflt2
tga
symantecantibotshim
cqmgserv
Nsynas32
dsproct
screadspool
asmagent
thpsrv
vsserv
se59obex
CTERFXFX.DLL
dm1service
PGPwded
epson_pm_rpcv4_01
MREMP50
dbmanagerscheduler
LVRS
MREMPR5
isdrv122
sfhlp01
yukonwxp
SQLAgent$MICROSOFTBCM
vmkbd
ovepstatusengine
ntservice1
dashsvc
ASMMAP
CoachAud
W55U01
mwspollserver
bmuservice
QWAVEDRV
ipsecmon
pduip6000dmemcrdmgr
NICSer_WPC54G
portio
mysqlinventime
Cardex
nmwcdcj
nwlnkspx
RR2Ctrl
hsf_dp
IWCA
se58mdm
olcamsrv
avidsdmservice
BASFND
rtl8029
RTHDMIAzAudService
apache
unlockerdriver5
MRESP50
tng-dtmg
appdrv
usbmate
nsm1serd
EhttpSrv
statusagent4
ssm_mdfl
Jukebox
pavagente
sentinelprotectionserver
sscdmdm
uleadburninghelper
regspy
dlcq_device
oracle%oracle_home_service%clientcache80
tsmapip
scsiaccess
NVNET
aeaudio
NETMDUSB
keriomailserver
telnet
wtwservice
vmnetbridge
DC21x4
vpn5000service
schscnt
psdvdisk
IPSECSHM
L8042mou
clnt_clientman
axskbus
dvpapi
AF15BDA
https-nassry
fsaua
psdistributionagent
openvpnservice
bhmonitorservice
dlbx_device
gagp30kx
ASInsHelp
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
.
------- Supplementary Scan -------
.
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\
FF - prefs.js: browser.startup.homepage - hxxp://bardicweb.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo\YontooIEClient.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-28 08:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4165708174-4294439347-1972931525-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,b2,ed,bd,62,1d,ee,41,a5,3e,74,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,b2,ed,bd,62,1d,ee,41,a5,3e,74,\
.
[HKEY_USERS\S-1-5-21-4165708174-4294439347-1972931525-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*֚|֚|Z # h**h*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-4165708174-4294439347-1972931525-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*֚|֚|Z # h**h*\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-02-28 08:59:57
ComboFix-quarantined-files.txt 2012-02-28 14:59
ComboFix2.txt 2012-02-27 15:57
.
Pre-Run: 64,148,365,312 bytes free
Post-Run: 64,249,466,880 bytes free
.
- - End Of File - - F4879AE2A2A1B03783B586804B775C41

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 AM

Posted 28 February 2012 - 05:37 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 senare

senare
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 28 February 2012 - 10:29 PM

OTL logfile created on: 2/28/2012 7:19:14 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.48 Mb Total Physical Memory | 62.65 Mb Available Physical Memory | 7.00% Memory free
2.12 Gb Paging File | 1.19 Gb Available in Paging File | 56.19% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 59.88 Gb Free Space | 80.36% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()


========== Win32 Services (SafeList) ==========

SRV - (zpcollector) -- File not found
SRV - (yukonwxp) -- File not found
SRV - (yediex) -- File not found
SRV - (XBCD) -- File not found
SRV - (wtwservice) -- File not found
SRV - (WmVirHid) -- File not found
SRV - (winss) -- File not found
SRV - (websensecpmcommunicationagent) -- File not found
SRV - (WcesComm) -- File not found
SRV - (WacomVKHid) -- File not found
SRV - (W55U01) -- File not found
SRV - (W2acehid) -- File not found
SRV - (vstor2) -- File not found
SRV - (vsserv) -- File not found
SRV - (vpn5000service) -- File not found
SRV - (vmnetbridge) -- File not found
SRV - (vmkbd) -- File not found
SRV - (vetfddnt) -- File not found
SRV - (VCIDRV) -- File not found
SRV - (vcdsecs) -- File not found
SRV - (usbmate) -- File not found
SRV - (upsentry_smart) -- File not found
SRV - (ultra66) -- File not found
SRV - (uleadburninghelper) -- File not found
SRV - (UBHelper) -- File not found
SRV - (tunmp) -- File not found
SRV - (tsmapip) -- File not found
SRV - (transarcafsdaemon) -- File not found
SRV - (tomcatcws3) -- File not found
SRV - (tng-dtmg) -- File not found
SRV - (thpsrv) -- File not found
SRV - (tga) -- File not found
SRV - (telnet) -- File not found
SRV - (sympxsvc) -- File not found
SRV - (symantecantibotshim) -- File not found
SRV - (symantecantibotfilter) -- File not found
SRV - (Sunkfiltp) -- File not found
SRV - (STV672) -- File not found
SRV - (streamip) -- File not found
SRV - (statusagent4) -- File not found
SRV - (ssm_mdfl) -- File not found
SRV - (sscdmdm) -- File not found
SRV - (SQLAgent$MICROSOFTBCM) -- File not found
SRV - (speedfan) -- File not found
SRV - (spbbcdrv) -- File not found
SRV - (SndTDriverV32) -- File not found
SRV - (smtpd32) -- File not found
SRV - (smsmdd) -- File not found
SRV - (SlWdmSup) -- File not found
SRV - (sit_prt) -- File not found
SRV - (sit_flt) -- File not found
SRV - (ShockMgr) -- File not found
SRV - (sfhlp01) -- File not found
SRV - (SerTVOutCtlr) -- File not found
SRV - (sentinelprotectionserver) -- File not found
SRV - (SED133x) -- File not found
SRV - (se59obex) -- File not found
SRV - (se58mdm) -- File not found
SRV - (scsiaccess) -- File not found
SRV - (screadspool) -- File not found
SRV - (schscnt) -- File not found
SRV - (savrt) -- File not found
SRV - (s716mdfl) -- File not found
SRV - (s616mdfl) -- File not found
SRV - (s116mgmt) -- File not found
SRV - (rvsinst) -- File not found
SRV - (rtl8029) -- File not found
SRV - (RTHDMIAzAudService) -- File not found
SRV - (RR2Ctrl) -- File not found
SRV - (rppkt) -- File not found
SRV - (roxwatch) -- File not found
SRV - (ROB_V) -- File not found
SRV - (rnadirmultiplexor) -- File not found
SRV - (rnadiagreceiver) -- File not found
SRV - (regspy) -- File not found
SRV - (RAPIProtocol) -- File not found
SRV - (QWAVEDRV) -- File not found
SRV - (pwkntmon) -- File not found
SRV - (psdvdisk) -- File not found
SRV - (portio) -- File not found
SRV - (pmem) -- File not found
SRV - (PID_08A0) -- File not found
SRV - (PGPwded) -- File not found
SRV - (pduip6000dmemcrdmgr) -- File not found
SRV - (pdlnemap) -- File not found
SRV - (PBADRV) -- File not found
SRV - (pavagente) -- File not found
SRV - (papyjoy) -- File not found
SRV - (p17) -- File not found
SRV - (ovepstatusengine) -- File not found
SRV - (oraclexeclragent) -- File not found
SRV - (oraclesnmppeermasteragent) -- File not found
SRV - (oracle_load_balancer_60_server-forms6i) -- File not found
SRV - (oracle%oracle_home_service%clientcache80) -- File not found
SRV - (openvpnservice) -- File not found
SRV - (olregcap) -- File not found
SRV - (olcamsrv) -- File not found
SRV - (ofcpfwsvc) -- File not found
SRV - (nwlnkspx) -- File not found
SRV - (NVR0Dev) -- File not found
SRV - (NVNET) -- File not found
SRV - (ntservice1) -- File not found
SRV - (Nsynas32) -- File not found
SRV - (NSSvcMgr) -- File not found
SRV - (nsm1serd) -- File not found
SRV - (nsengine) -- File not found
SRV - (NPPTNT) -- File not found
SRV - (npapimon) -- File not found
SRV - (NOWMEMDF) -- File not found
SRV - (nnsvc) -- File not found
SRV - (nmwcdcj) -- File not found
SRV - (NICSer_WPC54G) -- File not found
SRV - (NETMDUSB) -- File not found
SRV - (navap) -- File not found
SRV - (mysqlinventime) -- File not found
SRV - (mwspollserver) -- File not found
SRV - (Mtlmnt5) -- File not found
SRV - (MSCamSvc) -- File not found
SRV - (MRESP50) -- File not found
SRV - (MREMPR5) -- File not found
SRV - (MREMP50a64) -- File not found
SRV - (MREMP50) -- File not found
SRV - (mi-raysat_3dsMax2008_32) -- File not found
SRV - (mcupdmgr.exe) -- File not found
SRV - (lxda_device) -- File not found
SRV - (LVRS) -- File not found
SRV - (lkclassads) -- File not found
SRV - (lilsgt) -- File not found
SRV - (license) -- File not found
SRV - (lhidflt2) -- File not found
SRV - (lfsfilt) -- File not found
SRV - (L8042mou) -- File not found
SRV - (KR10I) -- File not found
SRV - (keriomailserver) -- File not found
SRV - (k750obex) -- File not found
SRV - (Jukebox) -- File not found
SRV - (IWCA) -- File not found
SRV - (IPSECSHM) -- File not found
SRV - (ipsecmon) -- File not found
SRV - (ikhlayer) -- File not found
SRV - (hwpsgt) -- File not found
SRV - (HWIONT) -- File not found
SRV - (https-nassry) -- File not found
SRV - (hsf_dp) -- File not found
SRV - (HPFECP20) -- File not found
SRV - (hmonitor) -- File not found
SRV - (HidServ) -- File not found
SRV - (gearsecurity) -- File not found
SRV - (gagp30kx) -- File not found
SRV - (fsaua) -- File not found
SRV - (Exportit) -- File not found
SRV - (epsonstatusagent2) -- File not found
SRV - (epson_pm_rpcv4_01) -- File not found
SRV - (epfw) -- File not found
SRV - (EhttpSrv) -- File not found
SRV - (egathdrv) -- File not found
SRV - (eectrl) -- File not found
SRV - (dvpapi) -- File not found
SRV - (dsproct) -- File not found
SRV - (dnetc) -- File not found
SRV - (DNE) -- File not found
SRV - (dm1service) -- File not found
SRV - (dlcq_device) -- File not found
SRV - (dlbx_device) -- File not found
SRV - (DirectUpdate) -- File not found
SRV - (dimension4) -- File not found
SRV - (DcLps) -- File not found
SRV - (DC21x4) -- File not found
SRV - (dbmanagerscheduler) -- File not found
SRV - (dashsvc) -- File not found
SRV - (CTERFXFX.DLL) -- File not found
SRV - (CTEDSPIO.DLL) -- File not found
SRV - (cqmgserv) -- File not found
SRV - (cqcpu) -- File not found
SRV - (CoachAud) -- File not found
SRV - (clnt_clientman) -- File not found
SRV - (cis1284) -- File not found
SRV - (cfosspeeds) -- File not found
SRV - (Cardex) -- File not found
SRV - (Cam5603D) -- File not found
SRV - (btkrnl) -- File not found
SRV - (bthpan) -- File not found
SRV - (BrUsbSer) -- File not found
SRV - (bmuservice) -- File not found
SRV - (bhmonitorservice) -- File not found
SRV - (BASFND) -- File not found
SRV - (axskbus) -- File not found
SRV - (aw_host) -- File not found
SRV - (avidsdmservice) -- File not found
SRV - (avhook) -- File not found
SRV - (avgfwsrv) -- File not found
SRV - (avg7updsvc) -- File not found
SRV - (avg7core) -- File not found
SRV - (ATIBTXBAR) -- File not found
SRV - (asuskeyboardservice) -- File not found
SRV - (ASMMAP) -- File not found
SRV - (asmagent) -- File not found
SRV - (ASInsHelp) -- File not found
SRV - (appdrv) -- File not found
SRV - (apache) -- File not found
SRV - (amusbprt) -- File not found
SRV - (AF15BDA) -- File not found
SRV - (aeaudio) -- File not found
SRV - (acnusvc) -- File not found
SRV - (A88xTuner) -- File not found
SRV - (3c1807pd) -- File not found
SRV - ({a7447300-8075-4b0d-83f1-3d75c8ebc623}) -- File not found
SRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-4165708174-4294439347-1972931525-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://bardicweb.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/23 17:14:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/02/23 18:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012/02/23 17:49:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/02/26 08:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\extensions
[2012/02/24 07:38:26 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/02/24 07:38:26 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\extensions\info@stretchclock.com
[2012/02/24 07:36:55 | 000,000,000 | ---D | M] (Copy HTML) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\extensions\jid0-lqtsBMO4PkjAOFcCt6zDcWsAXCU@jetpack
[2012/02/25 13:03:46 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\extensions\plugin@yontoo.com
[2012/02/23 17:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/25 12:21:02 | 000,000,000 | ---D | M] (General Crawler) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S7VCULJX.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S7VCULJX.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S7VCULJX.DEFAULT\EXTENSIONS\{D9284E50-81FC-11DA-A72B-0800200C9A66}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S7VCULJX.DEFAULT\EXTENSIONS\CONVERT@TUNETUNE.NET.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S7VCULJX.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S7VCULJX.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S7VCULJX.DEFAULT\EXTENSIONS\PRINTWITHOUTADS@OLEG.VASKEVICH.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S7VCULJX.DEFAULT\EXTENSIONS\WEATHERWATCHERLIVE@SINGERSCREATIONS.COM.XPI
[2012/02/16 08:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/25 12:20:47 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/16 04:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 04:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/28 08:58:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SDMSSplash] C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4165708174-4294439347-1972931525-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4165708174-4294439347-1972931525-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4165708174-4294439347-1972931525-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4165708174-4294439347-1972931525-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CA5E36F-B441-4B41-B7D6-0290C1050B51}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/28 19:16:41 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/28 09:00:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/27 16:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Jarte
[2012/02/27 16:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Jarte
[2012/02/27 16:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Jarte
[2012/02/27 11:52:16 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/02/27 10:36:34 | 000,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzll64X.dll
[2012/02/27 10:36:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/02/27 09:40:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/27 09:17:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/27 09:17:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/27 09:17:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/27 09:17:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/27 09:17:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/27 08:31:50 | 000,000,000 | ---D | C] -- C:\found.000
[2012/02/27 08:19:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/26 15:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer
[2012/02/26 15:00:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012/02/26 15:00:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/02/26 14:59:26 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/26 13:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Registry Files
[2012/02/26 13:01:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/02/26 10:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/02/26 10:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/26 10:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/02/26 10:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/26 10:30:03 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/26 10:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/26 10:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/26 10:16:50 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/02/26 10:13:19 | 004,420,481 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/02/25 14:35:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/02/25 13:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WeatherBug
[2012/02/25 13:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WeatherBug
[2012/02/25 12:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FreeTorrentViewer
[2012/02/25 11:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Corel
[2012/02/25 11:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Protexis
[2012/02/25 11:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2012/02/25 11:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Corel PaintShop Pro
[2012/02/25 11:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Corel PaintShop Pro
[2012/02/25 11:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2012/02/25 11:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Corel
[2012/02/25 11:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Corel PaintShop Pro X4
[2012/02/25 11:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2012/02/25 11:49:00 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2012/02/25 11:48:58 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2012/02/25 11:48:58 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2012/02/25 11:48:58 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2012/02/25 11:48:56 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2012/02/25 11:48:55 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2012/02/25 11:48:55 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2012/02/25 11:48:55 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2012/02/25 11:48:54 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2012/02/25 11:48:54 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2012/02/25 11:48:53 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2012/02/25 11:48:53 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2012/02/25 11:48:52 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2012/02/25 11:48:50 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2012/02/25 11:48:46 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2012/02/25 11:48:44 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2012/02/25 11:48:44 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2012/02/25 11:48:40 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2012/02/25 11:48:39 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2012/02/25 11:48:39 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2012/02/25 11:48:38 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2012/02/25 11:48:37 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2012/02/25 11:48:37 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2012/02/25 11:48:37 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2012/02/25 11:48:36 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2012/02/25 11:48:36 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2012/02/25 11:48:35 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2012/02/25 11:48:35 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2012/02/25 11:48:34 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2012/02/25 11:48:21 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2012/02/25 11:48:20 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2012/02/25 11:48:20 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2012/02/25 11:48:20 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2012/02/25 11:48:19 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2012/02/25 11:48:18 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2012/02/25 11:48:17 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2012/02/25 11:48:16 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2012/02/25 11:48:15 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2012/02/25 11:48:12 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2012/02/25 09:04:50 | 000,000,000 | ---D | C] -- C:\Pixologic
[2012/02/25 08:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DAZ
[2012/02/25 08:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\DAZ 3D
[2012/02/25 08:14:37 | 000,000,000 | ---D | C] -- C:\DAZ 3D
[2012/02/25 08:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DAZ 3D
[2012/02/25 08:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D
[2012/02/25 06:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAZ 3D
[2012/02/25 06:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAZ 3D
[2012/02/25 05:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAZ 3D
[2012/02/24 06:45:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2012/02/24 06:44:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2012/02/24 06:39:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/02/24 06:22:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/02/24 06:22:41 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/02/24 06:22:41 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/02/24 06:22:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/02/24 06:22:40 | 011,082,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012/02/24 06:22:40 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/02/24 06:22:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/02/24 06:21:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/02/24 06:06:35 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2012/02/24 06:06:35 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2012/02/24 06:02:13 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/02/24 06:02:07 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/02/24 06:01:52 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2012/02/24 06:01:36 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/02/24 05:58:14 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/02/24 05:57:59 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/02/24 05:57:28 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2012/02/24 05:57:28 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2012/02/24 05:57:28 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/02/24 05:56:35 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/02/24 05:43:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/02/23 19:24:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2012/02/23 19:24:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/02/23 19:24:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/02/23 19:24:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/02/23 19:24:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/02/23 19:19:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012/02/23 19:15:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/02/23 19:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/02/23 18:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2012/02/23 18:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/02/23 18:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/02/23 18:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012/02/23 18:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/02/23 18:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Thunderbird
[2012/02/23 18:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2012/02/23 18:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012/02/23 17:55:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/02/23 17:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/02/23 17:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Finder
[2012/02/23 17:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon
[2012/02/23 17:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/02/23 17:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Babylon
[2012/02/23 17:48:02 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2012/02/23 17:48:02 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2012/02/23 17:48:02 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2012/02/23 17:48:02 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2012/02/23 17:48:01 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2012/02/23 17:48:01 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2012/02/23 17:47:59 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2012/02/23 17:47:59 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2012/02/23 17:47:59 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2012/02/23 17:47:59 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2012/02/23 17:46:37 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2012/02/23 17:46:37 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2012/02/23 17:46:37 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2012/02/23 17:46:37 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2012/02/23 17:46:37 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2012/02/23 17:46:37 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2012/02/23 17:46:37 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2012/02/23 17:46:37 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2012/02/23 17:46:37 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2012/02/23 17:46:37 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2012/02/23 17:46:36 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2012/02/23 17:46:36 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2012/02/23 17:46:36 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2012/02/23 17:46:36 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2012/02/23 17:46:36 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2012/02/23 17:46:36 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2012/02/23 17:46:36 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2012/02/23 17:46:36 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2012/02/23 17:46:36 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2012/02/23 17:46:36 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2012/02/23 17:46:36 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2012/02/23 17:46:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\64de2357
[2012/02/23 17:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/02/23 17:31:40 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2012/02/23 17:31:33 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2012/02/23 17:31:21 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/23 17:31:04 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2012/02/23 17:31:01 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2012/02/23 17:30:56 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2012/02/23 17:30:54 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/02/23 17:30:54 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/02/23 17:30:53 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/02/23 17:28:59 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2012/02/23 17:28:15 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2012/02/23 17:28:04 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2012/02/23 17:27:56 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/02/23 17:26:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012/02/23 17:26:29 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012/02/23 17:26:17 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2012/02/23 17:24:12 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2012/02/23 17:23:47 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2012/02/23 17:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/02/23 17:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/02/23 17:01:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2012/02/23 17:00:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012/02/23 17:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/02/23 17:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/02/23 17:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/02/23 16:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2012/02/23 16:27:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\UserData
[2012/02/23 16:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Program Shortcuts
[2012/02/23 16:17:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/02/23 16:08:52 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/02/23 16:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012/02/23 16:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Compaq
[2012/02/23 16:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\HP_SDMS
[2012/02/23 16:05:28 | 000,015,632 | ---- | C] (PDF Complete, Inc.) -- C:\WINDOWS\System32\pdfc_port.dll
[2012/02/23 16:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF Complete
[2012/02/23 16:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Complete
[2012/02/23 16:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/02/23 16:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\HPQ
[2012/02/23 16:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD
[2012/02/23 16:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2012/02/23 16:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Macrovision Corp
[2012/02/23 16:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2012/02/23 16:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2012/02/23 16:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2012/02/23 16:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2012/02/23 16:02:40 | 004,399,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.Sys
[2012/02/23 16:02:40 | 001,183,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2012/02/23 16:02:40 | 000,499,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2012/02/23 16:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/02/23 16:02:27 | 000,033,280 | ---- | C] (AMD, Inc.) -- C:\WINDOWS\System32\drivers\AmdLLD.sys
[2012/02/23 16:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012/02/23 16:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
[2012/02/23 16:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/02/23 16:01:57 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/02/23 16:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/02/23 16:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/02/23 16:01:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/02/23 16:00:51 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2012/02/23 16:00:38 | 000,127,078 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/02/23 16:00:38 | 000,049,265 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\jpicpl32.cpl
[2012/02/23 16:00:38 | 000,049,250 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/02/23 16:00:38 | 000,049,248 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/02/23 16:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/23 16:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/23 16:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2012/02/23 15:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2012/02/23 15:57:35 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/02/23 15:57:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/02/23 15:57:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/02/23 15:56:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012/02/23 15:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2012/02/23 15:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2012/02/23 15:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2012/02/23 15:42:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012/02/23 15:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2012/02/23 15:39:26 | 000,025,392 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2012/02/23 15:39:23 | 000,026,672 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2012/02/23 15:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2012/02/23 15:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2012/02/23 15:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2012/02/23 15:19:10 | 000,271,704 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2012/02/23 15:19:08 | 000,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzll5ha.dll
[2012/02/23 15:18:45 | 000,675,840 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpowiax3.dll
[2012/02/23 15:18:45 | 000,569,344 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotscl3.dll
[2012/02/23 15:18:45 | 000,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2012/02/23 15:18:45 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2012/02/23 15:18:45 | 000,303,104 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst10.dll
[2012/02/23 14:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
[2012/02/23 14:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HPAppData
[2012/02/23 14:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2012/02/23 14:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2012/02/23 14:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2012/02/23 14:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012/02/23 14:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012/02/23 14:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/02/23 14:24:51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/23 10:55:31 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2012/02/23 10:55:14 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2012/02/23 10:52:04 | 000,083,968 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys
[2012/02/23 10:51:50 | 006,684,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atioglx1.dll
[2012/02/23 10:51:50 | 005,148,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2012/02/23 10:51:50 | 002,411,008 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2012/02/23 10:51:50 | 002,411,008 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2012/02/23 10:51:50 | 001,754,624 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2012/02/23 10:51:50 | 001,754,624 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2012/02/23 10:51:50 | 001,086,112 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2012/02/23 10:51:50 | 001,086,112 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2012/02/23 10:51:50 | 000,307,200 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2012/02/23 10:51:50 | 000,303,104 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2012/02/23 10:51:50 | 000,294,912 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2012/02/23 10:51:50 | 000,294,912 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2012/02/23 10:51:50 | 000,260,608 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2012/02/23 10:51:50 | 000,260,608 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2012/02/23 10:51:50 | 000,221,184 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2012/02/23 10:51:50 | 000,118,784 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2012/02/23 10:51:50 | 000,090,112 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2012/02/23 10:51:50 | 000,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2012/02/23 10:51:50 | 000,049,152 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2012/02/23 10:51:50 | 000,041,984 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2012/02/23 10:51:50 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2012/02/23 10:51:50 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2012/02/23 10:51:50 | 000,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2012/02/23 10:51:29 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/02/23 10:51:29 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/02/23 10:51:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/02/23 10:51:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/02/23 10:51:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/02/23 10:51:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/02/23 10:51:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/02/23 10:51:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/02/23 10:51:28 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/02/23 10:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/02/23 10:51:27 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/02/23 10:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2012/02/23 10:51:26 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/02/23 10:51:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/02/23 10:51:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/02/23 10:51:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2012/02/23 10:51:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/02/23 10:51:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/02/23 10:51:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/02/23 10:51:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/02/23 10:51:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/02/23 10:51:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/02/23 10:51:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/02/23 10:51:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/02/23 10:51:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/02/23 10:51:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/02/23 10:51:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/02/23 10:51:25 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/02/23 10:51:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/02/23 10:51:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/02/23 10:51:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/02/23 10:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/02/23 10:51:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/02/23 10:51:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/02/23 10:51:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/02/23 10:51:25 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/02/23 10:51:25 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/02/23 10:51:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/02/23 10:51:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/02/23 10:51:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/02/23 10:51:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/02/23 10:51:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/02/23 10:51:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/02/23 10:51:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/02/23 10:51:23 | 000,000,000 | ---D | C] -- C:\SWSetup
[2012/02/23 10:46:51 | 000,756,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winntbbu.dll
[2012/02/23 10:46:47 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\telnet.exe
[2012/02/23 10:46:46 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spnpinst.exe
[2012/02/23 10:46:46 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sound.drv
[2012/02/23 10:46:44 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pidgen.dll
[2012/02/23 10:46:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntsdexts.dll
[2012/02/23 10:46:40 | 000,329,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.exe
[2012/02/23 10:46:35 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mouse.drv
[2012/02/23 10:46:35 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmtask.tsk
[2012/02/23 10:46:34 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2012/02/23 10:46:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec.dll
[2012/02/23 10:46:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2012/02/23 10:46:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2012/02/23 10:46:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2012/02/23 10:46:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2012/02/23 10:46:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsg.dll
[2012/02/23 10:46:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2012/02/23 10:46:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdla.dll
[2012/02/23 10:46:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2012/02/23 10:46:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2012/02/23 10:46:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2012/02/23 10:46:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2012/02/23 10:46:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusx.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusr.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusl.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsw.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsp.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsf.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpo.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdno.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdne.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdic.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgr1.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgr.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfr.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfi.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfc.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdes.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdda.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdca.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbr.dll
[2012/02/23 10:46:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbe.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdus.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduk.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdit142.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdit.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdir.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgae.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2012/02/23 10:46:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2012/02/23 10:46:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbddv.dll
[2012/02/23 10:46:34 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\keyboard.drv
[2012/02/23 10:46:33 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2012/02/23 10:46:32 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\exts.dll
[2012/02/23 10:46:32 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\expand.exe
[2012/02/23 10:46:28 | 000,847,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbgeng.dll
[2012/02/23 10:46:26 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autofmt.exe
[2012/02/23 10:46:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2012/02/23 10:46:23 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2012/02/23 10:46:23 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2012/02/23 10:46:23 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2012/02/23 10:46:23 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2012/02/23 10:45:24 | 000,000,000 | ---D | C] -- C:\i386
[2012/02/23 10:45:24 | 000,000,000 | ---D | C] -- C:\Compaq
[2012/02/23 10:30:07 | 000,036,864 | ---- | C] (Advanced Micro Devices) -- C:\WINDOWS\System32\drivers\AmdK8.sys
[2012/02/23 10:27:06 | 000,000,000 | ---D | C] -- C:\SYSTEM.SAV
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/28 19:16:43 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/28 08:58:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/27 16:05:06 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jarte.lnk
[2012/02/27 13:30:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/02/27 12:59:00 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/02/27 11:52:59 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/02/27 11:10:33 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Corel PaintShop Pro X4.lnk
[2012/02/27 09:55:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/27 09:54:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/27 09:54:38 | 938,004,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/27 09:40:06 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012/02/26 15:04:25 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2012/02/26 14:59:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/26 14:58:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/02/26 10:31:00 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/26 10:30:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/26 10:13:19 | 004,420,481 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/02/26 08:20:41 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/02/26 08:20:41 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/02/25 17:03:45 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/25 12:20:58 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/02/25 08:15:05 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DAZ Studio 4.lnk
[2012/02/24 06:39:32 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/24 05:50:13 | 000,380,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/24 05:50:13 | 000,052,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/24 05:44:58 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/02/23 19:19:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/23 18:47:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/02/23 18:47:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/02/23 18:03:09 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/02/23 18:03:09 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2012/02/23 17:31:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/23 17:00:23 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/23 17:00:23 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/23 16:09:06 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/02/23 16:07:28 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012/02/23 16:07:25 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2012/02/23 16:06:02 | 000,001,860 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_BPC_HP Compaq dx2250 Microtower_YB_0Comp_QMXL723_EU_48_I0A7C_SMSI_V_BMS7297 1.07_T070411_WXP2_L409_M895_J80_7AMD_8Athlon 64_92.39_#120223_N10EC8139_(RT761UT#ABA)_X_CD3_Z_2_G10025974.MRK
[2012/02/23 15:49:17 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2012/02/23 15:47:31 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2012/02/23 15:20:02 | 000,141,136 | ---- | M] () -- C:\WINDOWS\hpoins14.dat
[2012/02/23 14:27:37 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012/02/23 14:26:45 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/23 14:26:29 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/02/23 14:19:16 | 000,004,247 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/02/23 14:19:09 | 000,000,774 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini
[2012/02/23 14:19:07 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/27 16:05:06 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Jarte.lnk
[2012/02/27 13:30:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/02/27 09:40:06 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2012/02/27 09:40:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/27 09:17:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/27 09:17:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/27 09:17:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/27 09:17:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/27 09:17:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/26 15:04:23 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2012/02/26 14:58:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/02/26 10:31:00 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/26 10:30:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/26 08:20:41 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/02/26 08:20:41 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2012/02/26 08:20:40 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/02/25 12:20:58 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/02/25 11:53:59 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Corel PaintShop Pro X4.lnk
[2012/02/25 08:15:05 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DAZ Studio 4.lnk
[2012/02/24 06:06:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/24 06:06:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/23 18:47:47 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/02/23 18:47:47 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/02/23 18:03:09 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/02/23 18:03:09 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/02/23 18:03:09 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2012/02/23 17:48:05 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2012/02/23 17:48:05 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2012/02/23 17:48:05 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2012/02/23 17:48:05 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2012/02/23 17:48:05 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2012/02/23 17:48:05 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2012/02/23 17:48:05 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2012/02/23 17:48:05 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2012/02/23 17:48:05 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2012/02/23 17:48:05 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2012/02/23 17:48:05 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2012/02/23 17:48:05 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2012/02/23 17:48:05 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2012/02/23 17:48:05 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2012/02/23 17:48:05 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2012/02/23 17:48:05 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2012/02/23 17:48:05 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2012/02/23 17:48:05 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2012/02/23 17:48:05 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2012/02/23 17:48:05 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2012/02/23 17:48:05 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2012/02/23 17:48:05 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2012/02/23 17:48:05 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2012/02/23 17:48:05 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2012/02/23 17:48:05 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2012/02/23 17:48:05 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2012/02/23 17:48:05 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2012/02/23 17:48:04 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2012/02/23 17:48:04 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2012/02/23 17:48:04 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2012/02/23 17:48:03 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2012/02/23 17:48:03 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2012/02/23 17:48:03 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2012/02/23 17:48:03 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2012/02/23 17:48:03 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2012/02/23 17:48:03 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2012/02/23 17:48:03 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2012/02/23 17:48:03 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2012/02/23 17:48:03 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2012/02/23 17:48:03 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2012/02/23 17:48:02 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2012/02/23 17:48:02 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2012/02/23 17:48:01 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2012/02/23 17:48:00 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2012/02/23 17:48:00 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2012/02/23 17:48:00 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2012/02/23 17:48:00 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2012/02/23 17:48:00 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2012/02/23 17:48:00 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2012/02/23 17:48:00 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2012/02/23 17:48:00 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2012/02/23 17:48:00 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2012/02/23 17:48:00 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2012/02/23 17:48:00 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2012/02/23 17:48:00 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2012/02/23 17:48:00 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2012/02/23 17:48:00 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2012/02/23 17:48:00 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2012/02/23 17:48:00 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2012/02/23 17:48:00 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2012/02/23 17:47:59 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012/02/23 17:47:59 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2012/02/23 17:47:59 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2012/02/23 17:47:57 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2012/02/23 17:47:57 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2012/02/23 17:47:57 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2012/02/23 17:47:57 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2012/02/23 17:47:52 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2012/02/23 17:47:49 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2012/02/23 17:47:48 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2012/02/23 17:47:48 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2012/02/23 17:47:48 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2012/02/23 17:47:48 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2012/02/23 17:47:48 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2012/02/23 17:47:48 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2012/02/23 17:47:48 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2012/02/23 17:47:48 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2012/02/23 17:47:48 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2012/02/23 17:47:48 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2012/02/23 17:46:37 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2012/02/23 17:00:23 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/23 17:00:23 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/23 17:00:22 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/23 16:09:06 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/02/23 16:08:19 | 938,004,480 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/23 16:07:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012/02/23 16:07:25 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2012/02/23 16:07:15 | 000,000,278 | ---- | C] () -- C:\WINDOWS\logonper2.reg
[2012/02/23 16:07:15 | 000,000,192 | ---- | C] () -- C:\WINDOWS\logoffper2.reg
[2012/02/23 16:06:01 | 000,001,860 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_BPC_HP Compaq dx2250 Microtower_YB_0Comp_QMXL723_EU_48_I0A7C_SMSI_V_BMS7297 1.07_T070411_WXP2_L409_M895_J80_7AMD_8Athlon 64_92.39_#120223_N10EC8139_(RT761UT#ABA)_X_CD3_Z_2_G10025974.MRK
[2012/02/23 16:05:43 | 000,008,038 | ---- | C] () -- C:\WINDOWS\System32\oemlogo.bmp
[2012/02/23 16:03:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2012/02/23 16:03:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2012/02/23 16:03:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2012/02/23 16:03:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2012/02/23 16:03:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2012/02/23 16:03:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2012/02/23 16:02:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/02/23 15:40:33 | 000,001,938 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Network Magic.lnk
[2012/02/23 15:40:33 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2012/02/23 15:39:34 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2012/02/23 14:27:37 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012/02/23 14:26:45 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/23 14:26:29 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/02/23 14:24:13 | 000,141,136 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2012/02/23 14:24:13 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2012/02/23 10:52:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.bin
[2012/02/23 10:52:54 | 000,007,029 | --S- | C] () -- C:\WINDOWS\System32\dllcache\oembios.cat
[2012/02/23 10:52:54 | 000,006,788 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.sig
[2012/02/23 10:52:54 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.dat
[2012/02/23 10:51:54 | 001,920,056 | ---- | C] () -- C:\WINDOWS\HPQ800h.BMP
[2012/02/23 10:51:50 | 002,515,656 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2012/02/23 10:51:50 | 000,655,842 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2012/02/23 10:51:50 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/02/23 10:51:50 | 000,035,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2012/02/23 10:51:50 | 000,006,126 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2012/02/23 10:51:50 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativdkxx.vp
[2012/02/23 10:51:50 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2012/02/23 10:51:50 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2012/02/23 10:46:59 | 000,000,339 | RHS- | C] () -- C:\boot.ini
[2012/02/23 10:46:53 | 000,001,158 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/23 10:46:48 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/02/23 10:46:47 | 000,000,862 | ---- | C] () -- C:\WINDOWS\System32\termcap
[2012/02/23 10:46:45 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2012/02/23 10:46:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2012/02/23 10:46:44 | 000,001,818 | ---- | C] () -- C:\WINDOWS\System32\rasctrnm.h
[2012/02/23 10:46:44 | 000,000,435 | ---- | C] () -- C:\WINDOWS\System32\perfwci.h
[2012/02/23 10:46:44 | 000,000,427 | ---- | C] () -- C:\WINDOWS\System32\perfci.h
[2012/02/23 10:46:44 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\perffilt.h
[2012/02/23 10:46:44 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\pcl.sep
[2012/02/23 10:46:44 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\pscript.sep
[2012/02/23 10:46:42 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2012/02/23 10:46:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2012/02/23 10:46:40 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.cht
[2012/02/23 10:46:40 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.chs
[2012/02/23 10:46:40 | 000,000,751 | ---- | C] () -- C:\WINDOWS\System32\noise.enu
[2012/02/23 10:46:40 | 000,000,751 | ---- | C] () -- C:\WINDOWS\System32\noise.eng
[2012/02/23 10:46:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2012/02/23 10:46:40 | 000,000,697 | ---- | C] () -- C:\WINDOWS\System32\noise.tha
[2012/02/23 10:46:35 | 000,001,492 | ---- | C] () -- C:\WINDOWS\System32\mmdriver.inf
[2012/02/23 10:46:35 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/02/23 10:46:35 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\login.cmd
[2012/02/23 10:46:33 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\homepage.inf
[2012/02/23 10:46:32 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\dsound.vxd
[2012/02/23 10:46:30 | 000,000,799 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\protocol
[2012/02/23 10:46:30 | 000,000,407 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\networks
[2012/02/23 10:46:30 | 000,000,027 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/23 10:46:27 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\cmos.ram
[2012/02/23 10:46:25 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\View Channels.scf
[2012/02/23 10:46:24 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2012/02/23 10:46:23 | 000,004,247 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/02/23 10:46:23 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/02/23 10:46:18 | 000,000,707 | ---- | C] () -- C:\WINDOWS\_default.pif
[2012/02/23 10:46:18 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf
[2012/02/23 10:46:01 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/02/23 10:46:01 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/02/23 10:46:01 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/02/23 10:46:00 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/02/23 10:46:00 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/23 10:46:00 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/02/23 10:46:00 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/02/23 10:46:00 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/02/23 10:46:00 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/02/23 10:30:09 | 000,000,774 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2012/02/23 10:25:09 | 000,047,564 | RHS- | C] () -- C:\NTDETECT.COM
[2012/02/23 10:25:08 | 000,250,048 | RHS- | C] () -- C:\ntldr

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 AM

Posted 29 February 2012 - 08:54 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
    [2012/02/25 13:03:46 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\extensions\plugin@yontoo.com
    [2012/02/25 12:20:47 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2012/02/25 12:21:02 | 000,000,000 | ---D | M] (General Crawler) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
    [2012/02/23 17:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon
    [2012/02/23 17:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2012/02/23 17:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Babylon
    [2012/02/23 17:46:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\64de2357
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 senare

senare
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 29 February 2012 - 09:30 AM

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s7vculjx.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM\chrome\content folder moved successfully.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM\chrome folder moved successfully.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon\Setup folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\64de2357\U folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\64de2357 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 133755 bytes
->Temporary Internet Files folder emptied: 2558391 bytes
->FireFox cache emptied: 51088252 bytes
->Opera cache emptied: 12832209 bytes
->Flash cache emptied: 4867 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7913606 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 240652 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 71.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.33.2 log created on 02292012_082328

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 AM

Posted 29 February 2012 - 10:43 AM

How are things doing now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 senare

senare
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 29 February 2012 - 11:14 AM

It seems to be a great deal faster. *G* I've not had any error messages and the searching problem is gone. Thanks!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 AM

Posted 29 February 2012 - 11:39 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

J2SE Runtime Environment 5.0 Update 6 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 senare

senare
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 29 February 2012 - 07:30 PM

The MBAM log opened up on its own, not sure if its suppose to do that or not I don't remember it doing that before. I have MBAT.DAT file on the desktop, what is this? I'm not having any problems that I'm noticing. It seems to be roughly back to normal?

MBAM
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.29.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: DESKTOP [administrator]

Protection: Disabled

2/29/2012 6:20:28 PM
mbam-log-2012-02-29 (18-20-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 165883
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

hijack this
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:28:12 PM, on 2/29/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DAZ Content Management Service (DAZContentManagementService) - Unknown owner - C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 6289 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users