Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gray Menubar and messedup drivers


  • This topic is locked This topic is locked
49 replies to this topic

#1 dayers11

dayers11

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 05 March 2012 - 07:00 PM

My old (and favorite) hp laptop is acting up. Pretty sure its a virus. I have Stopzilla on this unit and it usually works ok. Whatever it is disables windows audio and changes the menu bar to gray. There is also a huge svchost.exe file everytime i check task manager. Tried MBRFix with no luck. The CD on this unit hasn't worked since my last scrub and install.

Would appreciate your help as always !!

HvD

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:23 PM

Posted 11 March 2012 - 05:41 PM

Hi dayers11,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

 

Please take note:

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
  • Please tell me if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps I have recommended please try one more time and if unsuccessful alert us of such and I will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links.. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


I also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 dayers11

dayers11
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 12 March 2012 - 10:16 PM

Jason,

There are the logs you requested.

Not Defogger failed to run the first few times - I rebooted and ran it right away successfully. So I am running all of this with the CD Emulations disabled. Also no Windows CD available - CD/DVD is not working on this unit - not sure why ??

Files:
Attached File  attach.zip   3.2KB   3 downloads
Attached File  GMER Log.log   18.96KB   4 downloads
Attached File  dds.txt   14.19KB   6 downloads

Edited by dayers11, 12 March 2012 - 10:21 PM.


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:23 PM

Posted 13 March 2012 - 07:58 AM

Hi dayers11,

In the future, please do not attach logs, unless asked to do so. Just copy and paste the logs into your posts.

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at this article:
How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


:step1: Ad-Aware is no longer recommended
  • mvps.org is no longer recommending Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products).

    Therefore, I strongly recommend uninstalling Ad-Aware.


:step2: Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Edited by jntkwx, 13 March 2012 - 11:17 AM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:23 PM

Posted 16 March 2012 - 11:38 AM

Hi dayers11,

It's been several days since my last post. Do you still need help?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,443 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:23 AM

Posted 20 March 2012 - 12:47 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,443 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:23 AM

Posted 26 March 2012 - 01:12 AM

This topic has been re-opened at the request of the person who originally posted.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#8 dayers11

dayers11
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 26 March 2012 - 06:16 PM

This is the log

I didnt know if I should re-run TDSSKiller for a more recent log. So this is the last one I ran.

22:32:28.0843 2504 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
22:32:29.0390 2504 ============================================================
22:32:29.0390 2504 Current date / time: 2012/03/15 22:32:29.0390
22:32:29.0390 2504 SystemInfo:
22:32:29.0390 2504
22:32:29.0390 2504 OS Version: 5.1.2600 ServicePack: 2.0
22:32:29.0390 2504 Product type: Workstation
22:32:29.0390 2504 ComputerName: SINKRO-DF902E85
22:32:29.0390 2504 UserName: Derrick Ayers
22:32:29.0390 2504 Windows directory: C:\WINDOWS
22:32:29.0390 2504 System windows directory: C:\WINDOWS
22:32:29.0390 2504 Processor architecture: Intel x86
22:32:29.0390 2504 Number of processors: 1
22:32:29.0390 2504 Page size: 0x1000
22:32:29.0390 2504 Boot type: Normal boot
22:32:29.0390 2504 ============================================================
22:32:34.0593 2504 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:32:34.0593 2504 \Device\Harddisk0\DR0:
22:32:34.0593 2504 MBR used
22:32:34.0593 2504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC583F1D
22:32:34.0593 2504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xC587E1D, BlocksNum 0x1809CE1
22:32:34.0687 2504 Initialize success
22:32:34.0687 2504 ============================================================
22:33:30.0484 0608 ============================================================
22:33:30.0484 0608 Scan started
22:33:30.0484 0608 Mode: Manual; SigCheck; TDLFS;
22:33:30.0484 0608 ============================================================
22:33:31.0453 0608 Abiosdsk - ok
22:33:31.0468 0608 abp480n5 - ok
22:33:31.0546 0608 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:33:34.0015 0608 ACPI - ok
22:33:34.0125 0608 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:33:34.0328 0608 ACPIEC - ok
22:33:34.0343 0608 adpu160m - ok
22:33:34.0406 0608 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
22:33:34.0562 0608 aec - ok
22:33:34.0593 0608 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
22:33:34.0968 0608 Afc - ok
22:33:35.0015 0608 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
22:33:35.0203 0608 AFD - ok
22:33:35.0312 0608 Aha154x - ok
22:33:35.0312 0608 aic78u2 - ok
22:33:35.0328 0608 aic78xx - ok
22:33:35.0359 0608 AliIde - ok
22:33:35.0421 0608 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:33:35.0531 0608 AmdK8 - ok
22:33:35.0546 0608 amsint - ok
22:33:35.0593 0608 ArcCD (a82f1a1b09593c73efd02a59dc94920c) C:\WINDOWS\system32\drivers\ArcCD.sys
22:33:35.0640 0608 ArcCD ( UnsignedFile.Multi.Generic ) - warning
22:33:35.0640 0608 ArcCD - detected UnsignedFile.Multi.Generic (1)
22:33:35.0671 0608 ArcRec (1af9061b61741a912368ab4dc309d25e) C:\WINDOWS\system32\drivers\ArcRec.sys
22:33:35.0671 0608 ArcRec ( UnsignedFile.Multi.Generic ) - warning
22:33:35.0671 0608 ArcRec - detected UnsignedFile.Multi.Generic (1)
22:33:35.0718 0608 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) C:\WINDOWS\system32\drivers\ArcUdfs.sys
22:33:35.0750 0608 ArcUdfs ( UnsignedFile.Multi.Generic ) - warning
22:33:35.0750 0608 ArcUdfs - detected UnsignedFile.Multi.Generic (1)
22:33:35.0781 0608 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:33:36.0109 0608 Arp1394 - ok
22:33:36.0109 0608 asc - ok
22:33:36.0125 0608 asc3350p - ok
22:33:36.0125 0608 asc3550 - ok
22:33:36.0171 0608 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:33:36.0328 0608 AsyncMac - ok
22:33:36.0468 0608 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:33:36.0609 0608 atapi - ok
22:33:36.0609 0608 Atdisk - ok
22:33:36.0750 0608 ati2mtag (287b11a781f2b7a28f283fd4b7434daf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:33:36.0937 0608 ati2mtag - ok
22:33:36.0984 0608 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:33:37.0171 0608 Atmarpc - ok
22:33:37.0234 0608 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:33:37.0406 0608 audstub - ok
22:33:37.0593 0608 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:33:37.0781 0608 BCM43XX - ok
22:33:37.0828 0608 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:33:38.0031 0608 Beep - ok
22:33:38.0171 0608 BTKRNL (ec083290c783afe5ff903cbd411c1ab1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
22:33:38.0343 0608 BTKRNL ( UnsignedFile.Multi.Generic ) - warning
22:33:38.0343 0608 BTKRNL - detected UnsignedFile.Multi.Generic (1)
22:33:38.0406 0608 BTWUSB (e76dc88f00d50f46072feb2371769978) C:\WINDOWS\system32\Drivers\btwusb.sys
22:33:38.0421 0608 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
22:33:38.0421 0608 BTWUSB - detected UnsignedFile.Multi.Generic (1)
22:33:38.0515 0608 CAMCAUD (c2ef37f09cfee9665e6cd7c0b0afb84f) C:\WINDOWS\system32\drivers\camc6aud.sys
22:33:38.0593 0608 CAMCAUD - ok
22:33:38.0640 0608 CAMCHALA (512df898de5c0654647acd5c82f0bd99) C:\WINDOWS\system32\drivers\camc6hal.sys
22:33:38.0781 0608 CAMCHALA - ok
22:33:38.0828 0608 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:33:39.0015 0608 cbidf2k - ok
22:33:39.0031 0608 cd20xrnt - ok
22:33:39.0078 0608 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:33:39.0265 0608 Cdaudio - ok
22:33:39.0296 0608 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:33:39.0437 0608 Cdfs - ok
22:33:39.0484 0608 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:33:39.0671 0608 Cdrom - ok
22:33:39.0718 0608 Changer - ok
22:33:39.0781 0608 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:33:39.0953 0608 CmBatt - ok
22:33:39.0984 0608 CmdIde - ok
22:33:40.0046 0608 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:33:40.0203 0608 Compbatt - ok
22:33:40.0218 0608 Cpqarray - ok
22:33:40.0234 0608 dac2w2k - ok
22:33:40.0250 0608 dac960nt - ok
22:33:40.0296 0608 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:33:40.0468 0608 Disk - ok
22:33:40.0640 0608 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
22:33:40.0843 0608 dmboot - ok
22:33:40.0875 0608 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
22:33:41.0031 0608 dmio - ok
22:33:41.0078 0608 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:33:41.0218 0608 dmload - ok
22:33:41.0343 0608 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:33:41.0484 0608 DMusic - ok
22:33:41.0484 0608 dpti2o - ok
22:33:41.0546 0608 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:33:41.0703 0608 drmkaud - ok
22:33:41.0734 0608 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys
22:33:41.0781 0608 eabfiltr - ok
22:33:41.0812 0608 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys
22:33:41.0828 0608 eabusb - ok
22:33:41.0859 0608 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:33:42.0031 0608 Fastfat - ok
22:33:42.0093 0608 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
22:33:42.0296 0608 Fdc - ok
22:33:42.0406 0608 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
22:33:42.0593 0608 Fips - ok
22:33:42.0750 0608 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:33:43.0000 0608 Flpydisk - ok
22:33:43.0109 0608 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:33:43.0312 0608 FltMgr - ok
22:33:43.0468 0608 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:33:43.0609 0608 Fs_Rec - ok
22:33:43.0687 0608 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:33:43.0828 0608 Ftdisk - ok
22:33:43.0890 0608 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:33:43.0906 0608 GEARAspiWDM - ok
22:33:44.0015 0608 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:33:44.0203 0608 Gpc - ok
22:33:44.0296 0608 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
22:33:44.0312 0608 hamachi - ok
22:33:44.0421 0608 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:33:44.0593 0608 HidUsb - ok
22:33:44.0593 0608 hpn - ok
22:33:44.0671 0608 HSFHWATI (14794f142befc962ab142584607a6631) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
22:33:44.0734 0608 HSFHWATI - ok
22:33:44.0828 0608 HSF_DP (f99bb4e2b462198b2b0a82d0949f0c41) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:33:44.0937 0608 HSF_DP - ok
22:33:45.0265 0608 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
22:33:45.0437 0608 HTTP - ok
22:33:45.0484 0608 i2omgmt - ok
22:33:45.0500 0608 i2omp - ok
22:33:45.0562 0608 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:33:45.0734 0608 i8042prt - ok
22:33:45.0765 0608 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:33:45.0953 0608 Imapi - ok
22:33:45.0968 0608 ini910u - ok
22:33:45.0984 0608 IntelIde - ok
22:33:46.0078 0608 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:33:46.0281 0608 Ip6Fw - ok
22:33:46.0359 0608 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:33:46.0531 0608 IpFilterDriver - ok
22:33:46.0656 0608 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:33:46.0843 0608 IpInIp - ok
22:33:46.0890 0608 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:33:47.0062 0608 IpNat - ok
22:33:47.0187 0608 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:33:47.0375 0608 IPSec - ok
22:33:47.0421 0608 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:33:47.0468 0608 IRENUM - ok
22:33:47.0531 0608 is3srv (447e6a7c3e7e1cd550a8af889a8209e9) C:\WINDOWS\system32\drivers\is3srv.sys
22:33:47.0531 0608 is3srv - ok
22:33:47.0562 0608 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:33:47.0718 0608 isapnp - ok
22:33:47.0765 0608 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:33:48.0468 0608 Kbdclass - ok
22:33:48.0562 0608 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:33:48.0828 0608 kbdhid - ok
22:33:48.0937 0608 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
22:33:49.0093 0608 kmixer - ok
22:33:49.0156 0608 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
22:33:49.0328 0608 KSecDD - ok
22:33:49.0531 0608 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
22:33:49.0546 0608 Lavasoft Kernexplorer - ok
22:33:49.0578 0608 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
22:33:49.0593 0608 Lbd - ok
22:33:49.0609 0608 lbrtfdc - ok
22:33:49.0671 0608 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:33:49.0703 0608 mdmxsdk - ok
22:33:49.0906 0608 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:33:49.0953 0608 MHNDRV - ok
22:33:50.0015 0608 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:33:50.0234 0608 mnmdd - ok
22:33:50.0296 0608 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
22:33:50.0515 0608 Modem - ok
22:33:50.0546 0608 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:33:50.0750 0608 Mouclass - ok
22:33:50.0812 0608 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:33:50.0953 0608 mouhid - ok
22:33:51.0000 0608 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:33:51.0140 0608 MountMgr - ok
22:33:51.0156 0608 mraid35x - ok
22:33:51.0234 0608 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:33:51.0390 0608 MRxDAV - ok
22:33:51.0562 0608 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:33:51.0828 0608 MRxSmb - ok
22:33:51.0890 0608 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:33:52.0046 0608 Msfs - ok
22:33:52.0093 0608 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:33:52.0250 0608 MSKSSRV - ok
22:33:52.0296 0608 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:33:52.0468 0608 MSPCLOCK - ok
22:33:52.0500 0608 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:33:52.0671 0608 MSPQM - ok
22:33:52.0765 0608 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:33:52.0968 0608 mssmbios - ok
22:33:53.0031 0608 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
22:33:53.0234 0608 Mup - ok
22:33:53.0343 0608 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:33:53.0546 0608 NDIS - ok
22:33:53.0562 0608 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:33:53.0718 0608 NdisTapi - ok
22:33:53.0765 0608 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:33:54.0156 0608 Ndisuio - ok
22:33:54.0234 0608 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:33:54.0390 0608 NdisWan - ok
22:33:54.0421 0608 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:33:54.0671 0608 NDProxy - ok
22:33:54.0781 0608 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:33:54.0984 0608 NetBIOS - ok
22:33:55.0125 0608 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:33:55.0265 0608 NetBT - ok
22:33:55.0328 0608 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:33:55.0500 0608 NIC1394 - ok
22:33:55.0515 0608 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:33:55.0687 0608 Npfs - ok
22:33:55.0765 0608 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
22:33:56.0000 0608 Ntfs - ok
22:33:56.0109 0608 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:33:56.0234 0608 Null - ok
22:33:56.0281 0608 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:33:56.0468 0608 NwlnkFlt - ok
22:33:56.0531 0608 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:33:56.0671 0608 NwlnkFwd - ok
22:33:56.0703 0608 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:33:56.0843 0608 ohci1394 - ok
22:33:56.0875 0608 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
22:33:57.0015 0608 Parport - ok
22:33:57.0046 0608 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:33:57.0203 0608 PartMgr - ok
22:33:57.0234 0608 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:33:57.0406 0608 ParVdm - ok
22:33:57.0437 0608 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
22:33:57.0562 0608 PCI - ok
22:33:57.0609 0608 PCIDump - ok
22:33:57.0640 0608 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:33:57.0812 0608 PCIIde - ok
22:33:57.0828 0608 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:33:58.0000 0608 Pcmcia - ok
22:33:58.0109 0608 PDCOMP - ok
22:33:58.0125 0608 PDFRAME - ok
22:33:58.0140 0608 PDRELI - ok
22:33:58.0171 0608 PDRFRAME - ok
22:33:58.0187 0608 perc2 - ok
22:33:58.0203 0608 perc2hib - ok
22:33:58.0234 0608 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:33:58.0375 0608 PptpMiniport - ok
22:33:58.0390 0608 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
22:33:58.0718 0608 Processor - ok
22:33:58.0890 0608 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:33:59.0343 0608 PSched - ok
22:33:59.0359 0608 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:33:59.0453 0608 Ptilink - ok
22:33:59.0562 0608 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:33:59.0593 0608 PxHelp20 - ok
22:33:59.0625 0608 ql1080 - ok
22:33:59.0640 0608 Ql10wnt - ok
22:33:59.0640 0608 ql12160 - ok
22:33:59.0656 0608 ql1240 - ok
22:33:59.0671 0608 ql1280 - ok
22:33:59.0703 0608 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:33:59.0875 0608 RasAcd - ok
22:33:59.0984 0608 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:34:00.0125 0608 Rasl2tp - ok
22:34:00.0156 0608 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:34:00.0296 0608 RasPppoe - ok
22:34:00.0328 0608 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:34:00.0453 0608 Raspti - ok
22:34:00.0515 0608 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:34:00.0656 0608 Rdbss - ok
22:34:00.0671 0608 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:34:00.0812 0608 RDPCDD - ok
22:34:00.0875 0608 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:34:01.0015 0608 rdpdr - ok
22:34:01.0109 0608 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
22:34:01.0265 0608 RDPWD - ok
22:34:01.0328 0608 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:34:01.0484 0608 redbook - ok
22:34:01.0546 0608 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
22:34:01.0625 0608 RimUsb - ok
22:34:01.0687 0608 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
22:34:01.0750 0608 RTL8023xp - ok
22:34:01.0765 0608 rtl8139 - ok
22:34:01.0828 0608 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:34:01.0937 0608 sdbus - ok
22:34:01.0984 0608 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:34:02.0046 0608 Secdrv - ok
22:34:02.0093 0608 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
22:34:02.0281 0608 Serial - ok
22:34:02.0312 0608 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:34:02.0468 0608 Sfloppy - ok
22:34:02.0484 0608 Simbad - ok
22:34:02.0500 0608 Sparrow - ok
22:34:02.0546 0608 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
22:34:02.0656 0608 splitter - ok
22:34:02.0734 0608 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
22:34:02.0968 0608 sr - ok
22:34:03.0109 0608 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
22:34:03.0406 0608 Srv - ok
22:34:03.0484 0608 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:34:03.0625 0608 swenum - ok
22:34:03.0656 0608 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:34:03.0796 0608 swmidi - ok
22:34:03.0812 0608 symc810 - ok
22:34:03.0812 0608 symc8xx - ok
22:34:03.0828 0608 sym_hi - ok
22:34:03.0843 0608 sym_u3 - ok
22:34:03.0875 0608 SynTP (f484c77f748729129d5cc9c965d9f701) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:34:03.0984 0608 SynTP - ok
22:34:04.0046 0608 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:34:04.0250 0608 sysaudio - ok
22:34:04.0343 0608 szkg5 (447e6a7c3e7e1cd550a8af889a8209e9) C:\WINDOWS\system32\DRIVERS\szkg.sys
22:34:04.0343 0608 szkg5 - ok
22:34:04.0406 0608 szkgfs (2b8581dc75d6d043e273eb0244632bcb) C:\WINDOWS\system32\drivers\szkgfs.sys
22:34:04.0406 0608 szkgfs - ok
22:34:04.0484 0608 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:34:04.0640 0608 Tcpip - ok
22:34:04.0703 0608 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:34:04.0859 0608 TDPIPE - ok
22:34:04.0906 0608 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:34:05.0125 0608 TDTCP - ok
22:34:05.0296 0608 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:34:05.0625 0608 TermDD - ok
22:34:05.0812 0608 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
22:34:05.0875 0608 tifm21 - ok
22:34:05.0875 0608 TosIde - ok
22:34:05.0921 0608 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:34:06.0062 0608 Udfs - ok
22:34:06.0078 0608 ultra - ok
22:34:06.0093 0608 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
22:34:06.0250 0608 Update - ok
22:34:06.0312 0608 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:34:06.0375 0608 USBAAPL - ok
22:34:06.0390 0608 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:34:06.0546 0608 usbccgp - ok
22:34:06.0578 0608 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:34:06.0750 0608 usbehci - ok
22:34:06.0906 0608 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:34:07.0093 0608 usbhub - ok
22:34:07.0125 0608 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:34:07.0281 0608 usbohci - ok
22:34:07.0312 0608 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:34:07.0453 0608 usbscan - ok
22:34:07.0484 0608 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:34:07.0593 0608 USBSTOR - ok
22:34:07.0609 0608 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:34:07.0734 0608 VgaSave - ok
22:34:07.0750 0608 ViaIde - ok
22:34:07.0812 0608 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
22:34:08.0000 0608 VolSnap - ok
22:34:08.0046 0608 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:34:08.0171 0608 Wanarp - ok
22:34:08.0187 0608 WDICA - ok
22:34:08.0250 0608 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
22:34:08.0390 0608 wdmaud - ok
22:34:08.0515 0608 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:34:08.0609 0608 winachsf - ok
22:34:08.0718 0608 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:34:08.0890 0608 WmiAcpi - ok
22:34:09.0312 0608 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:34:09.0406 0608 WpdUsb - ok
22:34:09.0515 0608 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:34:09.0671 0608 WS2IFSL - ok
22:34:09.0703 0608 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:34:09.0750 0608 WudfPf - ok
22:34:09.0765 0608 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:34:09.0812 0608 WudfRd - ok
22:34:09.0812 0608 XDva385 - ok
22:34:09.0843 0608 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
22:34:09.0875 0608 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
22:34:09.0875 0608 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
22:34:09.0984 0608 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:34:09.0984 0608 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:34:09.0984 0608 Boot (0x1200) (cb9d0a3596027cd4299df1ba2202c6e7) \Device\Harddisk0\DR0\Partition0
22:34:09.0984 0608 \Device\Harddisk0\DR0\Partition0 - ok
22:34:10.0015 0608 Boot (0x1200) (378196f00983e085eca03f08a2ea685b) \Device\Harddisk0\DR0\Partition1
22:34:10.0015 0608 \Device\Harddisk0\DR0\Partition1 - ok
22:34:10.0015 0608 ============================================================
22:34:10.0015 0608 Scan finished
22:34:10.0015 0608 ============================================================
22:34:10.0125 3448 Detected object count: 7
22:34:10.0125 3448 Actual detected object count: 7
22:35:09.0296 3448 ArcCD ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:09.0296 3448 ArcCD ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:09.0312 3448 ArcRec ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:09.0312 3448 ArcRec ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:09.0312 3448 ArcUdfs ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:09.0312 3448 ArcUdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:09.0312 3448 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:09.0312 3448 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:09.0312 3448 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:09.0312 3448 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:10.0296 3448 \Device\Harddisk0\DR0\# - copied to quarantine
22:35:10.0296 3448 \Device\Harddisk0\DR0 - copied to quarantine
22:35:10.0343 3448 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
22:35:10.0421 3448 \Device\Harddisk0\DR0 - ok
22:35:10.0421 3448 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
22:35:10.0421 3448 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:35:10.0421 3448 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:36:01.0625 2064 Deinitialize success

#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:23 PM

Posted 27 March 2012 - 08:31 AM

Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.


*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 dayers11

dayers11
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 27 March 2012 - 07:55 PM

C:\Documents and Settings\Derrick Ayers\Desktop\HelpAsst_mebroot_fix.exe
Tue 03/27/2012 at 20:28:06.03

HelpAssistant account Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"8387:TCP"=-
"8388:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"8388:TCP"=-
"8387:TCP"=-

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Tue 03/27/2012 at 20:52:30.43

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:23 PM

Posted 28 March 2012 - 08:37 AM

dayers11,

Looking good! :thumbup2:

How's the computer running now?

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please include in your next post:
  • OTL log
  • How's the computer running now? Please be as specific and descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:23 PM

Posted 31 March 2012 - 01:37 PM

dayers11,

It's been several days since my last post. Do you still need help?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 dayers11

dayers11
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 31 March 2012 - 06:26 PM

Still need to run the OTL report and get back to you
Seems to be running ok
note did not see any problems right after running Defogger.

hev

#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:23 PM

Posted 31 March 2012 - 08:22 PM

Thanks for letting me know. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 dayers11

dayers11
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 04 April 2012 - 09:00 PM

OTL logfile created on: 4/4/2012 9:45:58 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Derrick Ayers\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.40% Memory free
3.85 Gb Paging File | 3.10 Gb Available in Paging File | 80.60% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 98.76 Gb Total Space | 59.06 Gb Free Space | 59.80% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 0.14 Gb Free Space | 1.18% Space Free | Partition Type: FAT32

Computer Name: SINKRO-DF902E85 | User Name: Derrick Ayers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/04 21:44:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derrick Ayers\Desktop\OTL.exe
PRC - [2012/03/24 18:09:09 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/07 18:12:30 | 000,183,336 | R--- | M] (iS3, Inc.) -- c:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/12/07 18:12:26 | 000,068,648 | R--- | M] (iS3, Inc.) -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/13 18:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2005/12/08 14:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2005/09/24 01:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/08/10 16:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/24 18:09:08 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 20:30:21 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/04 12:36:49 | 002,521,408 | -HS- | M] () -- \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\PlayReady\Cache\S-1-5-21-1644491937-492894223-839522115-1003\MSPRindiv01.key
MOD - [2010/06/20 09:17:17 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_346003de\mscorlib.dll
MOD - [2010/06/20 09:17:13 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_d592bbc4\system.drawing.dll
MOD - [2010/06/20 09:17:07 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_86e05f7d\system.xml.dll
MOD - [2010/06/20 09:17:02 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7c5ec918\system.windows.forms.dll
MOD - [2010/06/20 09:16:53 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f837cea3\system.dll
MOD - [2010/06/20 09:16:42 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/03/28 16:43:10 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/03/28 16:43:09 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2010/03/28 16:43:08 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010/03/28 16:32:40 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2010/03/28 16:32:38 | 000,774,144 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2010/03/28 16:32:31 | 001,044,480 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2010/03/28 16:32:27 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2010/03/28 16:32:26 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2010/03/28 16:32:26 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2010/03/28 16:32:26 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2010/03/28 16:32:24 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2010/03/28 16:32:24 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2010/03/28 16:32:24 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2010/03/28 16:32:24 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
MOD - [2010/03/28 16:32:24 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2010/03/28 16:32:24 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2010/03/28 16:32:24 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2010/03/28 16:32:23 | 000,014,848 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2010/03/28 16:32:23 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2010/03/28 16:32:22 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2010/03/28 16:32:21 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2010/03/28 16:32:21 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2010/03/28 16:32:20 | 000,589,824 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2010/03/28 16:32:20 | 000,512,000 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2010/03/28 16:32:20 | 000,385,024 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2010/03/28 16:32:20 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2010/03/28 16:32:20 | 000,225,280 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2010/03/28 16:32:20 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2010/03/28 16:32:20 | 000,073,728 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2010/03/28 16:32:20 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2010/03/28 16:32:20 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2010/03/28 16:32:20 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2010/03/28 16:32:20 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2010/03/28 16:32:20 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2010/03/28 16:22:06 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2005/12/08 14:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
MOD - [2004/08/10 16:00:00 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2004/08/10 16:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/08/10 16:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 16:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/07 18:12:26 | 000,068,648 | R--- | M] (iS3, Inc.) [Auto | Running] -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/04/26 11:37:01 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8139.SYS -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/09/26 12:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SZKG.sys -- (szkg5)
DRV - [2011/09/26 12:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2011/08/16 17:48:30 | 000,059,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SZKGFS.sys -- (szkgfs)
DRV - [2011/02/04 10:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/23 03:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/11/06 14:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/04/25 09:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/04/24 12:33:50 | 000,007,680 | ---- | M] (ArcSoft Inc.) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/11/28 05:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/10 18:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/30 07:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 06:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 05:06:00 | 001,035,008 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 05:06:00 | 000,718,464 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 05:06:00 | 000,231,424 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/16 12:40:48 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/08/16 12:38:22 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/02 06:00:00 | 000,349,312 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 05:58:00 | 000,038,016 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/05/05 11:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 11:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 43 7F 01 05 63 D9 43 8E 67 BC 19 94 24 74 E9 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 43 7F 01 05 63 D9 43 8E 67 BC 19 94 24 74 E9 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 43 7F 01 05 63 D9 43 8E 67 BC 19 94 24 74 E9 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 43 7F 01 05 63 D9 43 8E 67 BC 19 94 24 74 E9 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 43 7F 01 05 63 D9 43 8E 67 BC 19 94 24 74 E9 [binary data]
IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\..\URLSearchHook: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\prxtbReg1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\..\SearchScopes,DefaultScope = {73ccfd25-abe2-4bdf-ac5d-28a470a4d234}
IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\..\SearchScopes\{28DFF562-93F4-4049-B794-5D40CC102517}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\..\SearchScopes\{73ccfd25-abe2-4bdf-ac5d-28a470a4d234}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1601497
IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-492894223-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = www

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.goodskins.com/he_is_risen/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {7F17C4E6-9438-41BF-BAD0-37A4BACC6904}:1.9.1
FF - prefs.js..extensions.enabledItems: {D77DC51A-BA08-4C80-8FC1-756A5EA50DA3}:1.9.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52667
FF - prefs.js..network.proxy.no_proxies_on: "www"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Derrick Ayers\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{7F17C4E6-9438-41BF-BAD0-37A4BACC6904}: C:\Documents and Settings\Derrick Ayers\Local Settings\Application Data\{7F17C4E6-9438-41BF-BAD0-37A4BACC6904} [2011/05/28 01:56:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D77DC51A-BA08-4C80-8FC1-756A5EA50DA3}: C:\Documents and Settings\Tech Serv.SINKRO-DF902E85.000\Local Settings\Application Data\{D77DC51A-BA08-4C80-8FC1-756A5EA50DA3} [2011/05/28 01:56:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/10 20:12:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/24 18:09:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/31 09:25:25 | 000,000,000 | ---D | M]

[2011/01/17 10:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Derrick Ayers\Application Data\Mozilla\Extensions
[2010/03/28 21:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Derrick Ayers\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/03/05 21:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Derrick Ayers\Application Data\Mozilla\Firefox\Profiles\dxk6c8nl.default\extensions
[2012/03/05 21:36:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Derrick Ayers\Application Data\Mozilla\Firefox\Profiles\dxk6c8nl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/31 09:25:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/31 09:25:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/05/31 09:25:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/24 18:09:10 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2006/08/09 06:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npWebLaunch.dll
[2012/01/21 09:44:06 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/03/05 21:32:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/03/05 21:32:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AdBlock = C:\Documents and Settings\Derrick Ayers\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.7_0\
CHR - Extension: Bflix extension = C:\Documents and Settings\Derrick Ayers\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp\1.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Derrick Ayers\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Browser Button for AdBlock = C:\Documents and Settings\Derrick Ayers\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\picdndbpdnapajibahnnogkjofaeooof\0.0.12_0\
CHR - Extension: RebateRobot = C:\Documents and Settings\Derrick Ayers\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda\2.2_0\

O1 HOSTS File: ([2012/03/12 22:54:58 | 000,000,847 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BFlix Class) - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files\BFlix\Bflix.dll (BFlix)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RebateRobot BHO) - {66616350-A70C-4FF5-912E-A92B8076F6F7} - C:\Program Files\RebateRobot\RebateRobot.dll (RebateRobot)
O2 - BHO: (Shop to Win) - {8E51683A-EA9D-4127-AE14-A13294FF6F7C} - C:\Program Files\Shop to Win 19\Shop to Win 19.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Reganam Toolbar) - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\prxtbReg1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Reganam Toolbar) - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\prxtbReg1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1644491937-492894223-839522115-1003\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-492894223-839522115-1003\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1644491937-492894223-839522115-1003\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1644491937-492894223-839522115-1003\..\Toolbar\WebBrowser: (Reganam Toolbar) - {DB9D7A78-A76C-4BF2-97C6-258925EE1542} - C:\Program Files\Reganam\prxtbReg1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [gethtml] C:\Documents and Settings\All Users\gethtml.exe File not found
O4 - HKLM..\Run: [graffast] %APPDATA%\graffast.exe File not found
O4 - HKLM..\Run: [playopen] C:\Documents and Settings\Derrick Ayers\Application Data\playopen.exe File not found
O4 - HKLM..\Run: [utilc] C:\Documents and Settings\All Users\utilc.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\.DEFAULT..\Run: [gethtml] C:\Documents and Settings\All Users\gethtml.exe File not found
O4 - HKU\.DEFAULT..\Run: [playopen] %APPDATA%\playopen.exe File not found
O4 - HKU\.DEFAULT..\Run: [utilc] C:\Documents and Settings\All Users\utilc.exe File not found
O4 - HKU\S-1-5-18..\Run: [gethtml] C:\Documents and Settings\All Users\gethtml.exe File not found
O4 - HKU\S-1-5-18..\Run: [playopen] %APPDATA%\playopen.exe File not found
O4 - HKU\S-1-5-18..\Run: [utilc] C:\Documents and Settings\All Users\utilc.exe File not found
O4 - HKU\S-1-5-21-1644491937-492894223-839522115-1003..\Run: [{C031EA39-6975-AD7F-3A3A-0C4419D72F56}] "C:\Documents and Settings\Derrick Ayers\Application Data\Icpu\olqui.exe" File not found
O4 - HKU\S-1-5-21-1644491937-492894223-839522115-1003..\Run: [Atipi] "C:\Documents and Settings\Derrick Ayers\Application Data\Inbiu\veobw.exe" File not found
O4 - HKU\S-1-5-21-1644491937-492894223-839522115-1003..\Run: [playopen] C:\Documents and Settings\Derrick Ayers\Application Data\playopen.exe File not found
O4 - HKU\S-1-5-21-1644491937-492894223-839522115-1003..\Run: [utilc] C:\Documents and Settings\All Users\utilc.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-492894223-839522115-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1644491937-492894223-839522115-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1644491937-492894223-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-492894223-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1644491937-492894223-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{056FE738-8870-4C58-9A6B-4F63E2EB8D7F}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Derrick Ayers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Derrick Ayers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/28 16:44:43 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 23:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 15:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1644491937-492894223-839522115-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/04 21:44:11 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derrick Ayers\Desktop\OTL.exe
[2012/03/27 20:28:08 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2012/03/15 22:35:09 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/15 22:32:17 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Derrick Ayers\Desktop\tdsskiller.exe
[2012/03/12 23:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derrick Ayers\Application Data\Xetuy
[2012/03/12 23:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derrick Ayers\Application Data\Inbiu
[2012/03/12 23:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derrick Ayers\Application Data\Eruwd
[2012/03/12 21:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derrick Ayers\Desktop\gmer
[2012/03/12 21:26:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Derrick Ayers\Desktop\dds.scr
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Derrick Ayers\Desktop\*.tmp files -> C:\Documents and Settings\Derrick Ayers\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/04 21:55:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{024254CF-3F11-431D-8B5F-E9C90E3871A0}.job
[2012/04/04 21:44:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derrick Ayers\Desktop\OTL.exe
[2012/04/04 21:38:05 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2012/04/04 21:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/04/04 21:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/04 18:28:00 | 000,003,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/04/04 18:24:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/04 18:24:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/04 18:24:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/04 18:23:59 | 2145,636,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/02 07:56:32 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Tech Serv.job
[2012/04/01 19:02:32 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/27 20:25:27 | 000,490,256 | ---- | M] () -- C:\Documents and Settings\Derrick Ayers\Desktop\HelpAsst_mebroot_fix.exe
[2012/03/26 21:32:09 | 000,085,554 | ---- | M] () -- C:\Documents and Settings\Derrick Ayers\My Documents\9316_1133747260353_1127448685_30377402_3708559_n.jpg
[2012/03/26 20:03:45 | 000,009,192 | ---- | M] () -- C:\Documents and Settings\Derrick Ayers\My Documents\19466_1197251767926_1127448685_30527224_7658268_a.jpg
[2012/03/24 12:37:30 | 000,113,664 | ---- | M] () -- C:\Documents and Settings\Derrick Ayers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/23 18:55:16 | 000,383,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/23 18:55:15 | 000,054,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/15 22:26:59 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Derrick Ayers\Desktop\tdsskiller.exe
[2012/03/15 22:14:34 | 000,152,815 | ---- | M] () -- C:\Documents and Settings\Derrick Ayers\Desktop\409415_3160576330107_1136274242_3200947_80319868_n.jpg
[2012/03/12 23:12:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/12 21:55:44 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Derrick Ayers\Desktop\gmer.zip
[2012/03/12 21:52:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Derrick Ayers\defogger_reenable
[2012/03/12 21:33:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Derrick Ayers\Desktop\dds.scr
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Derrick Ayers\Desktop\*.tmp files -> C:\Documents and Settings\Derrick Ayers\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/04 21:38:05 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2012/04/04 18:26:35 | 000,003,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/03/27 20:25:23 | 000,490,256 | ---- | C] () -- C:\Documents and Settings\Derrick Ayers\Desktop\HelpAsst_mebroot_fix.exe
[2012/03/26 21:32:09 | 000,085,554 | ---- | C] () -- C:\Documents and Settings\Derrick Ayers\My Documents\9316_1133747260353_1127448685_30377402_3708559_n.jpg
[2012/03/26 20:03:44 | 000,009,192 | ---- | C] () -- C:\Documents and Settings\Derrick Ayers\My Documents\19466_1197251767926_1127448685_30527224_7658268_a.jpg
[2012/03/15 22:14:32 | 000,152,815 | ---- | C] () -- C:\Documents and Settings\Derrick Ayers\Desktop\409415_3160576330107_1136274242_3200947_80319868_n.jpg
[2012/03/12 21:56:33 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Derrick Ayers\Desktop\gmer.zip
[2012/03/12 21:52:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Derrick Ayers\defogger_reenable
[2012/02/28 20:58:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/28 20:58:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/28 20:58:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/28 20:58:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/28 20:58:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/13 18:53:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Derrick Ayers\Application Data\0490223a
[2011/10/13 18:47:52 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Derrick Ayers\Application Data\1335aa3f
[2011/10/13 18:46:17 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Derrick Ayers\Application Data\f3e855c0
[2011/05/02 14:28:49 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/02 14:28:49 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/11 22:07:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2011/03/21 19:19:49 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/03/19 18:59:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qyepecilu.dat
[2011/03/19 18:59:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pmunodoruvo.bin
[2011/01/17 10:02:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/24 21:46:16 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/10/16 10:22:29 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2010/06/27 20:59:01 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/08 17:53:29 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/05 22:09:34 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin

< End of report >

seems to be running fine with the only issue being that my AVS finds lots of stuff on every scan - let me know if you see in issues are think I should do anything else.

Thanks for your help !!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users