Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Suspected Malware

Started by Orcitect , Jul 13 2010 09:05 AM

This topic is locked

#16
SweetTech

Posted 13 July 2010 - 12:42 PM

Sir SpamAlot

Retired Staff
7,671 posts

You made sure that you disabled your security programs, and had no windows opening when running ComboFix correct? See if it will let you exit out if it, and if so proceed with my latest set of instructions above.

#17
Orcitect

Posted 13 July 2010 - 12:48 PM

Member

Topic Starter
Member
20 posts

Yep, did exactly what you said. It exited fine, ill continue with your other instructions.

I unfortunately get the following error if i try to use Malwarebytes, this was the error that i got when trying to update, but now i get it when trying to run the program :

Posted Image

Edited by Orcitect, 13 July 2010 - 12:51 PM.

#18
SweetTech

Posted 13 July 2010 - 12:55 PM

Sir SpamAlot

Retired Staff
7,671 posts

MalwareBytes' Anti-Malware Uninstall
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. http://www.malwareby.../mbam-clean.exe
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.

Make sure you follow my previous instructions for updating MBAM after reinstalling it.

#19
Orcitect

Posted 13 July 2010 - 01:02 PM

Member

Topic Starter
Member
20 posts

1. Done
2. Done
3. I cannot access 'http://www.malwarebytes.org/mbam-clean.exe' i get a 'Oops! Google Chrome could not find www.malwarebytes.org' when i try, i guess thats part of the browser redirection.

#20
SweetTech

Posted 13 July 2010 - 01:08 PM

Sir SpamAlot

Retired Staff
7,671 posts

I just tried to access the link and it worked for me.

Let me grab a new OTL log from you.

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following bolded text into the textbox.

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Push
A report will open. Copy and Paste that report in your next reply.

#21
Orcitect

Posted 13 July 2010 - 01:15 PM

Member

Topic Starter
Member
20 posts

OTL Report

OTL logfile created on: 13/07/2010 20:10:22 - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Mike\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 426.86 Gb Free Space | 91.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298.08 Gb Total Space | 94.72 Gb Free Space | 31.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASUS
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - E:\Programs\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (ALWIL Software)
PRC - E:\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Vtune\TBPANEL.exe ()
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (ParetoLogic Inc.)
PRC - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
PRC - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
PRC - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (ALWIL Software)
SRV - (Browser Defender Update Service) -- E:\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (XoftSpyService) -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (ParetoLogic Inc.)
SRV - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (PD91Engine) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
SRV - (PD91Agent) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Users\Mike\Desktop\SD\SpywareDoctor\swdsvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Users\Mike\Desktop\SD\SpywareDoctor\svcntaux.exe (PC Tools)

========== Driver Services (SafeList) ==========

DRV - (vsmraid) -- C:\Windows\System32\DRIVERS\vsmraid.sys File not found
DRV - (USBAAPL) -- C:\Windows\System32\Drivers\usbaapl.sys File not found
DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys File not found
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys File not found
DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (iksysflt) -- C:\Windows\System32\drivers\iksysflt.sys File not found
DRV - (ikfileflt) -- C:\Windows\System32\drivers\ikfileflt.sys File not found
DRV - (iblb) -- C:\Windows\System32\drivers\mqqwwnds.sys File not found
DRV - (GarenaPEngine) -- C:\Users\Mike\AppData\Local\Temp\MBN1DFF.tmp File not found
DRV - (EIO) -- C:\Windows\System32\DRIVERS\EIO.sys File not found
DRV - (ASInsHelp) -- C:\Windows\System32\drivers\AsInsHelp32.sys File not found
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (ALWIL Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (ALWIL Software)
DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswNdis) -- C:\Windows\system32\DRIVERS\aswNdis.sys (ALWIL Software)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows ® Codename Longhorn DDK provider)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (EverestDriver) -- E:\Programs\Everest-Ultimate-Edition-4.60.1601-hardal\kerneld.wnt ()
DRV - (PORTIO) -- C:\Users\Mike\Desktop\JungleFlasher\portio32.sys ()
DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFS.sys (Raxco Software, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (SaiUF51A) -- C:\Windows\System32\drivers\SaiUF51A.sys (Saitek)
DRV - (SaiHF51A) -- C:\Windows\System32\drivers\SaiHF51A.sys (Saitek)
DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows ® 2000 DDK provider)
DRV - (SysTool) -- C:\Windows\System32\drivers\SysTool.sys ()
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (GhPciScan) -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys (Symantec Corporation)
DRV - (Aspi32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.ijji.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.ask.com?o=...?o=15438&l=dis"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..keyword.URL: "http://www.fastbrows...8A71016E85}&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/17 12:57:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/17 12:57:45 | 000,000,000 | ---D | M]

[2009/09/20 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2009/09/20 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/06/30 15:42:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/06/29 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\extensions
[2009/10/05 13:36:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/15 12:31:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}-trash
[2009/12/01 03:23:46 | 000,000,000 | ---D | M] (Fast Browser Search (My Web Tattoo)) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/02/10 21:12:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/10/05 13:36:22 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/07/24 14:11:29 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\extensions\[email protected]
[2009/06/15 12:19:21 | 000,004,196 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\searchplugins\aim-search.xml
[2010/02/05 21:40:29 | 000,002,427 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\searchplugins\askcom.xml
[2010/07/13 20:01:21 | 000,005,413 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\searchplugins\fast-browser-search.xml
[2010/05/13 22:36:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/13 22:36:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/13 22:36:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2007/04/16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/03/10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2009/08/24 20:10:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 20:10:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 20:10:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 20:10:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/13 18:49:56 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - E:\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - E:\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\Programs\Adobe\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [XoftSpySE] C:\Program Files\XoftSpySE6\XoftSpySE.exe (ParetoLogic Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe ()
O4 - HKCU..\Run: [Steam] e:\programs\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Mike\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mike\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\Windows\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.hfyu - C:\Windows\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\PROGRA~1\MpcStar\Codecs\tscc\tsccvid.dll File not found
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.vp60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/07/13 19:34:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/13 19:34:41 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/13 19:33:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/13 18:47:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/13 16:28:16 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2010/07/13 14:32:44 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\SD
[2010/07/13 11:44:53 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\QuickScan
[2010/07/13 02:26:11 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2010/07/13 02:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/13 02:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010/07/13 02:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/07/13 02:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE
[2010/07/13 02:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6
[2010/07/13 02:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2010/07/10 19:37:47 | 001,421,080 | ---- | C] (Acronis) -- C:\Windows\System32\AutoPartNt.exe
[2010/07/10 19:23:13 | 000,114,048 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2010/07/10 19:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010/07/10 19:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/07/10 19:15:30 | 000,045,056 | ---- | C] (Adaptec) -- C:\Windows\System32\WNASPI32.DLL
[2010/07/10 19:15:30 | 000,017,005 | ---- | C] (Adaptec) -- C:\Windows\System32\drivers\ASPI32.SYS
[2010/07/10 19:15:30 | 000,005,600 | ---- | C] (Adaptec) -- C:\Windows\System\WINASPI.DLL
[2010/07/10 19:15:30 | 000,004,672 | ---- | C] (Adaptec) -- C:\Windows\System\WOWPOST.EXE
[2010/07/10 19:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/07/10 19:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/07/10 19:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/07/10 19:13:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Symantec Norton Ghost 2003 Retail
[2010/07/10 18:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/07/09 01:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra Video Joiner
[2010/06/22 23:26:29 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\SpywareDoctorPortable
[2010/06/21 16:27:27 | 048,145,920 | ---- | C] (Native Instruments GmbH) -- C:\Users\Mike\Desktop\Guitar Rig 4.dll
[2010/06/21 16:26:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2010/06/21 16:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010/06/21 16:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2010/06/21 16:25:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2010/06/21 16:24:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2010/06/21 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2010/06/19 14:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2010/06/17 12:57:46 | 000,427,008 | ---- | C] (True Games Interactive) -- C:\Windows\System32\uc_wepic_launching.dll
[2010/06/17 12:57:46 | 000,208,384 | ---- | C] (<YNK Intractive>) -- C:\Windows\System32\uc_rohan_launching.dll
[2010/06/17 12:57:46 | 000,147,456 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\uc_neosteam_launching.dll
[2010/06/17 12:57:46 | 000,075,264 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_holybeast_launching.dll
[2010/06/17 12:57:46 | 000,064,000 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_sfighters_launching.dll
[2010/06/17 12:57:46 | 000,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_atlantica_launching.dll
[2010/06/17 12:57:46 | 000,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_luminary_launching.dll
[2010/06/17 12:57:45 | 000,713,312 | ---- | C] (NHN USA) -- C:\Windows\System32\ijjiSetup.exe
[2010/06/17 12:57:45 | 000,086,624 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\ijjiChannelingPlugin.dll
[2010/06/17 12:57:45 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\Windows\System32\ijjiProcessRestarter.exe
[2010/06/17 12:57:45 | 000,057,952 | ---- | C] (NHN USA Corp.) -- C:\Windows\System32\ijjiPlugin2.dll
[2010/06/16 01:11:27 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\AOinjector
[2010/06/16 01:07:07 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\AVA
[2010/06/15 22:30:25 | 003,584,240 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2010/06/15 22:29:05 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2010/06/15 22:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010/06/15 21:38:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\New Folder
[2010/06/15 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\ijjigame
[2010/06/14 23:37:24 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Adobe
[2010/06/14 23:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/06/14 15:18:56 | 001,334,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msvbvm50.dll
[2010/06/14 15:18:47 | 000,312,320 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe

========== Files - Modified Within 30 Days ==========

[2010/07/13 20:10:04 | 003,670,016 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT
[2010/07/13 19:59:16 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/13 19:59:10 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/13 19:59:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/13 19:58:56 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/13 19:58:56 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/13 19:58:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/13 19:57:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/13 19:57:56 | 000,524,288 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/07/13 19:57:56 | 000,065,536 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/07/13 19:57:53 | 002,368,971 | -H-- | M] () -- C:\Users\Mike\AppData\Local\IconCache.db
[2010/07/13 19:49:09 | 000,016,631 | ---- | M] () -- C:\Users\Mike\Desktop\Error.jpg
[2010/07/13 19:17:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-928896281-1088641206-494770322-1000UA.job
[2010/07/13 19:15:59 | 003,738,561 | R--- | M] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2010/07/13 18:49:56 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/07/13 16:28:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2010/07/13 12:43:47 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/13 12:43:47 | 000,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/13 12:43:47 | 000,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/13 02:44:49 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010/07/13 02:44:49 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\XoftSpySE.job
[2010/07/13 02:04:12 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\XoftSpySE.lnk
[2010/07/12 23:00:24 | 000,001,803 | ---- | M] () -- C:\Users\Mike\Desktop\IMVU.lnk
[2010/07/12 22:17:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-928896281-1088641206-494770322-1000Core.job
[2010/07/10 19:39:20 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let
[2010/07/10 19:37:47 | 001,421,080 | ---- | M] (Acronis) -- C:\Windows\System32\AutoPartNt.exe
[2010/07/10 19:29:01 | 233,192,900 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/10 19:23:13 | 000,114,048 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2010/07/10 19:23:10 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Acronis Migrate Easy 7.0.lnk
[2010/07/10 18:30:58 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 4.1.1 Professional Edition.lnk
[2010/07/10 12:47:16 | 000,001,057 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\vso_ts_preview.xml
[2010/07/09 22:45:47 | 002,828,416 | ---- | M] () -- C:\Users\Mike\Desktop\Unknown - Caramell Dansen (Speedycake remix).mp3
[2010/07/09 11:31:18 | 011,027,072 | ---- | M] () -- C:\Users\Mike\Documents\Buddy Guy - Sweet Home Chicago.mp3
[2010/07/09 11:28:09 | 000,012,145 | -HS- | M] () -- C:\Users\Mike\Documents\Folder.jpg
[2010/07/09 11:28:09 | 000,012,145 | -HS- | M] () -- C:\Users\Mike\Documents\AlbumArt_{B13D5C1A-DE3B-42A0-B263-51FC3A231AE1}_Large.jpg
[2010/07/09 11:28:09 | 000,002,754 | -HS- | M] () -- C:\Users\Mike\Documents\AlbumArtSmall.jpg
[2010/07/09 11:28:09 | 000,002,754 | -HS- | M] () -- C:\Users\Mike\Documents\AlbumArt_{B13D5C1A-DE3B-42A0-B263-51FC3A231AE1}_Small.jpg
[2010/07/09 11:27:48 | 013,248,768 | ---- | M] () -- C:\Users\Mike\Documents\B.B. King at his best.mpg.mp3
[2010/07/09 11:25:35 | 020,651,201 | ---- | M] () -- C:\Users\Mike\Documents\B.B. King at his best.mpg.mp4
[2010/07/09 11:20:00 | 017,591,663 | ---- | M] () -- C:\Users\Mike\Documents\Buddy Guy - Sweet Home Chicago.mp4
[2010/07/09 02:07:08 | 000,029,184 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/09 01:55:37 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\Ultra Video Joiner.lnk
[2010/07/09 01:18:17 | 023,799,243 | ---- | M] () -- C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 3 TV.mp4
[2010/07/09 01:16:27 | 022,592,290 | ---- | M] () -- C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 2 TV.mp4
[2010/07/09 01:16:10 | 036,548,191 | ---- | M] () -- C:\Users\Mike\Documents\The Cat in the Hat. part 1 TV.mp4
[2010/07/09 00:50:15 | 000,000,697 | ---- | M] () -- C:\Users\Mike\Desktop\YouTube Downloader.lnk
[2010/07/04 15:30:27 | 000,002,032 | ---- | M] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2010/06/29 02:26:07 | 000,066,242 | ---- | M] () -- C:\Users\Mike\Desktop\Cheetoes.png
[2010/06/21 16:26:31 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Guitar Rig 4.lnk
[2010/06/21 03:25:55 | 000,018,608 | ---- | M] () -- C:\Users\Mike\Documents\big_4972610.jpg
[2010/06/21 01:52:57 | 000,001,097 | ---- | M] () -- C:\Users\Mike\Desktop\Cache Cleaner.lnk
[2010/06/20 23:58:43 | 000,004,176 | ---- | M] () -- C:\Users\Mike\Desktop\For Those Who Can Still Ride an Airplane for the First time by Anis Mojgani.rtf
[2010/06/20 23:54:25 | 000,003,343 | ---- | M] () -- C:\Users\Mike\Desktop\Milos by Anis Mojgani.rtf
[2010/06/17 13:40:23 | 000,000,599 | ---- | M] () -- C:\Users\Public\Desktop\A.V.A.lnk
[2010/06/17 12:57:46 | 000,000,561 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010/06/17 12:57:46 | 000,000,561 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2010/06/17 12:57:46 | 000,000,153 | ---- | M] () -- C:\Users\Public\Desktop\ijji.url
[2010/06/16 19:22:16 | 001,797,269 | ---- | M] () -- C:\Users\Mike\Desktop\fxpansion.mp3
[2010/06/14 13:31:22 | 005,557,605 | ---- | M] () -- C:\Users\Mike\Desktop\03.The Curse Of Castle Dragon.mp3
[2010/06/14 12:14:34 | 000,000,050 | ---- | M] () -- C:\Windows\MegaManager.INI

========== Files Created - No Company Name ==========

[2010/07/13 19:49:09 | 000,016,631 | ---- | C] () -- C:\Users\Mike\Desktop\Error.jpg
[2010/07/13 19:01:22 | 003,738,561 | R--- | C] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2010/07/13 02:04:12 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\XoftSpySE.lnk
[2010/07/13 02:04:10 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010/07/13 02:04:07 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\XoftSpySE.job
[2010/07/10 19:37:47 | 000,001,024 | ---- | C] () -- C:\Windows\System32\AutoPartNt.let
[2010/07/10 19:23:10 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Acronis Migrate Easy 7.0.lnk
[2010/07/10 18:30:58 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/07/10 18:30:58 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 4.1.1 Professional Edition.lnk
[2010/07/10 18:30:57 | 001,669,120 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/07/10 18:30:57 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/07/10 18:30:57 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/07/10 18:30:57 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/07/09 11:28:11 | 000,012,145 | -HS- | C] () -- C:\Users\Mike\Documents\AlbumArt_{B13D5C1A-DE3B-42A0-B263-51FC3A231AE1}_Large.jpg
[2010/07/09 11:28:11 | 000,002,754 | -HS- | C] () -- C:\Users\Mike\Documents\AlbumArt_{B13D5C1A-DE3B-42A0-B263-51FC3A231AE1}_Small.jpg
[2010/07/09 11:27:25 | 013,248,768 | ---- | C] () -- C:\Users\Mike\Documents\B.B. King at his best.mpg.mp3
[2010/07/09 11:25:57 | 011,027,072 | ---- | C] () -- C:\Users\Mike\Documents\Buddy Guy - Sweet Home Chicago.mp3
[2010/07/09 11:25:35 | 020,651,201 | ---- | C] () -- C:\Users\Mike\Documents\B.B. King at his best.mpg.mp4
[2010/07/09 11:20:00 | 017,591,663 | ---- | C] () -- C:\Users\Mike\Documents\Buddy Guy - Sweet Home Chicago.mp4
[2010/07/09 11:10:40 | 002,828,416 | ---- | C] () -- C:\Users\Mike\Desktop\Unknown - Caramell Dansen (Speedycake remix).mp3
[2010/07/09 01:55:37 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\Ultra Video Joiner.lnk
[2010/07/09 01:55:35 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/07/09 01:11:28 | 023,799,243 | ---- | C] () -- C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 3 TV.mp4
[2010/07/09 01:04:15 | 022,592,290 | ---- | C] () -- C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 2 TV.mp4
[2010/07/09 00:56:58 | 036,548,191 | ---- | C] () -- C:\Users\Mike\Documents\The Cat in the Hat. part 1 TV.mp4
[2010/07/09 00:50:15 | 000,000,697 | ---- | C] () -- C:\Users\Mike\Desktop\YouTube Downloader.lnk
[2010/06/29 02:26:06 | 000,066,242 | ---- | C] () -- C:\Users\Mike\Desktop\Cheetoes.png
[2010/06/21 16:26:31 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Guitar Rig 4.lnk
[2010/06/21 16:22:39 | 295,562,842 | ---- | C] () -- C:\Users\Mike\Desktop\Guitar_Rig_4.rar
[2010/06/21 13:09:35 | 233,192,900 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/21 03:25:34 | 000,018,608 | ---- | C] () -- C:\Users\Mike\Documents\big_4972610.jpg
[2010/06/21 01:52:57 | 000,001,097 | ---- | C] () -- C:\Users\Mike\Desktop\Cache Cleaner.lnk
[2010/06/20 23:58:43 | 000,004,176 | ---- | C] () -- C:\Users\Mike\Desktop\For Those Who Can Still Ride an Airplane for the First time by Anis Mojgani.rtf
[2010/06/20 23:54:25 | 000,003,343 | ---- | C] () -- C:\Users\Mike\Desktop\Milos by Anis Mojgani.rtf
[2010/06/17 13:40:23 | 000,000,599 | ---- | C] () -- C:\Users\Public\Desktop\A.V.A.lnk
[2010/06/17 12:57:46 | 000,009,728 | ---- | C] () -- C:\Windows\System32\uc_karos_launching.dll
[2010/06/17 12:57:46 | 000,000,561 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010/06/17 12:57:46 | 000,000,561 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2010/06/17 12:57:46 | 000,000,153 | ---- | C] () -- C:\Users\Public\Desktop\ijji.url
[2010/06/15 22:29:05 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd
[2010/06/14 13:31:06 | 005,557,605 | ---- | C] () -- C:\Users\Mike\Desktop\03.The Curse Of Castle Dragon.mp3
[2010/06/14 12:14:34 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2010/05/18 22:25:36 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/04/29 14:18:34 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010/04/23 23:54:37 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/03/09 16:52:33 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/04 18:41:29 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiCF51A_0C.dll
[2010/03/04 18:41:29 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCF51A_10.dll
[2010/03/04 18:41:29 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCF51A_0A.dll
[2010/03/04 18:41:29 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCF51A_07.dll
[2010/03/04 18:41:29 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiCF51A_09.dll
[2010/03/04 18:41:29 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiCF51A_0402.dll
[2010/03/04 18:41:29 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiCF51A_11.dll
[2010/03/04 18:41:28 | 002,514,944 | ---- | C] () -- C:\Windows\System32\SaiCF51A.Dll
[2010/02/24 02:54:16 | 000,190,976 | ---- | C] () -- C:\Windows\System32\WgaLogon.dll
[2010/02/02 20:29:46 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/09/23 23:09:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/09 23:19:15 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
[2009/08/03 16:07:42 | 000,667,136 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/29 01:13:57 | 000,000,030 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/05/19 10:11:04 | 000,002,045 | -H-- | C] () -- C:\Windows\System32\whlpdms32a.dll
[2009/03/28 03:17:42 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2009/02/22 18:57:52 | 004,421,889 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/02/18 14:57:22 | 000,557,451 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/02/16 18:19:42 | 000,790,190 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/16 17:32:20 | 000,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/02/16 17:30:30 | 000,903,703 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/02/16 17:23:50 | 000,145,081 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/02/16 15:49:30 | 000,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/02/14 16:15:42 | 000,486,400 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/02/09 23:28:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/02/09 21:19:18 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/02/09 21:19:12 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/02/09 21:18:52 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/02/09 21:18:32 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/02/09 21:18:24 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/02/09 21:18:20 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/02/09 20:56:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/02/07 17:15:57 | 000,000,261 | ---- | C] () -- C:\Windows\WPE PRO.INI
[2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009/01/05 15:25:44 | 000,003,120 | ---- | C] () -- C:\Windows\System32\43f1c37a-c8ee-40c4-ae97-245883ef2153.dll
[2008/12/25 19:52:10 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2008/12/25 19:52:10 | 000,012,664 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2008/12/22 02:04:42 | 000,000,028 | ---- | C] () -- C:\Windows\System32\autoscan.dll
[2008/12/21 08:01:56 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/12/21 08:01:56 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/12/21 08:01:56 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/12/21 08:01:56 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/12/21 06:59:54 | 000,013,936 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/12/21 06:59:49 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/12/21 06:59:43 | 000,013,619 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/01/21 03:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/12/28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/07/10 18:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/11/10 14:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\SysTool.sys
[2006/11/02 13:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/12/21 10:39:07 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/06/14 22:22:05 | 000,000,740 | -H-- | M] () -- C:\IPH.PH
[2010/07/13 19:58:47 | 3802,468,352 | -HS- | M] () -- C:\pagefile.sys
[2008/12/21 08:07:49 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2009/08/09 23:19:19 | 000,005,138 | ---- | M] () -- C:\StarBurn.log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 13:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/26 15:00:11 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 13:34:09 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/04/18 17:29:02 | 000,016,384 | -H-- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\key3.db

< %PROGRAMFILES%\*.* >
[2008/01/21 03:41:56 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:16:46 | 017,956,864 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:16:31 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:16:46 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/21 03:22:57 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-12 03:04:58

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 3 TV.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 2 TV.mp4:TOC.WMV
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

#22
SweetTech

Posted 13 July 2010 - 01:58 PM

Sir SpamAlot

Retired Staff
7,671 posts

Running TDSSKiller

Please Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below.

Download TDSSKiller from one of the links below:

Zipped Version or Executable (Not Zipped) Version

Note: If you download the TDSSKiller.zip version you will first need to unzip (extract) the file to your computer before running it.

Please ensure that you save the TDSSKiller file to you desktop.

If TDSSKiller asks you to close all programs please allow it to do so.

If you see the following:
To finalize removal of infection and avoid loosing of data program will reboot your PC now.
Close all programs and choose Y to restart or N to continue.

Please enter Y and allow TDSSKiller to reboot your computer.

Once completed it will create a log in your C:\ drive. An example of a log file is: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post the content of the TDSSKiller log.

#23
Orcitect

Posted 13 July 2010 - 02:13 PM

Member

Topic Starter
Member
20 posts

TDSSKiller Log

21:12:04:460 4632 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
21:12:04:460 4632 ================================================================================
21:12:04:460 4632 SystemInfo:

21:12:04:460 4632 OS Version: 6.0.6002 ServicePack: 2.0
21:12:04:460 4632 Product type: Workstation
21:12:04:460 4632 ComputerName: ASUS
21:12:04:461 4632 UserName: Mike
21:12:04:461 4632 Windows directory: C:\Windows
21:12:04:461 4632 System windows directory: C:\Windows
21:12:04:461 4632 Processor architecture: Intel x86
21:12:04:461 4632 Number of processors: 2
21:12:04:461 4632 Page size: 0x1000
21:12:04:462 4632 Boot type: Normal boot
21:12:04:462 4632 ================================================================================
21:12:04:809 4632 Initialize success
21:12:04:810 4632
21:12:04:810 4632 Scanning Services ...
21:12:05:916 4632 Raw services enum returned 473 services
21:12:05:942 4632
21:12:05:943 4632 Scanning Drivers ...
21:12:06:850 4632 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:12:06:943 4632 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:12:06:989 4632 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:12:07:008 4632 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:12:07:019 4632 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:12:07:054 4632 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
21:12:07:079 4632 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:12:07:104 4632 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:12:07:113 4632 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:12:07:126 4632 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:12:07:136 4632 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:12:07:145 4632 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:12:07:156 4632 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:12:07:166 4632 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:12:07:176 4632 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:12:07:209 4632 AsIO (663f2fb92608073824ee3106886120f3) C:\Windows\system32\drivers\AsIO.sys
21:12:07:237 4632 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\Windows\system32\drivers\Aspi32.sys
21:12:07:270 4632 aswFsBlk (d67647c5264373f01bf7362994d116a8) C:\Windows\system32\drivers\aswFsBlk.sys
21:12:07:292 4632 aswFW (7e7d7aca7f2c69ba72f308b6721f9ed8) C:\Windows\system32\drivers\aswFW.sys
21:12:07:310 4632 aswMonFlt (2dfae2a401dc76144319fb01063f7385) C:\Windows\system32\drivers\aswMonFlt.sys
21:12:07:328 4632 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
21:12:07:353 4632 aswNdis2 (10f209e8d73702fb7f39842c91077680) C:\Windows\system32\drivers\aswNdis2.sys
21:12:07:374 4632 aswRdr (ade49d266a19c1f458aea14465a9a59c) C:\Windows\system32\drivers\aswRdr.sys
21:12:07:395 4632 aswSnx (e1e5c1d020999636c593c4d031d55b7d) C:\Windows\system32\drivers\aswSnx.sys
21:12:07:418 4632 aswSP (561d8190296861a87d09a27f191813c7) C:\Windows\system32\drivers\aswSP.sys
21:12:07:436 4632 aswTdi (e63d8d88704e3e00619406f71fa701f5) C:\Windows\system32\drivers\aswTdi.sys
21:12:07:465 4632 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:12:07:487 4632 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:12:07:513 4632 AtcL001 (ddfba7cee3361f0f73ecc42148f5b7b6) C:\Windows\system32\DRIVERS\l160x86.sys
21:12:07:537 4632 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:12:07:546 4632 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:12:07:557 4632 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
21:12:07:567 4632 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:12:07:575 4632 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:12:07:585 4632 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:12:07:594 4632 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:12:07:603 4632 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:12:07:611 4632 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:12:07:636 4632 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:12:07:669 4632 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
21:12:07:696 4632 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:12:07:719 4632 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
21:12:07:748 4632 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
21:12:07:770 4632 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:12:07:797 4632 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:12:07:816 4632 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:12:07:842 4632 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:12:07:855 4632 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:12:07:864 4632 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
21:12:07:890 4632 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\Windows\system32\drivers\cpuz132_x32.sys
21:12:07:912 4632 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:12:07:921 4632 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:12:07:952 4632 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
21:12:07:973 4632 DefragFS (e08557f41650b505571d50c9247a1e03) C:\Windows\system32\drivers\DefragFS.sys
21:12:07:987 4632 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
21:12:08:003 4632 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:12:08:026 4632 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:12:08:063 4632 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
21:12:08:099 4632 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:12:08:132 4632 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:12:08:153 4632 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:12:08:186 4632 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
21:12:08:197 4632 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:12:08:210 4632 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
21:12:08:278 4632 EverestDriver (fe7c318e302fd69d765a4fc6873c3935) E:\Programs\Everest-Ultimate-Edition-4.60.1601-hardal\kerneld.wnt
21:12:08:309 4632 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:12:08:338 4632 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:12:08:354 4632 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:12:08:373 4632 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:12:08:383 4632 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:12:08:392 4632 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:12:08:425 4632 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:12:08:435 4632 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:12:08:445 4632 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
21:12:08:464 4632 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:12:08:624 4632 GhPciScan (4d0e1ddfc571285a0bbabb0a534f4d3d) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
21:12:08:648 4632 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
21:12:08:679 4632 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:12:08:711 4632 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:12:08:764 4632 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
21:12:08:791 4632 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:12:08:817 4632 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:12:08:826 4632 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:12:08:863 4632 HTTP (4d6eb87dcabfd66221822f49cfd79077) C:\Windows\system32\drivers\HTTP.sys
21:12:08:875 4632 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:12:08:887 4632 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:12:08:913 4632 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:12:08:980 4632 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:12:09:031 4632 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:12:09:110 4632 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
21:12:09:166 4632 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:12:09:180 4632 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:12:09:190 4632 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:12:09:206 4632 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:12:09:226 4632 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:12:09:237 4632 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:12:09:246 4632 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:12:09:314 4632 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:12:09:326 4632 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:12:09:336 4632 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:12:09:356 4632 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:12:09:384 4632 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:12:09:413 4632 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\Windows\system32\drivers\klmd.sys
21:12:09:445 4632 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:12:09:472 4632 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:12:09:481 4632 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:12:09:490 4632 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:12:09:502 4632 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:12:09:523 4632 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:12:09:552 4632 mcdbus (f922b609524cf1ed66a1a109f3ce014f) C:\Windows\system32\DRIVERS\mcdbus.sys
21:12:09:586 4632 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:12:09:615 4632 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:12:09:627 4632 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:12:09:662 4632 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:12:09:733 4632 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:12:09:744 4632 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:12:09:758 4632 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:12:09:767 4632 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:12:09:801 4632 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:12:09:810 4632 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:12:09:843 4632 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:12:09:868 4632 mrxsmb (66de1a2b389a1969ca1751b276108e45) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:12:09:879 4632 mrxsmb10 (346611d7523b520faa86b76753cc9874) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:12:09:902 4632 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:12:09:925 4632 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:12:09:933 4632 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:12:09:956 4632 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:12:10:057 4632 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:12:10:093 4632 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:12:10:108 4632 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:12:10:117 4632 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:12:10:131 4632 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:12:10:151 4632 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:12:10:161 4632 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:12:10:177 4632 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
21:12:10:195 4632 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:12:10:224 4632 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:12:10:255 4632 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:12:10:286 4632 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:12:10:305 4632 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:12:10:336 4632 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:12:10:346 4632 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:12:10:368 4632 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:12:10:391 4632 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:12:10:435 4632 netr28u (aec0afa7382dda52ab13d3e033636c74) C:\Windows\system32\DRIVERS\netr28u.sys
21:12:10:471 4632 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:12:10:503 4632 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:12:10:511 4632 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:12:10:551 4632 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:12:10:580 4632 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:12:10:588 4632 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:12:10:604 4632 NVHDA (a82534d453425f5fee4b6a583fdcf3eb) C:\Windows\system32\drivers\nvhda32v.sys
21:12:10:990 4632 nvlddmkm (8b75f652726a2ba3197860f300514e3f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:12:11:082 4632 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:12:11:091 4632 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:12:11:099 4632 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:12:11:134 4632 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:12:11:163 4632 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
21:12:11:188 4632 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:12:11:214 4632 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
21:12:11:248 4632 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
21:12:11:268 4632 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:12:11:292 4632 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:12:11:302 4632 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:12:11:324 4632 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
21:12:11:345 4632 PCTCore (ad629e621cb1242ba8707cd9c2c5b6ec) C:\Windows\system32\drivers\PCTCore.sys
21:12:11:363 4632 pctgntdi (da309323debad2469efdb99286afff9f) C:\Windows\System32\drivers\pctgntdi.sys
21:12:11:393 4632 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:12:11:480 4632 PORTIO (5f86f324faa18c31a3ef3805169e508a) C:\Users\Mike\Desktop\JungleFlasher\portio32.sys
21:12:11:499 4632 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:12:11:512 4632 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:12:11:543 4632 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:12:11:576 4632 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:12:11:597 4632 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:12:11:605 4632 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:12:11:613 4632 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:12:11:621 4632 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:12:11:639 4632 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:12:11:666 4632 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:12:11:747 4632 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:12:11:761 4632 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:12:11:787 4632 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
21:12:11:807 4632 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:12:11:829 4632 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:12:11:859 4632 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:12:11:876 4632 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:12:11:916 4632 SaiHF51A (e9f6222c66f583b9b3cccf8eb828d922) C:\Windows\system32\DRIVERS\SaiHF51A.sys
21:12:11:949 4632 SaiMini (9733fcabeadb1bc0ca8200e01ea73ed8) C:\Windows\system32\DRIVERS\SaiMini.sys
21:12:12:034 4632 SaiNtBus (e84f979d78f58fd8d35f4b9b74cb4199) C:\Windows\system32\drivers\SaiBus.sys
21:12:12:175 4632 SaiUF51A (249dab45fcfef6016a12010e5caab469) C:\Windows\system32\DRIVERS\SaiUF51A.sys
21:12:12:219 4632 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:12:12:242 4632 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:12:12:269 4632 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
21:12:12:296 4632 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
21:12:12:323 4632 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:12:12:339 4632 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:12:12:355 4632 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:12:12:366 4632 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:12:12:382 4632 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:12:12:404 4632 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:12:12:413 4632 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:12:12:433 4632 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:12:12:454 4632 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:12:12:483 4632 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\Windows\system32\DRIVERS\snapman.sys
21:12:12:499 4632 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:12:12:538 4632 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
21:12:12:570 4632 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
21:12:12:599 4632 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
21:12:12:615 4632 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:12:12:632 4632 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:12:12:648 4632 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:12:12:656 4632 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:12:12:675 4632 SysTool (0e4bb35c5305099ac82053ac992e3e0e) C:\Windows\system32\DRIVERS\SysTool.sys
21:12:12:706 4632 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPanel.sys
21:12:12:750 4632 Tcpip (da467e7619ae5f4588e6262c13c8940a) C:\Windows\system32\drivers\tcpip.sys
21:12:12:784 4632 Tcpip6 (da467e7619ae5f4588e6262c13c8940a) C:\Windows\system32\DRIVERS\tcpip.sys
21:12:12:806 4632 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:12:12:841 4632 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:12:12:856 4632 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:12:12:882 4632 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:12:12:911 4632 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:12:13:007 4632 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:12:13:069 4632 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:12:13:137 4632 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
21:12:13:204 4632 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:12:13:271 4632 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:12:13:293 4632 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:12:13:305 4632 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:12:13:317 4632 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:12:13:327 4632 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:12:13:339 4632 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:12:13:368 4632 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:12:13:386 4632 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:12:13:414 4632 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:12:13:441 4632 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:12:13:465 4632 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:12:13:473 4632 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
21:12:13:490 4632 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:12:13:508 4632 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:12:13:516 4632 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:12:13:525 4632 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:12:13:534 4632 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:12:13:543 4632 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:12:13:566 4632 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:12:13:581 4632 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:12:13:603 4632 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:12:13:631 4632 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:12:13:665 4632 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:12:13:673 4632 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:12:13:676 4632 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:12:13:685 4632 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:12:13:710 4632 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:12:13:731 4632 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
21:12:13:756 4632 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:12:13:765 4632 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:12:13:784 4632 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:12:13:787 4632
21:12:13:787 4632 Completed
21:12:13:787 4632
21:12:13:788 4632 Results:
21:12:13:788 4632 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:12:13:788 4632 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:12:13:788 4632
21:12:13:791 4632 KLMD(ARK) unloaded successfully

#24
SweetTech

Posted 13 July 2010 - 02:39 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

Do you know what these are below?

C:\Users\Mike\AppData\Roaming\Microsoft\key3.db
C:\Users\Mike\AppData\Local\AOinjector

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word "Code"

:Services
:OTL
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Download this version of combofix

Please download ComboFix from: Here to your Desktop.

**Note:**In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to the name provided in the image below:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
Double click on the renamed version of ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the ComboFix log which can be found in the root drive (usually the C: Drive) for further review.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

#25
Orcitect

Posted 13 July 2010 - 02:44 PM

Member

Topic Starter
Member
20 posts

Hm, the AOinjector was something to do with a game i believe, can't remember what it did though. Not sure about the key3.db

Anyway, ill continue with your steps, thanks for the help so far

#26
SweetTech

Posted 13 July 2010 - 02:50 PM

Sir SpamAlot

Retired Staff
7,671 posts

Anyway, ill continue with your steps, thanks for the help so far

Your welcome.

#27
Orcitect

Posted 13 July 2010 - 02:53 PM

Member

Topic Starter
Member
20 posts

I'm usually pretty good with problem solving, but this problem just goes over my head, anyway.

OTL Log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\comfile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 3528572 bytes
->Temporary Internet Files folder emptied: 1211707 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4113915 bytes
->Google Chrome cache emptied: 70838795 bytes
->Flash cache emptied: 38984 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1013584 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 7477122 bytes

Total Files Cleaned = 84.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mike
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.9.0 log created on 07132010_214540

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Edit : Having problems with combofix actually loading again, ill leave it a while like before though.

Edited by Orcitect, 13 July 2010 - 03:21 PM.

#28
SweetTech

Posted 13 July 2010 - 03:25 PM

Sir SpamAlot

Retired Staff
7,671 posts

Okay. Thanks for letting me know.

#29
Orcitect

Posted 13 July 2010 - 03:27 PM

Member

Topic Starter
Member
20 posts

Would this be the kind of problem that's better to just to wipe everything away, start fresh and make sure to keep all the updates.... well updated?

------------

From Combofix:

Posted Image

Edited by Orcitect, 13 July 2010 - 03:30 PM.

#30
SweetTech

Posted 13 July 2010 - 03:33 PM

Sir SpamAlot

Retired Staff
7,671 posts

Would this be the kind of problem that's better to just to wipe everything away, start fresh and make sure to keep all the updates.... well updated?

At this point, it may be the quickest and best option for you to take. When you perform a reformat and reinstall you can be sure that you are starting off fresh, without any viruses. Just realize that some of the files you backup may be infected, if you choose to backup any files.