Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

webpage redirection

Started by alwayswhite , Dec 28 2010 07:54 AM

  • This topic is locked This topic is locked

#1
alwayswhite
Posted 28 December 2010 - 07:54 AM

alwayswhite

    New Member

  • Member
  • Pip
  • 5 posts
being redirected to unwanted sites via google 8. If I use the adresses in autocomplete I have no problem. Have run hijack this and found what may be suspicious entries but am not sure. Hav run OTL but too much information.
OTL logfile created on: 28/12/2010 13:39:03 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = D:\security tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 84.57 Gb Free Space | 75.66% Space Free | Partition Type: NTFS
Drive D: | 233.75 Gb Total Space | 127.36 Gb Free Space | 54.48% Space Free | Partition Type: NTFS
Drive E: | 233.75 Gb Total Space | 151.63 Gb Free Space | 64.87% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 196.87 Gb Free Space | 84.54% Space Free | Partition Type: NTFS
Drive G: | 189.92 Gb Total Space | 77.32 Gb Free Space | 40.71% Space Free | Partition Type: NTFS
Drive H: | 603.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: 4KMAIN | User Name: wtk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/28 13:38:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\security tools\OTL.exe
PRC - [2010/12/27 14:16:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- D:\security tools\HijackThis.exe
PRC - [2010/12/25 11:24:19 | 000,349,488 | ---- | M] (Assistance & Resources for Computing, Inc.) -- C:\PurgeIE\PurgeIE_Service.exe
PRC - [2010/11/26 10:10:01 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/26 10:09:57 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/11/26 10:09:29 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/26 10:09:28 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/10/01 11:09:39 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/10/01 11:09:39 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/10/01 11:09:30 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/10/01 11:09:29 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/09/16 20:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/12 08:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/18 19:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/02/04 00:28:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
PRC - [2010/02/04 00:27:55 | 000,672,424 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2009/10/16 12:10:34 | 000,589,824 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdxcoms.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/18 11:25:24 | 000,226,576 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/25 17:28:16 | 000,200,704 | ---- | M] (National Instruments, Inc.) -- c:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2006/07/25 17:28:10 | 000,057,344 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2006/07/25 17:28:02 | 000,045,056 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkads.exe
PRC - [2006/06/19 14:01:52 | 000,688,190 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2006/02/06 16:46:42 | 000,049,152 | ---- | M] (National Instruments Corp.) -- C:\WINDOWS\system32\nisvcloc.exe
PRC - [2005/05/10 16:32:18 | 000,135,168 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.exe
PRC - [2004/12/02 18:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004/08/17 15:07:44 | 000,143,360 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
PRC - [2003/09/11 03:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0H2.EXE
PRC - [2001/05/10 19:18:34 | 000,600,600 | ---- | M] (C. Ghisler & Co.) -- C:\WINCMD\WINCMD32.EXE
PRC - [2000/02/08 22:19:48 | 000,036,864 | R--- | M] (Roland) -- C:\Program Files\Roland\VSC32\vscvol.exe
PRC - [2000/02/07 02:02:44 | 000,036,864 | R--- | M] (Roland) -- C:\Program Files\Roland\VSC32\Vsc32Cnf.exe


========== Modules (SafeList) ==========

MOD - [2010/12/28 13:38:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\security tools\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/18 19:17:48 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/25 11:24:19 | 000,349,488 | ---- | M] (Assistance & Resources for Computing, Inc.) [Auto | Running] -- C:\PurgeIE\PurgeIE_Service.exe -- (PurgeIEservice)
SRV - [2010/12/21 16:49:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/11/26 10:09:57 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/01 11:09:30 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/16 12:10:34 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2009/10/16 12:00:50 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV - [2006/07/25 17:28:16 | 000,200,704 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- c:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2006/07/25 17:28:10 | 000,057,344 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2006/07/25 17:28:02 | 000,045,056 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2006/06/27 19:55:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- c:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2006/06/19 14:01:52 | 000,688,190 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2006/02/06 16:46:42 | 000,049,152 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - [2010/12/28 11:09:06 | 000,190,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/01 11:09:40 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/10/01 11:09:39 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/10/01 11:09:30 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/10/01 11:02:14 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/07/09 22:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/04/12 08:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010/02/11 12:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/30 12:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/12/09 10:06:00 | 000,296,448 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/08/25 02:22:00 | 000,014,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/09 12:49:06 | 000,819,072 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mod7700.sys -- (mod7700)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007/10/19 13:32:58 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modrc.sys -- (MODRC)
DRV - [2006/07/27 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2006/07/10 15:17:48 | 000,016,896 | R--- | M] (WideView Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BDA_Loader_220A.sys -- (BDA_Loader_220A)
DRV - [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/04/16 08:16:58 | 000,951,284 | R--- | M] (Roland) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vsc.sys -- (vsc32)
DRV - [2001/04/13 18:16:38 | 000,187,992 | ---- | M] (Roland) [Kernel | Auto | Running] -- C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys -- (RVIEG01)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/12/23 10:57:43 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RemoteCenter] File not found
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe File not found
O4 - HKLM..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\Vsc32Cnf.exe (Roland)
O4 - HKLM..\Run: [vscvol.exe] C:\Program Files\Roland\VSC32\vscvol.exe (Roland)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [RemoteControl] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 194.168.4.100
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\wtk\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\wtk\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/30 10:58:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/01/27 00:00:00 | 000,000,054 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/28 11:09:06 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/12/25 11:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wtk\Application Data\ElevatedDiagnostics
[2010/12/25 11:30:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/12/25 11:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PurgeIE
[2010/12/25 11:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wtk\Application Data\PurgeIE
[2010/12/25 11:24:18 | 000,000,000 | ---D | C] -- C:\PurgeIE
[2010/12/24 10:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/12/22 15:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2010/12/22 15:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wtk\Application Data\Blue Cat Audio
[2010/12/22 13:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bcgsoft
[2010/12/21 16:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative
[2010/12/21 16:50:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Defaults
[2010/12/21 16:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2010/12/21 16:49:05 | 000,445,016 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/12/21 16:49:05 | 000,109,144 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/12/21 16:45:13 | 000,025,088 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTSVCCTL.EXE
[2010/12/21 16:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative
[2010/12/21 16:44:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Creative Installation Information
[2010/12/21 15:39:16 | 000,041,984 | ---- | C] (Creative Technology Ltd ) -- C:\WINDOWS\Ctregrun.exe
[2010/12/21 13:55:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/12/20 14:39:33 | 000,000,000 | ---D | C] -- C:\CM60S
[2010/12/20 14:39:05 | 000,363,892 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\ISUN16.EXE
[2010/12/20 14:39:05 | 000,026,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\CTL3D.DLL
[2010/12/20 14:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wtk\WINDOWS
[2010/12/20 14:04:26 | 000,000,000 | ---D | C] -- C:\CircuitMaker 2000
[2010/12/19 16:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\0loqLkE0pHh
[2010/12/19 16:09:28 | 000,000,000 | ---D | C] -- C:\VIRTINS Multi-Instrument 3.2
[2010/12/19 14:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Test Tone Generator
[2010/12/16 12:39:22 | 000,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2010/12/16 12:39:12 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2010/12/16 12:39:12 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2010/12/16 12:39:11 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2010/12/16 12:39:11 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2010/12/16 12:39:11 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2010/12/16 12:39:11 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2010/12/16 12:39:11 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2010/12/16 12:39:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2010/12/15 12:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010/12/13 16:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\DesignSoft
[2010/12/13 16:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wtk\My Documents\DesignSoft
[2010/12/13 16:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DesignSoft
[2010/12/13 13:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wtk\My Documents\LabVIEW Data
[2010/12/13 13:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wtk\My Documents\National Instruments
[2010/12/13 13:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wtk\Application Data\National Instruments
[2010/12/13 12:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2010/12/13 12:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2010/12/13 12:52:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cvirte
[2010/12/13 12:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments
[2010/12/11 20:41:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/12/08 23:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\PixiePack Codec Pack
[2010/12/08 23:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wtk\Local Settings\Application Data\RapidSolution
[2010/10/15 13:07:16 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcoin.dll
[2010/10/15 13:06:16 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2010/10/15 13:06:16 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2010/10/15 13:06:16 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2010/10/15 13:06:16 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2010/10/15 13:06:16 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2010/10/15 13:06:16 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2010/10/15 13:06:16 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2010/10/15 13:06:16 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2010/10/15 13:06:15 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[2010/10/15 13:06:15 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2010/10/15 13:06:15 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[2010/03/18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/28 13:38:37 | 000,001,926 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010/12/28 11:14:45 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/28 11:14:45 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/28 11:10:30 | 004,932,477 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20011102}.CDF
[2010/12/28 11:10:25 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\GGLG.job
[2010/12/28 11:10:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/28 11:09:06 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/12/28 11:05:06 | 000,031,104 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20011102}.rfx
[2010/12/28 11:05:06 | 000,031,104 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-20011102}.rfx
[2010/12/28 11:05:06 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20011102}.rfx
[2010/12/28 11:05:06 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20011102}.rfx
[2010/12/28 11:05:06 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-20011102}.rfx
[2010/12/28 11:04:53 | 004,932,477 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20011102}.BAK
[2010/12/28 10:03:15 | 069,410,714 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/26 22:22:02 | 000,242,610 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\2n4922.pdf
[2010/12/25 11:40:37 | 000,085,511 | -H-- | M] () -- C:\treeinfo.wc
[2010/12/25 11:24:19 | 000,001,338 | ---- | M] () -- C:\Documents and Settings\wtk\Desktop\PurgeIE.lnk
[2010/12/25 11:15:23 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/12/25 11:15:23 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2010/12/24 14:31:21 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\wtk\Desktop\Shortcut to Multisim.lnk
[2010/12/24 13:11:25 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\wtk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/24 10:58:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/23 20:54:56 | 000,002,582 | ---- | M] () -- C:\WINDOWS\SE.INI
[2010/12/23 10:57:43 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/22 22:43:56 | 000,003,714 | ---- | M] () -- C:\Documents and Settings\wtk\Application Data\B91E.A84
[2010/12/22 22:38:55 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\wtk\Desktop\Link to sports.url
[2010/12/21 16:49:05 | 000,445,016 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/12/21 16:49:05 | 000,109,144 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/12/21 16:47:17 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\spider.sav
[2010/12/21 16:45:53 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\wtk\Desktop\Shortcut to Creative MediaSource 5 Player.lnk
[2010/12/21 15:35:06 | 000,000,292 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000008-00001102-00000004-20011102}.dat
[2010/12/21 15:30:07 | 000,000,011 | ---- | M] () -- C:\WINDOWS\SBWIN.INI
[2010/12/21 14:26:26 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/21 14:26:08 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/12/19 16:09:36 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\wtk\Desktop\MI.lnk
[2010/12/19 15:29:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/19 14:12:06 | 000,126,464 | RHS- | M] () -- C:\WINDOWS\System32\initpki2.dll
[2010/12/19 14:00:24 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\wtk\Application Data\Microsoft\Internet Explorer\Quick Launch\Test Tone Generator.lnk
[2010/12/19 14:00:24 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\wtk\Desktop\Test Tone Generator.lnk
[2010/12/19 13:53:23 | 000,000,274 | ---- | M] () -- C:\WINDOWS\winscope.ini
[2010/12/15 12:13:36 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\wtk\Desktop\MagicISO.lnk
[2010/12/15 10:20:50 | 000,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 10:19:14 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/13 20:51:06 | 000,047,990 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\555 vco.odt
[2010/12/13 16:33:48 | 000,001,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tina.lnk
[2010/12/12 17:45:36 | 000,023,042 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\speed control.odt
[2010/12/12 17:35:24 | 000,022,884 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\cap meter.odt
[2010/12/11 20:32:21 | 000,041,145 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\res col code.jpg
[2010/12/11 20:31:59 | 000,039,737 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\res col code.psp
[2010/12/11 20:31:22 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\wtk\Desktop\Paint Shop Pro.lnk
[2010/12/11 19:35:09 | 000,170,289 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\datasheet[1].pdf
[2010/12/11 15:12:45 | 000,099,379 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\c shoot1.odt
[2010/12/11 13:22:16 | 000,068,657 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\c shoot.jpg
[2010/12/10 15:45:36 | 000,011,111 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\cap conversion chart.odt
[2010/12/10 11:55:17 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010/12/09 16:36:00 | 000,018,231 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\counter.odt
[2010/12/09 16:19:00 | 000,021,323 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\match blog.odt
[2010/12/09 16:16:36 | 001,263,587 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\matchless150c.pdf
[2010/12/09 16:15:38 | 000,016,910 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\bfo wobb 1.odt
[2010/12/09 16:12:09 | 000,020,617 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\bfo wobb.odt
[2010/12/09 16:01:34 | 000,020,025 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\bfo2.odt
[2010/12/04 17:16:43 | 001,898,474 | ---- | M] () -- C:\Documents and Settings\wtk\My Documents\FX-82LB.pdf
[2010/12/02 22:10:58 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/26 22:22:02 | 000,242,610 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\2n4922.pdf
[2010/12/25 11:24:19 | 000,001,338 | ---- | C] () -- C:\Documents and Settings\wtk\Desktop\PurgeIE.lnk
[2010/12/22 13:41:49 | 000,003,714 | ---- | C] () -- C:\Documents and Settings\wtk\Application Data\B91E.A84
[2010/12/21 17:51:11 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\wtk\Desktop\Shortcut to Creative MediaSource 5 Player.lnk
[2010/12/21 16:55:12 | 000,031,104 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-20011102}.rfx
[2010/12/21 16:55:12 | 000,030,168 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20011102}.rfx
[2010/12/21 16:55:12 | 000,030,168 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20011102}.rfx
[2010/12/21 16:55:12 | 000,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-20011102}.rfx
[2010/12/21 16:54:50 | 004,932,477 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20011102}.BAK
[2010/12/21 16:50:49 | 004,174,814 | ---- | C] () -- C:\WINDOWS\System32\CT4MGM.SF2
[2010/12/21 16:49:50 | 004,932,477 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20011102}.CDF
[2010/12/21 15:35:06 | 000,031,104 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20011102}.rfx
[2010/12/21 15:35:06 | 000,000,292 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000008-00001102-00000004-20011102}.dat
[2010/12/21 14:50:49 | 000,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2010/12/19 16:09:36 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\wtk\Desktop\MI.lnk
[2010/12/19 14:12:07 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\GGLG.job
[2010/12/19 14:12:06 | 000,126,464 | RHS- | C] () -- C:\WINDOWS\System32\initpki2.dll
[2010/12/19 14:00:24 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\wtk\Application Data\Microsoft\Internet Explorer\Quick Launch\Test Tone Generator.lnk
[2010/12/19 14:00:24 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\wtk\Desktop\Test Tone Generator.lnk
[2010/12/19 13:53:23 | 000,000,274 | ---- | C] () -- C:\WINDOWS\winscope.ini
[2010/12/15 12:13:36 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\wtk\Desktop\MagicISO.lnk
[2010/12/13 23:55:47 | 000,002,582 | ---- | C] () -- C:\WINDOWS\SE.INI
[2010/12/13 20:51:05 | 000,047,990 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\555 vco.odt
[2010/12/13 16:35:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TiojCk.dat
[2010/12/13 16:33:48 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tina.lnk
[2010/12/13 14:24:18 | 000,002,429 | ---- | C] () -- C:\Documents and Settings\wtk\Desktop\Shortcut to Multisim.lnk
[2010/12/12 17:45:34 | 000,023,042 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\speed control.odt
[2010/12/12 17:35:21 | 000,022,884 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\cap meter.odt
[2010/12/11 20:32:21 | 000,041,145 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\res col code.jpg
[2010/12/11 20:31:59 | 000,039,737 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\res col code.psp
[2010/12/11 19:35:09 | 000,170,289 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\datasheet[1].pdf
[2010/12/11 15:12:44 | 000,099,379 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\c shoot1.odt
[2010/12/11 13:22:16 | 000,068,657 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\c shoot.jpg
[2010/12/10 15:45:35 | 000,011,111 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\cap conversion chart.odt
[2010/12/10 11:55:17 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010/12/09 16:35:59 | 000,018,231 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\counter.odt
[2010/12/09 16:18:59 | 000,021,323 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\match blog.odt
[2010/12/09 16:16:36 | 001,263,587 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\matchless150c.pdf
[2010/12/09 16:15:37 | 000,016,910 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\bfo wobb 1.odt
[2010/12/09 16:12:09 | 000,020,617 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\bfo wobb.odt
[2010/12/09 16:01:33 | 000,020,025 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\bfo2.odt
[2010/12/04 17:16:43 | 001,898,474 | ---- | C] () -- C:\Documents and Settings\wtk\My Documents\FX-82LB.pdf
[2010/11/27 11:53:21 | 000,015,620 | ---- | C] () -- C:\WINDOWS\System32\SystemRs11.sm.SYS
[2010/11/06 15:22:44 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\cuatro.ini
[2010/10/18 22:42:38 | 000,155,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/15 13:07:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2010/10/15 13:06:51 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2010/10/15 13:06:51 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2010/10/15 13:06:51 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2010/10/15 13:06:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2010/10/15 13:06:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2010/10/06 12:56:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/04 15:19:53 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\wtk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/03 17:24:41 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/10/03 17:23:54 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2010/10/03 17:23:54 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2010/10/03 17:23:53 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2010/10/03 17:23:53 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2010/10/03 17:23:53 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2010/09/30 21:47:19 | 000,000,072 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/30 15:34:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER200Euro.ini
[2010/09/30 11:45:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/30 11:12:05 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2010/09/30 11:04:04 | 000,001,926 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2010/06/27 21:09:31 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/06/27 21:08:27 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\midlpbk.drv
[2010/03/18 19:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/03/18 19:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/03/18 19:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/08 15:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2006/07/27 10:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\wtk\Desktop\QuickBASIC.pif:SummaryInformation
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13

< End of report >
Can anyone see anything?
  • 0

Advertisements

#2
Essexboy
Posted 28 December 2010 - 03:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - you wouldn't happen to be a Leeds supporter ? :D

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
alwayswhite
Posted 29 December 2010 - 05:40 AM

alwayswhite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Yes I've followed Leeds since the early 60's, but we all have our crosses to bear. However run otl and tdss. Logs as requested
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\security tools\cmd.bat deleted successfully.
D:\security tools\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 67095 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator.4KMAIN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 169473 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: wtk
->Temp folder emptied: 1690701 bytes
->Temporary Internet Files folder emptied: 286833054 bytes
->Java cache emptied: 474535 bytes
->Flash cache emptied: 54930 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 953854 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 52406938 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 147456 bytes

Total Files Cleaned = 327.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.4KMAIN

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: wtk
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.18.0 log created on 12292010_112030

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\wtk\Local Settings\Temp\~DF7BCB.tmp not found!
File\Folder C:\Documents and Settings\wtk\Local Settings\Temp\~DF7BD6.tmp not found!
File\Folder C:\Documents and Settings\wtk\Local Settings\Temp\~DF7C33.tmp not found!
File\Folder C:\Documents and Settings\wtk\Local Settings\Temp\~DF7C3E.tmp not found!
File\Folder C:\Documents and Settings\wtk\Local Settings\Temp\~DF7C70.tmp not found!
File\Folder C:\Documents and Settings\wtk\Local Settings\Temp\~DF7C7B.tmp not found!
File\Folder C:\Documents and Settings\wtk\Local Settings\Temporary Internet Files\Content.IE5\ZPFWL0DK\like[1].htm not found!
C:\Documents and Settings\wtk\Local Settings\Temporary Internet Files\Content.IE5\YLRD7CX4\292997-webpage-redirection[1].htm moved successfully.
C:\Documents and Settings\wtk\Local Settings\Temporary Internet Files\Content.IE5\0N2ANN1L\xd_proxy[1].htm moved successfully.

Registry entries deleted on Reboot...


2010/12/29 11:31:52.0093 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/29 11:31:52.0093 ================================================================================
2010/12/29 11:31:52.0093 SystemInfo:
2010/12/29 11:31:52.0093
2010/12/29 11:31:52.0093 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/29 11:31:52.0093 Product type: Workstation
2010/12/29 11:31:52.0093 ComputerName: 4KMAIN
2010/12/29 11:31:52.0093 UserName: wtk
2010/12/29 11:31:52.0093 Windows directory: C:\WINDOWS
2010/12/29 11:31:52.0093 System windows directory: C:\WINDOWS
2010/12/29 11:31:52.0093 Processor architecture: Intel x86
2010/12/29 11:31:52.0093 Number of processors: 2
2010/12/29 11:31:52.0093 Page size: 0x1000
2010/12/29 11:31:52.0093 Boot type: Normal boot
2010/12/29 11:31:52.0093 ================================================================================
2010/12/29 11:31:52.0500 Initialize success
2010/12/29 11:31:57.0046 ================================================================================
2010/12/29 11:31:57.0046 Scan started
2010/12/29 11:31:57.0046 Mode: Manual;
2010/12/29 11:31:57.0046 ================================================================================
2010/12/29 11:31:59.0046 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/29 11:31:59.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/29 11:31:59.0265 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/29 11:31:59.0328 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/29 11:31:59.0562 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/29 11:31:59.0765 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\aspi32.sys
2010/12/29 11:31:59.0812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/29 11:31:59.0906 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/29 11:31:59.0984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/29 11:32:00.0078 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/29 11:32:00.0187 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/12/29 11:32:00.0250 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/12/29 11:32:00.0312 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2010/12/29 11:32:00.0406 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/12/29 11:32:00.0453 BDA_Loader_220A (f01462daddcf46f00e84d295c5b8fc0b) C:\WINDOWS\system32\Drivers\BDA_Loader_220A.sys
2010/12/29 11:32:00.0515 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/29 11:32:00.0593 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/12/29 11:32:00.0640 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/12/29 11:32:00.0718 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/12/29 11:32:00.0781 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/12/29 11:32:00.0843 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/29 11:32:00.0906 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/29 11:32:01.0000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/29 11:32:01.0062 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/29 11:32:01.0140 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/29 11:32:01.0312 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
2010/12/29 11:32:01.0328 COMMONFX.SYS (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\System32\drivers\COMMONFX.SYS
2010/12/29 11:32:01.0484 ctac32k (357c534b38019b597f51c8bf7186c118) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/12/29 11:32:01.0531 ctaud2k (691f8259a1f9c983356d8db2cde8043c) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/12/29 11:32:01.0593 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
2010/12/29 11:32:01.0640 CTAUDFX.SYS (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
2010/12/29 11:32:01.0781 ctdvda2k (8545d70b0335a05498f34e7e3f8ca9a2) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2010/12/29 11:32:01.0843 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
2010/12/29 11:32:01.0906 CTERFXFX.SYS (16f448354067914e7deaea709011bd60) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
2010/12/29 11:32:01.0937 ctprxy2k (4d71541283aea28fb839007be90b5fc7) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/12/29 11:32:01.0984 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
2010/12/29 11:32:02.0031 CTSBLFX.SYS (64c83684661be137023f5186a612cf34) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
2010/12/29 11:32:02.0109 ctsfm2k (632194572ebde8d461728cf382a7e964) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/12/29 11:32:02.0187 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\WINDOWS\system32\drivers\cvintdrv.sys
2010/12/29 11:32:02.0343 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/29 11:32:02.0437 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/29 11:32:02.0500 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/29 11:32:02.0578 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/29 11:32:02.0656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/29 11:32:02.0734 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/29 11:32:02.0781 emupia (bacd9cc06d7a787e529e7ebf56b671aa) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/12/29 11:32:02.0828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/29 11:32:02.0875 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/29 11:32:02.0906 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/29 11:32:02.0953 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/29 11:32:03.0015 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/29 11:32:03.0046 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/29 11:32:03.0078 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/29 11:32:03.0171 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/29 11:32:03.0250 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/29 11:32:03.0421 ha10kx2k (70606233f3ed0e53cb3ea17f846d6a4f) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2010/12/29 11:32:03.0468 hap16v2k (a0c69ad2a61e576b0207acdd9626e167) C:\WINDOWS\system32\drivers\hap16v2k.sys
2010/12/29 11:32:03.0531 hap17v2k (2ee89452c574d259ada4fc9fc1c07243) C:\WINDOWS\system32\drivers\hap17v2k.sys
2010/12/29 11:32:03.0609 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/29 11:32:03.0765 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/29 11:32:03.0906 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/29 11:32:03.0937 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/29 11:32:04.0203 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/29 11:32:04.0250 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/29 11:32:04.0312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/29 11:32:04.0359 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/29 11:32:04.0390 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/29 11:32:04.0437 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/29 11:32:04.0484 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/29 11:32:04.0515 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/29 11:32:04.0593 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/29 11:32:04.0671 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/29 11:32:04.0734 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/29 11:32:04.0859 MBAMSwissArmy (e74dc2f3f9675a6025a4aa020edd4341) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010/12/29 11:32:04.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/29 11:32:05.0187 mod7700 (c4fee5e6c41b3c5a7257b33ad624bb10) C:\WINDOWS\system32\Drivers\mod7700.sys
2010/12/29 11:32:05.0296 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/29 11:32:05.0343 MODRC (370e88453ec0d7bea6eb24be8d865dbe) C:\WINDOWS\system32\DRIVERS\modrc.sys
2010/12/29 11:32:05.0406 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/29 11:32:05.0437 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/29 11:32:05.0484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/29 11:32:05.0546 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2010/12/29 11:32:05.0609 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/29 11:32:05.0687 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/29 11:32:05.0750 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/29 11:32:05.0812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/29 11:32:05.0890 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/29 11:32:05.0937 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/29 11:32:06.0000 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/29 11:32:06.0031 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/29 11:32:06.0078 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/29 11:32:06.0171 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/29 11:32:06.0250 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/29 11:32:06.0296 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/29 11:32:06.0343 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/29 11:32:06.0421 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/29 11:32:06.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/29 11:32:06.0531 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/29 11:32:06.0562 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/29 11:32:06.0609 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/29 11:32:06.0671 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/29 11:32:06.0718 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/29 11:32:06.0765 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/29 11:32:06.0859 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/29 11:32:07.0296 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/29 11:32:07.0734 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2010/12/29 11:32:07.0843 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/29 11:32:07.0859 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/29 11:32:07.0953 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/29 11:32:08.0015 ossrv (ae896073e1bbf98fefc2ec52f62c0fba) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/12/29 11:32:08.0093 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/29 11:32:08.0125 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/29 11:32:08.0187 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/29 11:32:08.0218 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/29 11:32:08.0281 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/29 11:32:08.0359 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/29 11:32:08.0656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/29 11:32:08.0718 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/29 11:32:08.0781 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/29 11:32:08.0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/29 11:32:08.0875 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/29 11:32:09.0093 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/29 11:32:09.0140 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/29 11:32:09.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/29 11:32:09.0218 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/29 11:32:09.0296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/29 11:32:09.0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/29 11:32:09.0437 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/29 11:32:09.0531 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/29 11:32:09.0640 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
2010/12/29 11:32:09.0718 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/12/29 11:32:09.0843 RVIEG01 (93f66faea8bf047d4242ac85aada403d) C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
2010/12/29 11:32:09.0953 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/12/29 11:32:10.0000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/29 11:32:10.0093 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/29 11:32:10.0171 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/29 11:32:10.0265 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/29 11:32:10.0375 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/29 11:32:10.0437 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/29 11:32:10.0515 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/29 11:32:10.0593 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/29 11:32:10.0640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/29 11:32:10.0687 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/29 11:32:10.0890 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/29 11:32:10.0953 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/29 11:32:11.0031 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/12/29 11:32:11.0109 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/29 11:32:11.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/29 11:32:11.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/29 11:32:11.0343 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/12/29 11:32:11.0390 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/29 11:32:11.0515 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/29 11:32:11.0593 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/29 11:32:11.0671 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/29 11:32:11.0750 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/29 11:32:11.0781 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/29 11:32:11.0843 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/29 11:32:11.0890 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/29 11:32:11.0984 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/29 11:32:12.0046 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/29 11:32:12.0140 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/29 11:32:12.0281 vsc32 (f7035815c23df5dad8a686c1cda20f3e) C:\WINDOWS\system32\DRIVERS\vsc.sys
2010/12/29 11:32:12.0343 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/29 11:32:12.0437 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/29 11:32:12.0562 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/29 11:32:12.0625 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/29 11:32:12.0734 yukonwxp (89f8c4875e19c7081cf9c37539242ae3) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2010/12/29 11:32:12.0953 ================================================================================
2010/12/29 11:32:12.0953 Scan finished
2010/12/29 11:32:12.0953 ================================================================================
  • 0

#4
alwayswhite
Posted 29 December 2010 - 06:40 AM

alwayswhite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
That appears to have cured the problem. Tried various sites I couldn't reach previously and have had no problem. Time will tell of course.
  • 0

#5
Essexboy
Posted 29 December 2010 - 01:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets run a sweep now for any entries I have missed. Once done could you let me know of any problems at all

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Message from the wife : MOT
  • 0

#6
alwayswhite
Posted 29 December 2010 - 04:26 PM

alwayswhite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OK Malwarebytes run. Found and removed a trojan. Log follows :-

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5419

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/12/2010 22:20:42
mbam-log-2010-12-29 (22-20-42).txt

Scan type: Quick scan
Objects scanned: 162610
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\H3O8CABBPI (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#7
Essexboy
Posted 29 December 2010 - 04:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What problems remain ?
  • 0

#8
alwayswhite
Posted 29 December 2010 - 04:56 PM

alwayswhite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
None as far as I can see. All I can do is keep an eye on things and if anything crops up contact you again.
Thanks for your time and patience.
  • 0

#9
Essexboy
Posted 29 December 2010 - 05:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking at that I am a happy bunny ;)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :D

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 23.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u23-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u23-windows-i586-p.exe and select "Run as an Administrator.")


SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disck check
[attachment=46866:Boot defrag.jpg]


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programme:

Posted Image Malwarebytes. Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe ;)
  • 0

#10
Essexboy
Posted 31 December 2010 - 12:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP