Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspected Trojan

Started by Anderwolf , May 10 2011 03:20 PM

  • Please log in to reply

#31
Cold Titanium
Posted 30 July 2011 - 11:08 AM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Since it has been so long let's get some new scans...




Step #1

  • Re-Run OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top make sure it is set to Standard Output.
  • Ensure the None is selected for Extra Registry
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    /md5start
    sptd.sys
    atapi.sys
    /md5stop
    msconfig
    safebootminimal
    safebootnetwork
    activex
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    hklm\software\clients\startmenuinternet|command /rs



  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • Please copy and paste OTL.txt here

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Step #2

aswMBR has been updated. Delete your current copy and download the new one.

Download aswMBR.exe ( 1.8MB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post the OTL and aswMBR logs.
  • 0

Advertisements

#32
Anderwolf
Posted 31 July 2011 - 11:29 AM

Anderwolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Well its not letting me post the OTL log, just gives me a page load error. So I'll try to send the MBR log:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-07-31 09:43:14
-----------------------------
09:43:14.406 OS Version: Windows 5.1.2600 Service Pack 3
09:43:14.406 Number of processors: 2 586 0x2B01
09:43:14.406 ComputerName: ANDERWOLF UserName: Owner
09:43:30.203 Initialize success
09:43:56.015 AVAST engine defs: 11073100
09:44:55.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-3
09:44:55.921 Disk 0 Vendor: HDT722525DLAT80 V44OA96A Size: 238475MB BusType: 3
09:44:55.921 Device \Driver\atapi -> DriverStartIo 841fe31b
09:44:57.921 Disk 0 MBR read successfully
09:44:57.921 Disk 0 MBR scan
09:44:58.000 Disk 0 MBR:Alureon-G [Rtk]
09:44:58.015 Disk 0 TDL4@MBR code has been found
09:44:58.015 Disk 0 MBR hidden
09:44:58.015 Disk 0 MBR [TDL4] **ROOTKIT**
09:44:58.015 Disk 0 trace - called modules:
09:44:58.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x841fe4d0]<<
09:44:58.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8429f1d8]
09:44:58.015 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\000000a8[0x8430ff18]
09:44:58.015 5 ACPI.sys[b9e55620] -> nt!IofCallDriver -> [0x8430ed98]
09:44:58.015 \Driver\atapi[0x842773d0] -> IRP_MJ_CREATE -> 0x841fe4d0
09:45:10.093 AVAST engine scan C:\WINDOWS
09:45:34.609 AVAST engine scan C:\WINDOWS\system32
09:47:50.453 AVAST engine scan C:\WINDOWS\system32\drivers
09:48:14.093 AVAST engine scan C:\Documents and Settings\Owner
09:51:31.890 File: C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\72a60c26-60e99301 **INFECTED** Win32:Alureon-AEH [Trj]
09:58:06.781 File: C:\Documents and Settings\Owner\Desktop\Stuff\backups\backup-20110609-232132-976.dll **INFECTED** Win32:Malware-gen
09:58:08.531 File: C:\Documents and Settings\Owner\Desktop\Stuff\backups\backup-20110708-104957-553.dll **INFECTED** Win32:Trojan-gen
10:09:39.578 File: C:\Documents and Settings\Owner\My Documents\Azureus Downloads\Bestel.AVI.DIVX.XVID.to.DVD.Creator.v1.2.1.WinAll.Incl.KeyGen-NeoX\keygen.exe **INFECTED** Win32:Trojan-gen
10:12:14.781 AVAST engine scan C:\Documents and Settings\All Users
10:17:26.843 Scan finished successfully
12:23:01.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
12:23:01.265 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
  • 0

#33
Anderwolf
Posted 31 July 2011 - 11:30 AM

Anderwolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Tried posting the OTL log again, no luck. Awaiting further instructions.
  • 0

#34
Cold Titanium
Posted 31 July 2011 - 12:51 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix button

Save the log as before and post in your next reply

Also, try to post the OTL log.
  • 0

#35
Anderwolf
Posted 31 July 2011 - 02:19 PM

Anderwolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Ok so I ran the scan and clicked on Fix but it gave me some message about possibly damaging my partitions when writing a new master boot record. Should I continue?
  • 0

#36
Cold Titanium
Posted 31 July 2011 - 04:44 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
This isn't a multi-boot system is it?

If not, then yes, continue
  • 0

#37
Anderwolf
Posted 31 July 2011 - 05:42 PM

Anderwolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
OK, so apparently I clicked "FixMBR" instead of just "Fix". So I think that is why I got the warning message. Clicking just "Fix" worked just fine. Then it told me to reboot so I did. Here is the logs:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-07-31 14:50:39
-----------------------------
14:50:39.156 OS Version: Windows 5.1.2600 Service Pack 3
14:50:39.156 Number of processors: 2 586 0x2B01
14:50:39.156 ComputerName: ANDERWOLF UserName: Owner
14:50:45.468 Initialize success
14:51:11.468 AVAST engine defs: 11073100
14:51:28.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-3
14:51:28.875 Disk 0 Vendor: HDT722525DLAT80 V44OA96A Size: 238475MB BusType: 3
14:51:28.875 Device \Driver\atapi -> DriverStartIo 841fe31b
14:51:30.890 Disk 0 MBR read successfully
14:51:30.890 Disk 0 MBR scan
14:51:30.937 Disk 0 MBR:Alureon-G [Rtk]
14:51:30.937 Disk 0 TDL4@MBR code has been found
14:51:30.937 Disk 0 MBR hidden
14:51:30.937 Disk 0 MBR [TDL4] **ROOTKIT**
14:51:30.953 Disk 0 trace - called modules:
14:51:30.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x841fe4d0]<<
14:51:30.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8429f1d8]
14:51:30.968 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\000000a8[0x8430ff18]
14:51:30.968 5 ACPI.sys[b9e55620] -> nt!IofCallDriver -> [0x8430ed98]
14:51:30.968 \Driver\atapi[0x842773d0] -> IRP_MJ_CREATE -> 0x841fe4d0
14:51:36.578 AVAST engine scan C:\WINDOWS
14:52:11.437 AVAST engine scan C:\WINDOWS\system32
15:00:29.937 AVAST engine scan C:\WINDOWS\system32\drivers
15:01:32.171 AVAST engine scan C:\Documents and Settings\Owner
15:06:22.015 File: C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\72a60c26-60e99301 **INFECTED** Win32:Alureon-AEH [Trj]
15:12:48.906 File: C:\Documents and Settings\Owner\Desktop\Stuff\backups\backup-20110609-232132-976.dll **INFECTED** Win32:Malware-gen
15:12:49.078 File: C:\Documents and Settings\Owner\Desktop\Stuff\backups\backup-20110708-104957-553.dll **INFECTED** Win32:Trojan-gen
15:23:03.171 File: C:\Documents and Settings\Owner\My Documents\Azureus Downloads\Bestel.AVI.DIVX.XVID.to.DVD.Creator.v1.2.1.WinAll.Incl.KeyGen-NeoX\keygen.exe **INFECTED** Win32:Trojan-gen
15:26:02.968 AVAST engine scan C:\Documents and Settings\All Users
15:30:57.828 Scan finished successfully
18:27:28.000 Disk 0 MBR read successfully
18:27:28.031 Disk 0 MBR:Alureon-G [Rtk]
18:27:28.046 Disk 0 TDL4@MBR code has been found
18:27:28.046 Disk 0 fixing MBR ...
18:27:38.062 Disk 0 MBR restored successfully
18:27:38.062 Verifying disinfection
18:27:50.156 Infection fixed successfully - please reboot ASAP
18:28:05.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:28:05.562 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR new.txt"


OTL logfile created on: 7/31/2011 08:46:07 AM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop\Geeks2Go
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.79 Gb Total Space | 9.31 Gb Free Space | 4.07% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 2.01 Gb Free Space | 49.14% Space Free | Partition Type: FAT32

Computer Name: ANDERWOLF | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/13 10:14:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Geeks2Go\OTL.exe
PRC - [2008/12/03 23:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/06 08:08:02 | 000,136,136 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
PRC - [2006/10/11 12:09:16 | 000,364,544 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
PRC - [2006/10/09 16:15:38 | 000,348,160 | ---- | M] (Panda Software) -- C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
PRC - [2006/08/08 18:26:18 | 000,151,552 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVSRV51.EXE
PRC - [2006/08/08 18:25:32 | 000,106,496 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
PRC - [2006/08/02 14:05:54 | 000,811,008 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Software\Panda Internet Security 2007\FIREWALL\PNmSrv.exe
PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/07/21 12:22:32 | 000,159,744 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVFNSVR.EXE
PRC - [2006/07/04 14:25:34 | 000,102,400 | ---- | M] (Panda Software) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
PRC - [2006/06/29 11:04:42 | 000,069,632 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
PRC - [2006/03/31 14:50:52 | 000,411,096 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
PRC - [2006/02/07 13:38:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/01/31 16:42:04 | 000,073,728 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\SrvLoad.exe
PRC - [2005/07/25 02:02:22 | 000,032,768 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
PRC - [2005/01/22 18:42:16 | 000,440,832 | ---- | M] (Stardock Systems, Inc) -- C:\Program Files\AlienGUIse\wbload.exe
PRC - [2005/01/19 17:34:16 | 000,128,000 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
PRC - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2011/05/13 10:14:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Geeks2Go\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/09/26 16:26:44 | 000,245,760 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\PavSHook.dll
MOD - [2006/07/21 14:35:28 | 000,139,264 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\TpUtil.dll
MOD - [2006/06/27 19:36:40 | 000,101,888 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\SYSTOOLS.DLL
MOD - [2006/06/16 14:44:34 | 000,057,344 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\pavipc.dll
MOD - [2006/03/06 18:08:00 | 000,102,400 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\pavoepl.dll
MOD - [2005/01/24 21:48:46 | 000,498,232 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\AlienGUIse\wblind.dll
MOD - [2005/01/19 17:34:24 | 000,014,848 | ---- | M] ( ) -- C:\Program Files\CursorXP\CurXP0.dll
MOD - [2004/09/18 15:37:00 | 000,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\AlienGUIse\wbhelp.dll
MOD - [2000/04/03 18:33:36 | 000,028,160 | ---- | M] (Neil Banfield) -- C:\Program Files\AlienGUIse\anim.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (UPS32)
SRV - [2008/12/03 23:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2008/12/03 22:25:10 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2006/10/09 16:15:38 | 000,348,160 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe -- (TPSrv)
SRV - [2006/08/08 18:26:18 | 000,151,552 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe -- (PAVSRV)
SRV - [2006/08/02 14:05:54 | 000,811,008 | ---- | M] (Panda Software International) [Auto | Running] -- c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE -- (PNMSRV)
SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/07/21 12:22:32 | 000,159,744 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2006/07/04 14:25:34 | 000,102,400 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe -- (PSIMSVC)
SRV - [2006/03/31 14:50:52 | 000,411,096 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe -- (pmshellsrv)
SRV - [2006/02/07 13:38:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/07/25 02:02:22 | 000,032,768 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- -- (ComFiltr)
DRV - File not found [File_System | On_Demand | Running] -- -- (AvFlt)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/09/30 11:19:11 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2010/07/09 12:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/08/22 13:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/01/31 12:47:36 | 000,163,712 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2009/01/29 23:22:46 | 000,137,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2008/12/04 03:02:08 | 000,021,904 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2008/12/04 03:02:04 | 000,021,648 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2008/12/04 03:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2008/12/04 03:01:50 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2008/05/14 21:48:17 | 003,098,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/20 03:31:12 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/09/06 14:55:18 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/09/06 14:42:55 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/05/27 00:44:32 | 000,025,544 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/02/25 21:55:19 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/01/20 02:11:07 | 000,031,644 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/10/10 16:02:46 | 000,141,312 | ---- | M] (Panda Software International) [NDIS Layer] [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\NETFLT.SYS -- (netflt)
DRV - [2006/09/28 15:58:26 | 000,016,256 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2006/08/24 22:47:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/24 22:47:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/03 16:37:56 | 000,044,544 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2006/08/02 14:15:48 | 000,023,296 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smsflt.sys -- (SMSFLT)
DRV - [2006/08/02 14:10:18 | 000,185,472 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2006/08/02 14:08:48 | 000,036,864 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/29 22:50:46 | 000,009,216 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2006/05/11 22:26:48 | 000,103,936 | ---- | M] (Panda Software) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netfltdi.sys -- (NETFLTDI)
DRV - [2006/04/25 10:02:48 | 000,165,120 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2006/03/27 18:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2006/02/22 03:43:34 | 000,071,552 | ---- | M] (Panda Software International) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
DRV - [2005/09/26 18:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/29 07:23:30 | 000,026,752 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShldDrv.sys -- (ShldDrv)
DRV - [2005/08/12 14:36:56 | 000,016,640 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpoint.sys -- (cpoint)
DRV - [2005/07/29 20:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 20:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/17 11:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 11:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 11:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/20 20:02:00 | 000,012,544 | R--- | M] (KORG Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C9 A4 B9 41 A0 7F E6 47 96 F8 2C 78 22 31 8C 97 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {45501068-1DB2-4B37-A104-9C301A4F02A4}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.7
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.7


FF - HKLM\software\mozilla\Firefox\extensions\\{45501068-1DB2-4B37-A104-9C301A4F02A4}: C:\Documents and Settings\Owner\Local Settings\Application Data\{45501068-1DB2-4B37-A104-9C301A4F02A4} [2010/01/15 00:58:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 12:13:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/14 00:02:40 | 000,000,000 | ---D | M]

[2010/05/25 13:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/25 13:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/07/29 09:18:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions
[2010/07/23 11:31:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/31 17:38:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/09 23:19:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{4fd3df60-a3e7-4857-905e-9457a577c1f8}
[2011/03/10 00:48:09 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2011/06/01 10:18:13 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{96c14409-ea4f-49a6-8962-06f091b5c569}
[2011/06/01 09:51:14 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{9b48f8c5-e8a2-4150-bbee-d70407cf130b}
[2011/06/09 22:18:48 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{bbe0a261-f055-47e2-824b-f29157842ec2}
[2011/03/10 00:48:16 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\[email protected]
[2009/11/17 13:58:08 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\[email protected]
[2011/03/10 00:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\[email protected]\chrome
[2011/03/10 00:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\[email protected]\defaults
[2011/03/10 00:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2009/03/23 17:53:46 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\searchplugins\aim-search.xml
[2011/03/25 20:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/09 16:08:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/02 16:25:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/30 16:23:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G18ONKHQ.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2009/08/05 16:07:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/02 12:13:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/09 02:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/08/09 02:30:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2011/06/09 19:48:43 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE (Panda Software International)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe (Panda Software International)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Software)
O20 - Winlogon\Notify\WB: DllName - C:\PROGRA~1\ALIENG~1\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\{b04c7287-aed2-11dc-b9ac-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{b04c7287-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b04c7287-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun\command - "" = L:\Autorun.exe
O33 - MountPoints2\{b04c7289-aed2-11dc-b9ac-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{b04c7289-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b04c7289-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun\command - "" = N:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ebg.exe" -a "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ebg.exe" -a "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk - C:\Program Files\BigFix\bigfix.exe - (BigFix Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Alienware Dock.lnk - C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe - (Stardock)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Neverwinter Nights_ Platinum Edition Registration.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Pro Tools 8 Registration.lnk - C:\Program Files\Digidesign\Pro Tools\DigidesignRegistration.exe - (Leader Technologies / Digidesign)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Registration .LNK - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ZooskMessenger.lnk - - File not found
MsConfig - StartUpReg: !AVG Anti-Spyware - hkey= - key= - File not found
MsConfig - StartUpReg: 344b23c3 - hkey= - key= - File not found
MsConfig - StartUpReg: Aim6 - hkey= - key= - C:\Program Files\AIM6\aim6.exe (AOL LLC)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - File not found
MsConfig - StartUpReg: BitTorrent - hkey= - key= - File not found
MsConfig - StartUpReg: BootSkin Startup Jobs - hkey= - key= - C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CursorXP - hkey= - key= - C:\Program Files\CursorXP\CursorXP.exe ( )
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
MsConfig - StartUpReg: Dancer - hkey= - key= - C:\Program Files\Windows Plus\Dancer\Dancer.exe (Microsoft Corporation)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: EA Core - hkey= - key= - File not found
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found
MsConfig - StartUpReg: HostManager - hkey= - key= - File not found
MsConfig - StartUpReg: IPHSend - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: Load - hkey= - key= - File not found
MsConfig - StartUpReg: LogonStudio - hkey= - key= - C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe (Stardock and Luca Saggese)
MsConfig - StartUpReg: MCAgentExe - hkey= - key= - File not found
MsConfig - StartUpReg: MCUpdateExe - hkey= - key= - File not found
MsConfig - StartUpReg: MPFExe - hkey= - key= - File not found
MsConfig - StartUpReg: mscfgx_rnd - hkey= - key= - File not found
MsConfig - StartUpReg: MSKAGENTEXE - hkey= - key= - File not found
MsConfig - StartUpReg: MSKDetectorExe - hkey= - key= - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: MySpaceIM - hkey= - key= - File not found
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: OASClnt - hkey= - key= - File not found
MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - File not found
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: readericon - hkey= - key= - C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
MsConfig - StartUpReg: Recguard - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe ()
MsConfig - StartUpReg: ReCycle Patch - hkey= - key= - File not found
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
MsConfig - StartUpReg: Run - hkey= - key= - File not found
MsConfig - StartUpReg: SfKg6wIP - hkey= - key= - File not found
MsConfig - StartUpReg: SkinClock - hkey= - key= - File not found
MsConfig - StartUpReg: smss32.exe - hkey= - key= - File not found
MsConfig - StartUpReg: SoniqueQuickStart - hkey= - key= - C:\Program Files\Sonique\sqstart.exe ()
MsConfig - StartUpReg: SoundMan - hkey= - key= - File not found
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: Steam - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: UserFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: VirusScan Online - hkey= - key= - File not found
MsConfig - StartUpReg: VSOCheckTask - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {11A5D88F-962E-4911-4803-F0EBB23311D4} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: ccc-core-static - msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: Midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: Midi1 - C:\WINDOWS\System32\KORGUMDD.DRV (KORG Inc.)
Drivers32: Midi2 - C:\WINDOWS\System32\mbx2midu.dll (Digidesign, A Division of Avid Technology, Inc.)
Drivers32: Midi3 - C:\WINDOWS\System32\Diomidi.DLL (Digidesign, A Division of Avid Technology, Inc.)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - C:\WINDOWS\System32\Digi32.dll (Digidesign, A Division of Avid Technology, Inc.)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (100218702460354560)

========== Files/Folders - Created Within 30 Days ==========

[2011/07/29 18:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities
[2011/07/29 15:30:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/29 15:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/29 15:30:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/29 15:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/29 15:22:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/29 15:22:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/29 11:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/09/17 17:43:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/31 08:41:03 | 000,687,492 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2011/07/31 08:41:03 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2011/07/31 08:40:53 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/31 08:37:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/31 08:37:17 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/29 15:30:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/29 15:17:01 | 000,011,520 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\n1d52nj41404grf7o8n4r2i708fb36lg0b35j28dao
[2011/07/29 15:17:01 | 000,011,520 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\n1d52nj41404grf7o8n4r2i708fb36lg0b35j28dao
[2011/07/29 14:36:23 | 000,011,634 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3261861100
[2011/07/29 14:36:23 | 000,011,634 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3261861100
[2011/07/29 14:36:07 | 000,011,634 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3240619864
[2011/07/29 14:36:07 | 000,011,634 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3240619864
[2011/07/29 11:22:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/28 22:26:30 | 000,109,056 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/28 18:58:12 | 000,016,152 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\41frx3gr875o4
[2011/07/28 18:58:12 | 000,016,152 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\41frx3gr875o4
[2011/07/28 16:43:00 | 000,016,152 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\2741562872
[2011/07/28 16:42:12 | 000,016,148 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3392604854
[2011/07/28 16:42:12 | 000,016,148 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2741562872
[2011/07/28 16:41:26 | 000,016,156 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3392604854
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/29 15:30:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/29 15:14:13 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/29 14:30:05 | 000,011,634 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3261861100
[2011/07/29 13:44:40 | 000,011,634 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3261861100
[2011/07/29 13:44:40 | 000,011,634 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3240619864
[2011/07/29 13:35:03 | 000,011,634 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3240619864
[2011/07/29 13:35:03 | 000,011,520 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\n1d52nj41404grf7o8n4r2i708fb36lg0b35j28dao
[2011/07/29 12:39:30 | 000,011,642 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\n1d52nj41404grf7o8n4r2i708fb36lg0b35j28dao
[2011/07/29 12:39:30 | 000,011,520 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\n1d52nj41404grf7o8n4r2i708fb36lg0b35j28dao
[2011/07/28 16:43:00 | 000,016,152 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\2741562872
[2011/07/28 16:42:12 | 000,016,148 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3392604854
[2011/07/28 16:42:12 | 000,016,148 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2741562872
[2011/07/28 16:41:26 | 000,016,156 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3392604854
[2011/07/28 16:41:26 | 000,016,152 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\41frx3gr875o4
[2011/07/28 16:08:11 | 000,016,270 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\41frx3gr875o4
[2011/07/28 16:08:11 | 000,016,152 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\41frx3gr875o4
[2011/02/22 13:59:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/02/22 13:58:39 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/02/22 13:58:37 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/01/19 13:58:21 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\wnmsav.dat
[2011/01/09 22:40:34 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/12/06 22:47:20 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\sypfrq.sys
[2010/09/17 17:43:30 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2010/09/17 17:43:30 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/09/17 17:43:30 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/09/16 19:29:14 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2010/03/14 20:36:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/10 09:50:43 | 000,058,164 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/11 07:15:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/31 18:24:57 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Composer.INI
[2009/02/26 13:47:56 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/01/28 22:55:47 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_0.drv
[2009/01/28 22:55:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabunin.exe
[2009/01/13 19:04:52 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Thps3.INI
[2009/01/11 21:50:23 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/06/27 11:08:52 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/06/05 06:32:13 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AtomicAlarmClock.ini
[2008/06/05 06:32:13 | 000,000,525 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\alarms.ini
[2008/04/14 16:20:35 | 000,001,131 | ---- | C] () -- C:\WINDOWS\Monitor.ini
[2007/12/29 20:04:01 | 000,001,994 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/12/20 03:59:31 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/12/03 01:54:33 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/13 23:22:10 | 000,137,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/13 23:22:05 | 000,201,816 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/11/13 23:21:58 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/11/02 14:05:51 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2007/09/06 14:55:19 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/09/06 14:55:18 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/08/21 21:50:45 | 000,687,492 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2007/08/21 16:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007/08/21 14:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/07/09 14:07:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/06/27 09:54:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/05/24 06:57:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2007/05/24 00:00:18 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2007/04/29 13:26:13 | 000,000,471 | ---- | C] () -- C:\WINDOWS\vsp.ini
[2007/04/28 12:54:35 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Gangsters2Setup.lnk
[2007/04/11 21:09:27 | 000,001,366 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/23 09:26:48 | 000,001,441 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/18 07:12:49 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/02/02 14:40:11 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/01/31 19:39:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\CMMGR32.EXE
[2007/01/26 00:28:32 | 000,000,638 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/01/20 02:40:43 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/10/14 04:03:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/10/14 01:13:58 | 000,000,118 | ---- | C] () -- C:\WINDOWS\wb.ini
[2006/10/01 12:14:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/09/28 01:13:48 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2006/09/22 02:04:17 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/09/22 02:00:20 | 000,172,033 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/09/13 16:29:00 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2006/09/07 03:41:52 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/09/07 00:57:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/09/06 14:42:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2006/08/26 03:33:22 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/08/26 03:33:22 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/08/26 03:33:22 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/08/26 00:27:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/22 04:28:09 | 000,109,056 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/19 20:27:19 | 000,034,027 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2006/08/19 19:52:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/07 13:34:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/07 13:33:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/02/07 13:33:29 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/02/07 13:33:26 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/07 13:33:11 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/02/07 13:27:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/07 13:06:56 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/02/07 13:06:55 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/07 13:06:55 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/07 13:06:53 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/07 13:06:51 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/07 13:06:51 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/07 13:06:51 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/07 13:06:50 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/02/07 13:06:47 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/02/07 13:06:47 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/02/07 13:06:47 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 12:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/12 11:51:23 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2005/01/09 20:17:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/09 20:07:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/09 18:49:16 | 000,001,220 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 18:49:16 | 000,000,491 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 18:48:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/09 18:48:21 | 000,462,662 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/09 18:48:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/09 18:48:21 | 000,080,266 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/09 18:48:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/09 18:48:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/09 18:48:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/09 18:48:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/09 18:48:07 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/09 18:48:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/09 18:48:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/09 18:47:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/09 12:00:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/09 11:59:39 | 001,564,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/18 19:26:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/18 19:26:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: SPTD.SYS >
[2007/09/06 14:42:55 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %SYSTEMDRIVE%\*.* >
[2006/02/07 13:33:56 | 000,000,189 | ---- | M] () -- C:\audio.log
[2005/01/09 20:13:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/05/19 00:53:58 | 000,000,222 | ---- | M] () -- C:\blackb.log
[2011/06/09 23:18:30 | 000,000,221 | RHS- | M] () -- C:\boot.ini
[2005/01/09 20:13:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/28 23:33:30 | 000,000,712 | ---- | M] () -- C:\drwtsn32.log
[2008/11/11 04:20:12 | 000,000,055 | ---- | M] () -- C:\DVDPATH.TXT
[2011/07/31 08:37:17 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/05 03:19:17 | 000,009,198 | ---- | M] () -- C:\install_Owner_01000005.ERR
[2005/01/09 20:13:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/07 15:28:03 | 000,003,441 | -H-- | M] () -- C:\IPH.PH
[2006/02/07 13:22:42 | 000,000,086 | ---- | M] () -- C:\lan.log
[2010/12/06 22:37:35 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/01/09 20:13:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/18 19:30:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2006/02/07 13:34:13 | 000,000,086 | ---- | M] () -- C:\nvida.log
[2011/07/31 08:37:09 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2009/01/20 15:43:16 | 000,002,833 | ---- | M] () -- C:\rapport.txt
[1996/09/15 22:00:00 | 000,202,240 | -H-- | M] (DreamWorks Interactive) -- C:\setup95.exe
[2007/07/14 13:27:36 | 000,000,014 | ---- | M] () -- C:\shutdown.bat
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2011/05/17 11:44:23 | 000,057,432 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_17.05.2011_11.42.01_log.txt
[2011/05/22 10:15:54 | 000,056,792 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_22.05.2011_10.14.14_log.txt
[2006/11/16 02:53:36 | 000,002,721 | ---- | M] () -- C:\test.dat

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/01/09 20:12:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2001/06/11 14:59:42 | 001,310,208 | ---- | M] () -- C:\WINDOWS\fire.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/01/13 18:36:22 | 000,001,794 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/01/09 11:58:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/01/09 11:58:49 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/09 11:58:49 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoRebootWithLoggedOnUsers" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-29 14:21:04

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/02 12:13:49 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/02 12:13:49 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/02 12:13:49 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/02 12:13:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 1077 bytes -> C:\Program Files\Common Files\System:Lucm28Ug5upzRvxprJOE
@Alternate Data Stream - 1010 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:2AfbUooKmSk00Oa5eXnD0InqG
@Alternate Data Stream - 1000 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:zAnjZntUxoPQtDlNqMh14KBC

< End of report >
  • 0

#38
Cold Titanium
Posted 31 July 2011 - 07:10 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
After running all this tell me what problems you still have

Step #1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
FF - prefs.js..extensions.enabledItems: {45501068-1DB2-4B37-A104-9C301A4F02A4}:1.9.1
FF - HKLM\software\mozilla\Firefox\extensions\\{45501068-1DB2-4B37-A104-9C301A4F02A4}: C:\Documents and Settings\Owner\Local Settings\Application Data\{45501068-1DB2-4B37-A104-9C301A4F02A4} [2010/01/15 00:58:58 | 000,000,000 | ---D | M]
[2011/06/09 23:19:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{4fd3df60-a3e7-4857-905e-9457a577c1f8}
[2011/06/01 10:18:13 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{96c14409-ea4f-49a6-8962-06f091b5c569}
[2011/06/01 09:51:14 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{9b48f8c5-e8a2-4150-bbee-d70407cf130b}
[2011/06/09 22:18:48 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{bbe0a261-f055-47e2-824b-f29157842ec2}
[2011/03/10 00:48:16 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\[email protected]
[2011/03/10 00:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\[email protected]\chrome
[2011/03/10 00:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\[email protected]\defaults
[2011/06/09 19:48:43 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ebg.exe" -a "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ebg.exe" -a "%1" %*
MsConfig - StartUpReg: 344b23c3 - hkey= - key= - File not found
MsConfig - StartUpReg: SfKg6wIP - hkey= - key= - File not found
[2011/07/29 15:17:01 | 000,011,520 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\n1d52nj41404grf7o8n4r2i708fb36lg0b35j28dao
[2011/07/29 15:17:01 | 000,011,520 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\n1d52nj41404grf7o8n4r2i708fb36lg0b35j28dao
[2011/07/29 14:36:23 | 000,011,634 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3261861100
[2011/07/29 14:36:23 | 000,011,634 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3261861100
[2011/07/29 14:36:07 | 000,011,634 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3240619864
[2011/07/29 14:36:07 | 000,011,634 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3240619864
[2011/07/28 18:58:12 | 000,016,152 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\41frx3gr875o4
[2011/07/28 18:58:12 | 000,016,152 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\41frx3gr875o4
[2011/07/28 16:43:00 | 000,016,152 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\2741562872
[2011/07/28 16:42:12 | 000,016,148 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3392604854
[2011/07/28 16:42:12 | 000,016,148 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2741562872
[2011/07/28 16:41:26 | 000,016,156 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3392604854
@Alternate Data Stream - 1077 bytes -> C:\Program Files\Common Files\System:Lucm28Ug5upzRvxprJOE
@Alternate Data Stream - 1010 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:2AfbUooKmSk00Oa5eXnD0InqG
@Alternate Data Stream - 1000 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:zAnjZntUxoPQtDlNqMh14KBC


:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Step #2


aswMBR has been updated. Delete your current copy and download the new one.

Download aswMBR.exe ( 1.8MB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please post OTL.txt and the aswMBR log...
  • 0

#39
Anderwolf
Posted 01 August 2011 - 08:49 AM

Anderwolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Well one of the original problems was that any video game I would try to play ( even older ones that aren't resource demanding) would be VERY choppy. After running these scans I tried a couple games and they are running fine. I was also unable to open my I-Tunes store on I-tunes before, and that works now too. However, when not playing games and just interacting with the desktop or using firefox, it still seems choppy. For example my curser jumps around on the screen a little bit and when I click a link in Firefox it takes a couple seconds to react. So it definitely seems like there is still something making the computer run slow, but I think the biggest of the problems was taken care of. Another issue that I no longer notice is with one of my SVCHOST processes. Before running these scans, the computer would get REALLY slow and when checking task manager one of the many svchost processes would constantly grow in size untill the computer would barely respond at all.
Also, after yesterdays steps, my boot up screens are taking WAY longer than they used to. But the majority of the problems seem to have gone away.
I was looking at the results of the MBR scan and it shows a few files that are infected with trojans. A couple of them are backup files that are in a "Backups" folder that I don't remember ever creating and the other is in a program I downloaded a couple years ago. Should I attempt to delete these files being that I know where they are? Or should I just leave them for now? You can see the files I am talking about at the bottom of the new MBR log. Here are my logs:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-07-31 23:25:41
-----------------------------
23:25:41.406 OS Version: Windows 5.1.2600 Service Pack 3
23:25:41.406 Number of processors: 2 586 0x2B01
23:25:41.406 ComputerName: ANDERWOLF UserName: Owner
23:25:46.437 Initialize success
23:25:57.109 AVAST engine defs: 11073102
23:26:02.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-3
23:26:02.171 Disk 0 Vendor: HDT722525DLAT80 V44OA96A Size: 238475MB BusType: 3
23:26:04.281 Disk 0 MBR read successfully
23:26:04.296 Disk 0 MBR scan
23:26:04.546 Disk 0 unknown MBR code
23:26:04.640 Disk 0 scanning sectors +488392065
23:26:04.953 Disk 0 scanning C:\WINDOWS\system32\drivers
23:26:54.640 Service scanning
23:26:59.640 Service ShldDrv C:\WINDOWS\C:\WINDOWS\system32\DRIVERS\ShldDrv.sys **LOCKED** 123
23:26:59.671 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:27:00.296 Modules scanning
23:27:30.375 Disk 0 trace - called modules:
23:27:30.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x843718ac]<<
23:27:30.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8429f228]
23:27:30.406 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\000000a8[0x84203510]
23:27:30.406 5 ACPI.sys[b9e55620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-3[0x8424f940]
23:27:33.500 AVAST engine scan C:\WINDOWS
23:28:07.546 AVAST engine scan C:\WINDOWS\system32
23:38:06.921 AVAST engine scan C:\WINDOWS\system32\drivers
23:38:48.718 AVAST engine scan C:\Documents and Settings\Owner
23:52:18.781 File: C:\Documents and Settings\Owner\Desktop\Stuff\backups\backup-20110609-232132-976.dll **INFECTED** Win32:Malware-gen
23:52:19.093 File: C:\Documents and Settings\Owner\Desktop\Stuff\backups\backup-20110708-104957-553.dll **INFECTED** Win32:Trojan-gen
00:08:45.578 File: C:\Documents and Settings\Owner\My Documents\Azureus Downloads\Bestel.AVI.DIVX.XVID.to.DVD.Creator.v1.2.1.WinAll.Incl.KeyGen-NeoX\keygen.exe **INFECTED** Win32:Trojan-gen
00:12:40.015 AVAST engine scan C:\Documents and Settings\All Users
00:16:37.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
00:16:37.187 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


OTL
OTL logfile created on: 7/31/2011 09:34:18 PM - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.79 Gb Total Space | 9.96 Gb Free Space | 4.36% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 2.01 Gb Free Space | 49.14% Space Free | Partition Type: FAT32

Computer Name: ANDERWOLF | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/13 10:14:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2008/12/03 23:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/11 12:09:16 | 000,364,544 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
PRC - [2006/10/09 16:15:38 | 000,348,160 | ---- | M] (Panda Software) -- C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
PRC - [2006/08/08 18:26:18 | 000,151,552 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVSRV51.EXE
PRC - [2006/08/08 18:25:32 | 000,106,496 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
PRC - [2006/08/02 14:05:54 | 000,811,008 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Software\Panda Internet Security 2007\FIREWALL\PNmSrv.exe
PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/07/21 12:22:32 | 000,159,744 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVFNSVR.EXE
PRC - [2006/07/04 14:25:34 | 000,102,400 | ---- | M] (Panda Software) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
PRC - [2006/06/29 11:04:42 | 000,069,632 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
PRC - [2006/03/31 14:50:52 | 000,411,096 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
PRC - [2006/02/07 13:38:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/01/31 16:42:04 | 000,073,728 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\SrvLoad.exe
PRC - [2005/07/25 02:02:22 | 000,032,768 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
PRC - [2005/01/22 18:42:16 | 000,440,832 | ---- | M] (Stardock Systems, Inc) -- C:\Program Files\AlienGUIse\wbload.exe
PRC - [2005/01/19 17:34:16 | 000,128,000 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
PRC - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2011/05/13 10:14:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/09/26 16:26:44 | 000,245,760 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\PavSHook.dll
MOD - [2006/07/21 14:35:28 | 000,139,264 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\TpUtil.dll
MOD - [2006/06/27 19:36:40 | 000,101,888 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\SYSTOOLS.DLL
MOD - [2006/06/16 14:44:34 | 000,057,344 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\pavipc.dll
MOD - [2006/03/06 18:08:00 | 000,102,400 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\pavoepl.dll
MOD - [2005/01/24 21:48:46 | 000,498,232 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\AlienGUIse\wblind.dll
MOD - [2005/01/19 17:34:24 | 000,014,848 | ---- | M] ( ) -- C:\Program Files\CursorXP\CurXP0.dll
MOD - [2004/09/18 15:37:00 | 000,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\AlienGUIse\wbhelp.dll
MOD - [2000/04/03 18:33:36 | 000,028,160 | ---- | M] (Neil Banfield) -- C:\Program Files\AlienGUIse\anim.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (UPS32)
SRV - [2008/12/03 23:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2008/12/03 22:25:10 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2006/10/09 16:15:38 | 000,348,160 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe -- (TPSrv)
SRV - [2006/08/08 18:26:18 | 000,151,552 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe -- (PAVSRV)
SRV - [2006/08/02 14:05:54 | 000,811,008 | ---- | M] (Panda Software International) [Auto | Running] -- c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE -- (PNMSRV)
SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/07/21 12:22:32 | 000,159,744 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2006/07/04 14:25:34 | 000,102,400 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe -- (PSIMSVC)
SRV - [2006/03/31 14:50:52 | 000,411,096 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe -- (pmshellsrv)
SRV - [2006/02/07 13:38:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/07/25 02:02:22 | 000,032,768 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- -- (ComFiltr)
DRV - File not found [File_System | On_Demand | Running] -- -- (AvFlt)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/09/30 11:19:11 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2010/07/09 12:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/08/22 13:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/01/31 12:47:36 | 000,163,712 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2009/01/29 23:22:46 | 000,137,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2008/12/04 03:02:08 | 000,021,904 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2008/12/04 03:02:04 | 000,021,648 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2008/12/04 03:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2008/12/04 03:01:50 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2008/05/14 21:48:17 | 003,098,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/20 03:31:12 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/09/06 14:55:18 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/09/06 14:42:55 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/05/27 00:44:32 | 000,025,544 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/02/25 21:55:19 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/01/20 02:11:07 | 000,031,644 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/10/10 16:02:46 | 000,141,312 | ---- | M] (Panda Software International) [NDIS Layer] [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\NETFLT.SYS -- (netflt)
DRV - [2006/09/28 15:58:26 | 000,016,256 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2006/08/24 22:47:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/24 22:47:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/03 16:37:56 | 000,044,544 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2006/08/02 14:15:48 | 000,023,296 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smsflt.sys -- (SMSFLT)
DRV - [2006/08/02 14:10:18 | 000,185,472 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2006/08/02 14:08:48 | 000,036,864 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/29 22:50:46 | 000,009,216 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2006/05/11 22:26:48 | 000,103,936 | ---- | M] (Panda Software) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netfltdi.sys -- (NETFLTDI)
DRV - [2006/04/25 10:02:48 | 000,165,120 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2006/03/27 18:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2006/02/22 03:43:34 | 000,071,552 | ---- | M] (Panda Software International) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
DRV - [2005/09/26 18:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/29 07:23:30 | 000,026,752 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShldDrv.sys -- (ShldDrv)
DRV - [2005/08/12 14:36:56 | 000,016,640 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpoint.sys -- (cpoint)
DRV - [2005/07/29 20:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 20:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/17 11:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 11:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 11:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/20 20:02:00 | 000,012,544 | R--- | M] (KORG Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C9 A4 B9 41 A0 7F E6 47 96 F8 2C 78 22 31 8C 97 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"


FF - HKLM\software\mozilla\Firefox\extensions\\{F1B03B85-CBFC-4312-98B0-A45A9A51CBB7}: C:\Documents and Settings\Owner\Local Settings\Application Data\{F1B03B85-CBFC-4312-98B0-A45A9A51CBB7}\ [2011/07/31 21:35:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 12:13:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/14 00:02:40 | 000,000,000 | ---D | M]

[2010/05/25 13:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/25 13:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/07/31 20:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions
[2010/07/23 11:31:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/31 17:38:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/10 00:48:09 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/11/17 13:58:08 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\[email protected]
[2011/03/10 00:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2009/03/23 17:53:46 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\searchplugins\aim-search.xml
[2011/03/25 20:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/09 16:08:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/02 16:25:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/30 16:23:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G18ONKHQ.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2009/08/05 16:07:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/02 12:13:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/09 02:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/08/09 02:30:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/31 20:39:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE (Panda Software International)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [Hsawokitubalikoq] C:\WINDOWS\oragifob.dll ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe (Panda Software International)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [Htaxakejupecej] C:\WINDOWS\wamndy.dll (UPEK Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Software)
O20 - Winlogon\Notify\WB: DllName - C:\PROGRA~1\ALIENG~1\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\{b04c7287-aed2-11dc-b9ac-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{b04c7287-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b04c7287-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun\command - "" = L:\Autorun.exe
O33 - MountPoints2\{b04c7289-aed2-11dc-b9ac-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{b04c7289-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b04c7289-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun\command - "" = N:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/31 21:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{F1B03B85-CBFC-4312-98B0-A45A9A51CBB7}
[2011/07/31 21:33:03 | 000,110,592 | ---- | C] (UPEK Inc.) -- C:\Documents and Settings\Owner\0.968773205013807.exe
[2011/07/31 09:01:03 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/07/29 18:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities
[2011/07/29 15:30:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/29 15:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/29 15:30:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/29 15:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/29 15:22:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/29 15:22:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/29 11:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/09/17 17:43:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/31 21:35:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Dqudebaxitiv.dat
[2011/07/31 21:35:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kvenoqud.bin
[2011/07/31 21:33:03 | 000,110,592 | ---- | M] (UPEK Inc.) -- C:\Documents and Settings\Owner\0.968773205013807.exe
[2011/07/31 21:32:52 | 000,691,836 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2011/07/31 21:30:05 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2011/07/31 21:23:03 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/31 21:16:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/31 21:16:21 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/31 18:28:05 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/07/31 09:01:54 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/07/29 15:30:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/29 11:22:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/28 22:26:30 | 000,109,056 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/31 21:35:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dqudebaxitiv.dat
[2011/07/31 21:35:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kvenoqud.bin
[2011/07/31 12:23:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/07/29 15:30:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/29 15:14:13 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/29 12:39:30 | 000,011,642 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\n1d52nj41404grf7o8n4r2i708fb36lg0b35j28dao
[2011/07/28 16:08:11 | 000,016,270 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\41frx3gr875o4
[2011/02/22 13:59:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/02/22 13:58:39 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/02/22 13:58:37 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/01/19 13:58:21 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\wnmsav.dat
[2011/01/09 22:40:34 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/12/06 22:47:20 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\sypfrq.sys
[2010/09/17 17:43:30 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2010/09/17 17:43:30 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/09/17 17:43:30 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/09/16 19:29:14 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2010/03/14 20:36:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/10 09:50:43 | 000,058,164 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/11 07:15:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/31 18:24:57 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Composer.INI
[2009/02/26 13:47:56 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/01/28 22:55:47 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_0.drv
[2009/01/28 22:55:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabunin.exe
[2009/01/13 19:04:52 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Thps3.INI
[2009/01/11 21:50:23 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/06/27 11:08:52 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/06/05 06:32:13 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AtomicAlarmClock.ini
[2008/06/05 06:32:13 | 000,000,525 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\alarms.ini
[2008/04/14 16:20:35 | 000,001,131 | ---- | C] () -- C:\WINDOWS\Monitor.ini
[2007/12/29 20:04:01 | 000,001,994 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/12/20 03:59:31 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/12/03 01:54:33 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/13 23:22:10 | 000,137,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/13 23:22:05 | 000,201,816 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/11/13 23:21:58 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/11/02 14:05:51 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2007/09/06 14:55:19 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/09/06 14:55:18 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/08/21 21:50:45 | 000,691,836 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2007/08/21 16:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007/08/21 14:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/07/09 14:07:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/06/27 09:54:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/05/24 06:57:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2007/05/24 00:00:18 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2007/04/29 13:26:13 | 000,000,471 | ---- | C] () -- C:\WINDOWS\vsp.ini
[2007/04/28 12:54:35 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Gangsters2Setup.lnk
[2007/04/11 21:09:27 | 000,001,366 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/23 09:26:48 | 000,001,441 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/18 07:12:49 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/02/02 14:40:11 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/01/31 19:39:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\CMMGR32.EXE
[2007/01/26 00:28:32 | 000,000,638 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/01/20 02:40:43 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/10/14 04:03:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/10/14 01:13:58 | 000,000,118 | ---- | C] () -- C:\WINDOWS\wb.ini
[2006/10/01 12:14:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/09/28 01:13:48 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2006/09/22 02:04:17 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/09/22 02:00:20 | 000,172,033 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/09/13 16:29:00 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2006/09/07 03:41:52 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/09/07 00:57:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/09/06 14:42:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2006/08/26 03:33:22 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/08/26 03:33:22 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/08/26 03:33:22 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/08/26 00:27:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/22 04:28:09 | 000,109,056 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/19 20:27:19 | 000,034,027 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2006/08/19 19:52:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/07 13:34:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/07 13:33:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/02/07 13:33:29 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/02/07 13:33:26 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/07 13:33:11 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/02/07 13:27:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/07 13:06:56 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/02/07 13:06:55 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/07 13:06:55 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/07 13:06:53 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/07 13:06:51 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/07 13:06:51 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/07 13:06:51 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/07 13:06:50 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/02/07 13:06:47 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/02/07 13:06:47 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/02/07 13:06:47 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 12:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/12 11:51:23 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2005/01/09 20:17:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/09 20:07:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/09 18:49:16 | 000,001,220 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 18:49:16 | 000,000,491 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 18:48:31 | 000,249,856 | ---- | C] () -- C:\WINDOWS\oragifob.dll
[2005/01/09 18:48:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/09 18:48:21 | 000,462,662 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/09 18:48:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/09 18:48:21 | 000,080,266 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/09 18:48:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/09 18:48:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/09 18:48:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/09 18:48:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/09 18:48:07 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/09 18:48:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/09 18:48:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/09 18:47:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/09 12:00:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/09 11:59:39 | 001,564,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/06/09 22:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2007/04/26 17:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/12/22 18:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/08/26 14:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2007/08/20 13:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/07/26 12:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laconic Software
[2006/11/25 17:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/01/14 19:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2007/06/27 10:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2007/08/22 18:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/02/28 12:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2007/08/19 03:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/05 20:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
[2010/03/27 19:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/09 21:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/12 12:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/04 11:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/07 13:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2010/12/07 00:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2011/05/23 00:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2011/04/21 00:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BA3E7170422E423163D8E01BD1D38265
[2009/01/07 13:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2009/09/25 17:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cakewalk
[2010/10/13 14:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2007/04/15 13:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Tiberium Wars
[2007/12/20 03:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2011/04/30 07:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Digidesign
[2010/10/04 08:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FOG Downloader
[2008/06/02 15:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Games
[2009/09/27 10:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2007/08/20 15:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Grisoft
[2006/10/10 00:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IrfanView
[2006/09/05 19:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2007/02/28 12:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2009/08/05 16:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2011/01/14 19:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy
[2009/01/11 15:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Propellerhead Software
[2007/02/28 12:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2009/03/02 19:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Alert 3
[2006/02/07 13:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/07/26 12:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2010/03/15 22:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Structure
[2008/10/28 02:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/03/15 23:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Trillium Lane
[2010/04/14 20:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turbine
[2007/02/19 16:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\UseNeXT
[2010/09/17 17:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2007/07/14 13:30:28 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\shutdown.job

========== Purity Check ==========



< End of report >
  • 0

#40
Cold Titanium
Posted 01 August 2011 - 01:41 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Step #1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
FF - HKLM\software\mozilla\Firefox\extensions\\{F1B03B85-CBFC-4312-98B0-A45A9A51CBB7}: C:\Documents and Settings\Owner\Local Settings\Application Data\{F1B03B85-CBFC-4312-98B0-A45A9A51CBB7}\ [2011/07/31 21:35:18 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Hsawokitubalikoq] C:\WINDOWS\oragifob.dll ()
O4 - HKCU..\Run: [Htaxakejupecej] C:\WINDOWS\wamndy.dll (UPEK Inc.)
O33 - MountPoints2\{b04c7287-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun\command - "" = L:\Autorun.exe
O33 - MountPoints2\{b04c7289-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun\command - "" = N:\Autorun.exe
[2011/07/31 21:33:03 | 000,110,592 | ---- | C] (UPEK Inc.) -- C:\Documents and Settings\Owner\0.968773205013807.exe
[2011/07/31 21:35:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Dqudebaxitiv.dat
[2011/07/31 21:35:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kvenoqud.bin
[2011/07/29 12:39:30 | 000,011,642 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\n1d52nj41404grf7o8n4r2i708fb36lg0b35j28dao
[2011/07/28 16:08:11 | 000,016,270 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\41frx3gr875o4

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Step #2

Delete your current copy of TDSSKiller


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #3

Delete the copy of Combofix you have.


Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\Combofix.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I'd like to see OTL.txt, the TDSSKiller log, and Combofix.txt
  • 0

Advertisements

#41
Anderwolf
Posted 01 August 2011 - 05:47 PM

Anderwolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
The first two steps went ok, however I had some problems with the combofix this time around. I couldn't seem to get my antivirus turned off completely. It said everything was disabled, and I tried to end all the processes in task manager but none of them could be ended. When I ran combofix it said that the antivirus was still present and that it would attempt to continue anyways. Upon running combofix, when the blue prompt came up, it said it was unable to access a certain file because it was in use. Then it said it was attempting to create a new restore point and after that nothing happened. I waited a good 20 minutes and nothing so I typed exit and it closed. So I dont have a combofix log, but here are the other 2:

OTL logfile created on: 8/1/2011 05:39:23 PM - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.79 Gb Total Space | 9.69 Gb Free Space | 4.24% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 2.01 Gb Free Space | 49.14% Space Free | Partition Type: FAT32
Drive E: | 571.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ANDERWOLF | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/13 10:14:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2008/12/03 23:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/06 08:08:02 | 000,136,136 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
PRC - [2006/10/11 12:09:16 | 000,364,544 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
PRC - [2006/10/09 16:15:38 | 000,348,160 | ---- | M] (Panda Software) -- C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
PRC - [2006/08/08 18:26:18 | 000,151,552 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVSRV51.EXE
PRC - [2006/08/08 18:25:32 | 000,106,496 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
PRC - [2006/08/02 14:05:54 | 000,811,008 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Software\Panda Internet Security 2007\FIREWALL\PNmSrv.exe
PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/07/21 12:22:32 | 000,159,744 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVFNSVR.EXE
PRC - [2006/07/04 14:25:34 | 000,102,400 | ---- | M] (Panda Software) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
PRC - [2006/06/29 11:04:42 | 000,069,632 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
PRC - [2006/03/31 14:50:52 | 000,411,096 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
PRC - [2006/02/07 13:38:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/01/31 16:42:04 | 000,073,728 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\SrvLoad.exe
PRC - [2005/07/25 02:02:22 | 000,032,768 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
PRC - [2005/01/22 18:42:16 | 000,440,832 | ---- | M] (Stardock Systems, Inc) -- C:\Program Files\AlienGUIse\wbload.exe
PRC - [2005/01/19 17:34:16 | 000,128,000 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
PRC - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2011/05/13 10:14:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/09/26 16:26:44 | 000,245,760 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\PavSHook.dll
MOD - [2006/07/21 14:35:28 | 000,139,264 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\TpUtil.dll
MOD - [2006/06/27 19:36:40 | 000,101,888 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\SYSTOOLS.DLL
MOD - [2006/06/16 14:44:34 | 000,057,344 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\pavipc.dll
MOD - [2006/03/06 18:08:00 | 000,102,400 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\pavoepl.dll
MOD - [2005/01/24 21:48:46 | 000,498,232 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\AlienGUIse\wblind.dll
MOD - [2005/01/19 17:34:24 | 000,014,848 | ---- | M] ( ) -- C:\Program Files\CursorXP\CurXP0.dll
MOD - [2004/09/18 15:37:00 | 000,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\AlienGUIse\wbhelp.dll
MOD - [2000/04/03 18:33:36 | 000,028,160 | ---- | M] (Neil Banfield) -- C:\Program Files\AlienGUIse\anim.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (UPS32)
SRV - [2008/12/03 23:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2008/12/03 22:25:10 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2006/10/09 16:15:38 | 000,348,160 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe -- (TPSrv)
SRV - [2006/08/08 18:26:18 | 000,151,552 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe -- (PAVSRV)
SRV - [2006/08/02 14:05:54 | 000,811,008 | ---- | M] (Panda Software International) [Auto | Running] -- c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE -- (PNMSRV)
SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/07/21 12:22:32 | 000,159,744 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2006/07/04 14:25:34 | 000,102,400 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe -- (PSIMSVC)
SRV - [2006/03/31 14:50:52 | 000,411,096 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe -- (pmshellsrv)
SRV - [2006/02/07 13:38:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/07/25 02:02:22 | 000,032,768 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- -- (PavSRK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- -- (ComFiltr)
DRV - File not found [File_System | On_Demand | Running] -- -- (AvFlt)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/09/30 11:19:11 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2010/07/09 12:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/08/22 13:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/01/31 12:47:36 | 000,163,712 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2009/01/29 23:22:46 | 000,137,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2008/12/04 03:02:08 | 000,021,904 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2008/12/04 03:02:04 | 000,021,648 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2008/12/04 03:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2008/12/04 03:01:50 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2008/05/14 21:48:17 | 003,098,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/20 03:31:12 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/09/06 14:55:18 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/09/06 14:42:55 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/05/27 00:44:32 | 000,025,544 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/02/25 21:55:19 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/01/20 02:11:07 | 000,031,644 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/10/10 16:02:46 | 000,141,312 | ---- | M] (Panda Software International) [NDIS Layer] [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\NETFLT.SYS -- (netflt)
DRV - [2006/09/28 15:58:26 | 000,016,256 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2006/08/24 22:47:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/24 22:47:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/03 16:37:56 | 000,044,544 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2006/08/02 14:15:48 | 000,023,296 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smsflt.sys -- (SMSFLT)
DRV - [2006/08/02 14:10:18 | 000,185,472 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2006/08/02 14:08:48 | 000,036,864 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/29 22:50:46 | 000,009,216 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2006/05/11 22:26:48 | 000,103,936 | ---- | M] (Panda Software) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netfltdi.sys -- (NETFLTDI)
DRV - [2006/04/25 10:02:48 | 000,165,120 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2006/03/27 18:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2006/02/22 03:43:34 | 000,071,552 | ---- | M] (Panda Software International) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
DRV - [2005/09/26 18:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/29 07:23:30 | 000,026,752 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShldDrv.sys -- (ShldDrv)
DRV - [2005/08/12 14:36:56 | 000,016,640 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpoint.sys -- (cpoint)
DRV - [2005/07/29 20:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 20:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/17 11:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 11:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 11:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/20 20:02:00 | 000,012,544 | R--- | M] (KORG Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C9 A4 B9 41 A0 7F E6 47 96 F8 2C 78 22 31 8C 97 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 12:13:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/14 00:02:40 | 000,000,000 | ---D | M]

[2010/05/25 13:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/25 13:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/07/31 20:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions
[2010/07/23 11:31:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/31 17:38:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/10 00:48:09 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/11/17 13:58:08 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\[email protected]
[2011/03/10 00:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2009/03/23 17:53:46 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\searchplugins\aim-search.xml
[2011/03/25 20:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/09 16:08:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/02 16:25:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/30 16:23:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G18ONKHQ.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2009/08/05 16:07:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/02 12:13:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/09 02:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/08/09 02:30:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/31 20:39:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE (Panda Software International)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe (Panda Software International)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [Htaxakejupecej] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Software)
O20 - Winlogon\Notify\WB: DllName - C:\PROGRA~1\ALIENG~1\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [1996/12/26 20:21:40 | 004,429,073 | R--- | M] (Blizzard Entertainment) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1996/11/20 12:25:44 | 000,000,050 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/31 21:56:08 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/07/29 18:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities
[2011/07/29 15:30:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/29 15:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/29 15:30:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/29 15:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/29 15:22:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/29 15:22:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/29 11:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/09/17 17:43:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 17:03:09 | 000,701,116 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2011/08/01 17:03:09 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2011/08/01 16:54:55 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/01 16:45:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/01 16:45:52 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/01 10:08:47 | 040,609,836 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Adele - Someone Like You (The Third Dubstep Remix).wav
[2011/08/01 00:16:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/07/31 23:25:10 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/07/29 15:30:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/29 11:22:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/28 22:26:30 | 000,109,056 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/01 10:08:32 | 040,609,836 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Adele - Someone Like You (The Third Dubstep Remix).wav
[2011/07/31 12:23:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/07/29 15:30:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/29 15:14:13 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/22 13:59:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/02/22 13:58:39 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/02/22 13:58:37 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/01/19 13:58:21 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\wnmsav.dat
[2011/01/09 22:40:34 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/12/06 22:47:20 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\sypfrq.sys
[2010/09/17 17:43:30 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2010/09/17 17:43:30 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/09/17 17:43:30 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/09/16 19:29:14 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2010/03/14 20:36:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/10 09:50:43 | 000,058,164 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/11 07:15:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/31 18:24:57 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Composer.INI
[2009/02/26 13:47:56 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/01/28 22:55:47 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_0.drv
[2009/01/28 22:55:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabunin.exe
[2009/01/13 19:04:52 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Thps3.INI
[2009/01/11 21:50:23 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/06/27 11:08:52 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/06/05 06:32:13 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AtomicAlarmClock.ini
[2008/06/05 06:32:13 | 000,000,525 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\alarms.ini
[2008/04/14 16:20:35 | 000,001,131 | ---- | C] () -- C:\WINDOWS\Monitor.ini
[2007/12/29 20:04:01 | 000,001,994 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/12/20 03:59:31 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/12/03 01:54:33 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/13 23:22:10 | 000,137,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/13 23:22:05 | 000,201,816 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/11/13 23:21:58 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/11/02 14:05:51 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2007/09/06 14:55:19 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/09/06 14:55:18 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/08/21 21:50:45 | 000,701,116 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2007/08/21 16:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007/08/21 14:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/07/09 14:07:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/06/27 09:54:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/05/24 06:57:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2007/05/24 00:00:18 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2007/04/29 13:26:13 | 000,000,471 | ---- | C] () -- C:\WINDOWS\vsp.ini
[2007/04/28 12:54:35 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Gangsters2Setup.lnk
[2007/04/11 21:09:27 | 000,001,366 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/23 09:26:48 | 000,001,441 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/18 07:12:49 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/02/02 14:40:11 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/01/31 19:39:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\CMMGR32.EXE
[2007/01/26 00:28:32 | 000,000,638 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/01/20 02:40:43 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/10/14 04:03:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/10/14 01:13:58 | 000,000,118 | ---- | C] () -- C:\WINDOWS\wb.ini
[2006/10/01 12:14:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/09/28 01:13:48 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2006/09/22 02:04:17 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/09/22 02:00:20 | 000,172,033 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/09/13 16:29:00 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2006/09/07 03:41:52 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/09/07 00:57:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/09/06 14:42:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2006/08/26 03:33:22 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/08/26 03:33:22 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/08/26 03:33:22 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/08/26 00:27:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/22 04:28:09 | 000,109,056 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/19 20:27:19 | 000,034,027 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2006/08/19 19:52:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/07 13:34:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/07 13:33:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/02/07 13:33:29 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/02/07 13:33:26 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/07 13:33:11 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/02/07 13:27:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/07 13:06:56 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/02/07 13:06:55 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/07 13:06:55 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/07 13:06:53 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/07 13:06:51 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/07 13:06:51 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/07 13:06:51 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/07 13:06:50 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/02/07 13:06:47 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/02/07 13:06:47 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/02/07 13:06:47 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 12:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/12 11:51:23 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2005/01/09 20:17:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/09 20:07:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/09 18:49:16 | 000,001,220 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 18:49:16 | 000,000,491 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 18:48:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/09 18:48:21 | 000,462,662 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/09 18:48:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/09 18:48:21 | 000,080,266 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/09 18:48:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/09 18:48:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/09 18:48:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/09 18:48:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/09 18:48:07 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/09 18:48:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/09 18:48:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/09 18:47:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/09 12:00:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/09 11:59:39 | 001,564,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/06/09 22:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2007/04/26 17:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/12/22 18:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/08/26 14:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2007/08/20 13:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/07/26 12:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laconic Software
[2006/11/25 17:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/01/14 19:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2007/06/27 10:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2007/08/22 18:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/02/28 12:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2007/08/19 03:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/05 20:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
[2010/03/27 19:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/09 21:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/12 12:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/04 11:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/07 13:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2010/12/07 00:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2011/05/23 00:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2011/04/21 00:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BA3E7170422E423163D8E01BD1D38265
[2009/01/07 13:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2009/09/25 17:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cakewalk
[2010/10/13 14:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2007/04/15 13:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Tiberium Wars
[2007/12/20 03:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2011/04/30 07:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Digidesign
[2010/10/04 08:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FOG Downloader
[2008/06/02 15:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Games
[2009/09/27 10:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2007/08/20 15:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Grisoft
[2006/10/10 00:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IrfanView
[2006/09/05 19:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2007/02/28 12:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2009/08/05 16:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2011/01/14 19:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy
[2009/01/11 15:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Propellerhead Software
[2007/02/28 12:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2009/03/02 19:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Alert 3
[2006/02/07 13:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/07/26 12:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2010/03/15 22:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Structure
[2008/10/28 02:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/03/15 23:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Trillium Lane
[2010/04/14 20:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turbine
[2007/02/19 16:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\UseNeXT
[2010/09/17 17:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2007/07/14 13:30:28 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\shutdown.job

========== Purity Check ==========



< End of report >



2011/08/01 17:58:44.0764 2460 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/01 17:58:46.0796 2460 ================================================================================
2011/08/01 17:58:46.0796 2460 SystemInfo:
2011/08/01 17:58:46.0796 2460
2011/08/01 17:58:46.0796 2460 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/01 17:58:46.0796 2460 Product type: Workstation
2011/08/01 17:58:46.0796 2460 ComputerName: ANDERWOLF
2011/08/01 17:58:46.0796 2460 UserName: Owner
2011/08/01 17:58:46.0796 2460 Windows directory: C:\WINDOWS
2011/08/01 17:58:46.0796 2460 System windows directory: C:\WINDOWS
2011/08/01 17:58:46.0796 2460 Processor architecture: Intel x86
2011/08/01 17:58:46.0796 2460 Number of processors: 2
2011/08/01 17:58:46.0796 2460 Page size: 0x1000
2011/08/01 17:58:46.0796 2460 Boot type: Normal boot
2011/08/01 17:58:46.0796 2460 ================================================================================
2011/08/01 17:58:48.0936 2460 Initialize success
2011/08/01 17:59:00.0998 2648 ================================================================================
2011/08/01 17:59:00.0998 2648 Scan started
2011/08/01 17:59:00.0998 2648 Mode: Manual;
2011/08/01 17:59:00.0998 2648 ================================================================================
2011/08/01 17:59:03.0622 2648 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/01 17:59:04.0404 2648 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/01 17:59:05.0357 2648 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/01 17:59:06.0310 2648 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/01 17:59:07.0325 2648 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/01 17:59:08.0185 2648 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/08/01 17:59:09.0247 2648 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/01 17:59:10.0200 2648 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/01 17:59:10.0966 2648 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/01 17:59:11.0419 2648 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/01 17:59:11.0778 2648 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/01 17:59:13.0450 2648 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/01 17:59:15.0153 2648 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/01 17:59:15.0512 2648 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/01 17:59:15.0871 2648 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/01 17:59:16.0246 2648 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/08/01 17:59:16.0590 2648 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/01 17:59:16.0965 2648 APPFLT (c5b7a13349fc7f0e0fcd71b2506902c8) C:\WINDOWS\system32\Drivers\APPFLT.SYS
2011/08/01 17:59:17.0465 2648 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/01 17:59:17.0824 2648 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/01 17:59:18.0168 2648 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/01 17:59:18.0512 2648 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/01 17:59:18.0887 2648 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/01 17:59:19.0246 2648 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/01 17:59:21.0012 2648 ati2mtag (3e70faa23844e60111b21014bd8069ea) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/01 17:59:22.0621 2648 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/08/01 17:59:23.0011 2648 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/01 17:59:23.0371 2648 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/01 17:59:24.0136 2648 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/01 17:59:24.0574 2648 BootScreen (3c6f5a708ebd7aca560ffad950f9f5da) C:\WINDOWS\System32\drivers\vidstub.sys
2011/08/01 17:59:24.0933 2648 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/01 17:59:25.0339 2648 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/01 17:59:25.0683 2648 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/01 17:59:26.0027 2648 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/01 17:59:26.0417 2648 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/01 17:59:26.0792 2648 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/08/01 17:59:27.0121 2648 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/08/01 17:59:27.0496 2648 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/01 17:59:28.0308 2648 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/01 17:59:29.0011 2648 cpoint (263fde4feea292b5586389afb2858506) C:\WINDOWS\system32\Drivers\cpoint.sys
2011/08/01 17:59:29.0355 2648 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/01 17:59:29.0480 2648 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys
2011/08/01 17:59:29.0995 2648 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/01 17:59:30.0386 2648 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/01 17:59:30.0777 2648 dalwdmservice (0732328832de5d31a5ffaf3ba99b9db7) C:\WINDOWS\system32\drivers\dalwdm.sys
2011/08/01 17:59:31.0136 2648 DigiNet (e70ac14f6addcc9589cf513af725178c) C:\WINDOWS\system32\DRIVERS\diginet.sys
2011/08/01 17:59:31.0495 2648 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/01 17:59:32.0198 2648 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/01 17:59:32.0683 2648 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/01 17:59:33.0089 2648 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/01 17:59:33.0448 2648 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/01 17:59:33.0886 2648 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/01 17:59:34.0245 2648 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/01 17:59:34.0792 2648 DSAFLT (452a6a6680c4fb1deb954e9e81dabfe0) C:\WINDOWS\system32\Drivers\DSAFLT.SYS
2011/08/01 17:59:35.0198 2648 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
2011/08/01 17:59:35.0729 2648 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/01 17:59:36.0214 2648 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/01 17:59:36.0635 2648 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/01 17:59:36.0995 2648 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/01 17:59:37.0370 2648 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/01 17:59:37.0823 2648 FNETMON (95a094f79aa55765b09fba05ebc33493) C:\WINDOWS\system32\Drivers\fnetmon.SYS
2011/08/01 17:59:38.0323 2648 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/01 17:59:38.0823 2648 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/01 17:59:39.0338 2648 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/01 17:59:39.0838 2648 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/01 17:59:40.0385 2648 hamachi (64b48a0d899deca24c424a2cac3ecffa) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/08/01 17:59:41.0057 2648 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/01 17:59:41.0463 2648 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/01 17:59:41.0869 2648 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/01 17:59:42.0494 2648 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/08/01 17:59:43.0463 2648 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/08/01 17:59:44.0416 2648 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/01 17:59:44.0885 2648 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/01 17:59:45.0229 2648 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/01 17:59:45.0713 2648 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/01 17:59:46.0150 2648 IDSFLT (e56a7c95f2e7683539e97e88cc0c71da) C:\WINDOWS\system32\Drivers\IDSFLT.SYS
2011/08/01 17:59:46.0775 2648 iLokDrvr (e6a446d82c5c3d7c2f4e4ab02ea1409b) C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys
2011/08/01 17:59:47.0166 2648 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/01 17:59:47.0556 2648 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/01 17:59:48.0056 2648 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/01 17:59:48.0416 2648 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/01 17:59:48.0869 2648 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/01 17:59:49.0275 2648 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/01 17:59:49.0728 2648 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/01 17:59:50.0166 2648 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/01 17:59:50.0603 2648 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/01 17:59:50.0962 2648 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/01 17:59:51.0337 2648 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/01 17:59:51.0837 2648 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/01 17:59:52.0259 2648 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/01 17:59:52.0775 2648 KORGUMDS (9364ada3a74142099f09b9af180394c9) C:\WINDOWS\system32\Drivers\KORGUMDS.SYS
2011/08/01 17:59:53.0197 2648 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/01 17:59:53.0993 2648 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/08/01 17:59:54.0759 2648 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/01 17:59:55.0181 2648 MBX2DFU (64753fe65431b92d6fb64cc338757e32) C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys
2011/08/01 17:59:55.0556 2648 MBX2MIDK (0f110335ddbe99a683e6646812d23c43) C:\WINDOWS\system32\drivers\mbx2midk.sys
2011/08/01 17:59:55.0993 2648 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/01 17:59:56.0384 2648 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/08/01 17:59:56.0759 2648 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/01 17:59:57.0149 2648 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/01 17:59:57.0540 2648 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/01 17:59:57.0931 2648 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/01 17:59:58.0321 2648 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/01 17:59:58.0712 2648 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/01 17:59:59.0102 2648 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/01 17:59:59.0727 2648 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/01 18:00:00.0259 2648 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/01 18:00:00.0649 2648 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/01 18:00:01.0009 2648 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/01 18:00:01.0368 2648 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/01 18:00:01.0727 2648 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/01 18:00:02.0102 2648 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/01 18:00:02.0524 2648 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2011/08/01 18:00:02.0977 2648 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/01 18:00:03.0399 2648 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/01 18:00:03.0758 2648 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/01 18:00:04.0133 2648 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/01 18:00:04.0555 2648 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/01 18:00:04.0946 2648 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/01 18:00:05.0383 2648 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/01 18:00:05.0868 2648 netflt (3aee3bcb6fb3b17e827b7d3d7ccba32b) C:\WINDOWS\system32\Drivers\NETFLT.SYS
2011/08/01 18:00:06.0305 2648 NETFLTDI (2c1afcfee83398fad9ed69ade847eb84) C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
2011/08/01 18:00:06.0743 2648 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/01 18:00:07.0117 2648 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/01 18:00:07.0680 2648 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/01 18:00:08.0258 2648 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/01 18:00:09.0836 2648 nv (84c65aa58ae1ede93716439267a23d40) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/01 18:00:10.0320 2648 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/08/01 18:00:10.0680 2648 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/08/01 18:00:11.0039 2648 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/01 18:00:11.0461 2648 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/01 18:00:11.0836 2648 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/01 18:00:12.0211 2648 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/08/01 18:00:12.0633 2648 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/01 18:00:13.0117 2648 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/01 18:00:13.0492 2648 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/01 18:00:13.0898 2648 PAVDRV (7900ea032d6ed4f9adc9959c3beb5f43) C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
2011/08/01 18:00:14.0320 2648 PavProc (4d575c14fce1ec32c45ec8ceefbafa3a) C:\WINDOWS\system32\DRIVERS\PavProc.sys
2011/08/01 18:00:15.0336 2648 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/01 18:00:16.0023 2648 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/01 18:00:16.0398 2648 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/01 18:00:18.0132 2648 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/01 18:00:18.0476 2648 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/01 18:00:18.0913 2648 PnkBstrK (8292465b89d95eb4f78c46709b7a9888) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011/08/01 18:00:19.0304 2648 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/01 18:00:19.0726 2648 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/01 18:00:20.0132 2648 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/01 18:00:20.0523 2648 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/01 18:00:20.0898 2648 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/01 18:00:21.0288 2648 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/01 18:00:21.0632 2648 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/01 18:00:21.0991 2648 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/01 18:00:22.0351 2648 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/01 18:00:22.0726 2648 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/01 18:00:23.0101 2648 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/01 18:00:23.0507 2648 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/01 18:00:23.0897 2648 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/01 18:00:24.0241 2648 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/01 18:00:24.0679 2648 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/01 18:00:25.0116 2648 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/01 18:00:25.0538 2648 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/01 18:00:25.0991 2648 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/01 18:00:26.0397 2648 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/01 18:00:26.0585 2648 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
2011/08/01 18:00:27.0100 2648 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
2011/08/01 18:00:27.0507 2648 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/08/01 18:00:27.0897 2648 SCDEmu (46b50c07abfda51d9b22212eaeb82d2b) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/08/01 18:00:28.0381 2648 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/01 18:00:28.0788 2648 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/01 18:00:29.0241 2648 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/01 18:00:29.0631 2648 ShldDrv (00deba8b42eeb9658ac59bdca025607f) C:\WINDOWS\system32\drivers\ShldDrv.sys
2011/08/01 18:00:30.0319 2648 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/01 18:00:30.0694 2648 SMSFLT (5ff7370a83ac6f163cfba43d053b3e92) C:\WINDOWS\system32\Drivers\SMSFLT.SYS
2011/08/01 18:00:31.0131 2648 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/01 18:00:31.0491 2648 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/01 18:00:32.0084 2648 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/01 18:00:32.0084 2648 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/08/01 18:00:32.0116 2648 sptd - detected LockedFile.Multi.Generic (1)
2011/08/01 18:00:32.0584 2648 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/01 18:00:33.0069 2648 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/01 18:00:33.0584 2648 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/01 18:00:34.0006 2648 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/01 18:00:34.0365 2648 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/01 18:00:34.0709 2648 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/01 18:00:35.0068 2648 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/01 18:00:35.0428 2648 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/01 18:00:35.0803 2648 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/01 18:00:36.0318 2648 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/01 18:00:36.0881 2648 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/01 18:00:37.0225 2648 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/01 18:00:37.0646 2648 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/01 18:00:38.0224 2648 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/08/01 18:00:38.0693 2648 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/01 18:00:39.0193 2648 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys
2011/08/01 18:00:39.0615 2648 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/01 18:00:39.0959 2648 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/01 18:00:40.0599 2648 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/01 18:00:41.0193 2648 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/01 18:00:41.0630 2648 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/01 18:00:42.0021 2648 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/01 18:00:42.0427 2648 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/01 18:00:42.0990 2648 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/01 18:00:43.0349 2648 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/01 18:00:43.0787 2648 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/01 18:00:44.0130 2648 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/01 18:00:44.0490 2648 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/01 18:00:44.0974 2648 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/01 18:00:45.0333 2648 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/01 18:00:45.0786 2648 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/01 18:00:46.0130 2648 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/01 18:00:46.0474 2648 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/01 18:00:46.0911 2648 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/01 18:00:47.0286 2648 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/08/01 18:00:48.0114 2648 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/01 18:00:48.0802 2648 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/01 18:00:49.0552 2648 WNMFLT (68fd64a36ae9dbe3a8ec177d8353f6af) C:\WINDOWS\system32\Drivers\WNMFLT.SYS
2011/08/01 18:00:49.0942 2648 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/01 18:00:50.0302 2648 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/01 18:00:50.0802 2648 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/01 18:00:51.0192 2648 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/01 18:00:51.0255 2648 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
2011/08/01 18:00:51.0286 2648 Boot (0x1200) (4ffc60614816fe20a9763f649d081013) \Device\Harddisk0\DR0\Partition0
2011/08/01 18:00:51.0302 2648 Boot (0x1200) (f6b44cd6b04a8002db50df95d89d60e4) \Device\Harddisk0\DR0\Partition1
2011/08/01 18:00:51.0302 2648 ================================================================================
2011/08/01 18:00:51.0302 2648 Scan finished
2011/08/01 18:00:51.0302 2648 ================================================================================
2011/08/01 18:00:51.0317 3848 Detected object count: 1
2011/08/01 18:00:51.0317 3848 Actual detected object count: 1
2011/08/01 18:01:50.0500 3848 LockedFile.Multi.Generic(sptd) - User select action: Skip
  • 0

#42
Cold Titanium
Posted 01 August 2011 - 09:00 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Do you have your install disk?

Step #1

  • Reboot your computer and as Windows starts it will present you with your startup options
  • With the arrows keys on your keyboard select the option listed as Microsoft Windows Recovery Console and press the enter key on your keyboard.
  • The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.
  • It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter.
  • If you entered the correct password you will now be presented with a C:\Windows> prompt and you can start using the Recovery Console.
  • Type in the following and press enter

fixmbr

shutdown -r

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Step #2

Reboot into normal mode

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post the aswMBR.txt
  • 0

#43
Anderwolf
Posted 02 August 2011 - 12:43 PM

Anderwolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
I am pretty sure I have my install disc somewhere, I will search for it. In the meantime I tried to start up the recovery console but I didn't have any options to do so. Did you mean for me to insert the RC disc first that I burned previously?
  • 0

#44
Cold Titanium
Posted 02 August 2011 - 01:28 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Yes try that then
  • 0

#45
Anderwolf
Posted 02 August 2011 - 02:59 PM

Anderwolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Used the disc to run recovery console, still getting the same problem as before. The drive it lists is 1: H:\MiniNT instead of 1: C:WINDOWS. Is that being caused by the virus? And should I not continue at this point?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP