Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

rootkit tdss.tdl4

Started by bleew , Jun 24 2011 01:08 PM

  • This topic is locked This topic is locked

#1
bleew
Posted 24 June 2011 - 01:08 PM

bleew

    New Member

  • Member
  • Pip
  • 9 posts
Dear experts

After days of searching over the net,I finally decided to start this topic though it has been already mentioned in similar threads.I have the same problem as described in this thread.I found rootkit tdss.tdl4 on mbr of my hdd with TDSSkiller.I selected the cure option with simply crossing on mind that sth just went wrong.I installed Acronis True Image,then I was prompted to restart.Hereafter start all my headaches.I can't boot the PC in neither last good config nor safe mode,giving me BSOD with STOP ERROR 0x7b,0x34.Nonetheless I started to do repair install of win xp, but the win xp installation disk couldn't detect the previous windows installation, So as I just said about reading similar threads,I downloaded OTLPE.exe,burned it to cd,managed to boot off and saw the my hd drives and files were there.I ran memory diagnostic tests and chkdsk /r,also installed recovery console and it just detected my windows installation.I didn't dare to fixmbr and fixboot as I read about it in other threads that may result in partition table corruption or data loss.

PS.I didn't attach the OTL.txt as it may need to be run with custom scan file.
Any help would be appreciated?
Kind regards.
  • 0

Advertisements

#2
Aaron
Posted 25 June 2011 - 11:51 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi, welcome to Geeks to Go :) !
I'm Aaron and I will be helping you with your problem(s).

Before we start I need to mention a few things:
  • Please post all the requested logs directly in your reply, do not attach or put them in Quote/Code boxes unless asked to.
  • Try to reply every day please, I'll try to do the same. If this topic is inactive for 3 days, then it will be closed.
  • Note that removing malware is not instantaneous, I requires a specific process to be removed completely. Running antimalware removal tools I didn't ask for might slow this process down.
  • If you have any questions, don't hesitate to ask!

You already have OTLPE so lets try to run systemrestore from there:

  • Run OTLPE
  • Under the Posted Image at the bottom, paste in the following

    restorepoints
  • Then click the Posted Image button at the top
  • Let the program run unhindered and post the log it produces in your next reply.

Since when day didn't your computer boot anymore, only today?

- Maser00
  • 0

#3
Aaron
Posted 28 June 2011 - 03:42 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Aaron
Posted 28 June 2011 - 05:13 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
User asked to open topic again.
  • 0

#5
bleew
Posted 28 June 2011 - 08:19 AM

bleew

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Maser00

Thanks for your reply. Sorry, I couldn't make to reply sooner.

It has been about a week since this happend.Sth I forgot to mention:

I had a pervious version of Acronis True Image which wasn't working. When I tried to uninstall in usual way, it said it couldn't be uninstalled because the uninstall entry was broken or sth. So I tried the Acronis Cleanup Utility and it said the product was successfully uninstalled, but after using that I noticed that the Turn off Button is missing. Now I suspect the Cleanup Utility could have been the culprit as I read about it other people getting into BSOD after using the tool.

Here's the log. As you can see there are two restore points.I tried backing up the possibly corrupt registry hives and replacing them with the correct ones from older restore point created before uninstalling the previous version of Acronis True Image, but still get BSOD, even in safe mode.I'm confused if it's the tdss,corrupt registry or driver issues. Please advise me on my next move.

OTL logfile created on: 6/28/2011 4:32:09 AM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 714.00 Mb Available Physical Memory | 70.00% Memory free
907.00 Mb Paging File | 842.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.63 Gb Total Space | 0.83 Gb Free Space | 5.69% Space Free | Partition Type: FAT32
Drive D: | 20.50 Gb Total Space | 0.20 Gb Free Space | 0.99% Space Free | Partition Type: FAT32
Drive E: | 20.73 Gb Total Space | 0.30 Gb Free Space | 1.45% Space Free | Partition Type: FAT32
Drive G: | 7.53 Gb Total Space | 4.33 Gb Free Space | 57.51% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========
1
SRV - File not found [Disabled] -- -- (WDSmartWareBackgroundService)
SRV - File not found [Disabled] -- -- (WDDMService)
SRV - File not found [Disabled] -- -- (OnlookerServ)
SRV - File not found [Disabled] -- -- (msav)
SRV - File not found [Disabled] -- -- (LEC TranslateDotNet Server)
SRV - [2011/06/21 19:21:56 | 002,480,048 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/02/25 15:37:44 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Disabled] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Disabled] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/09/26 18:59:12 | 000,139,264 | ---- | M] (SOURCENEXT) [Disabled] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2010/04/27 22:42:16 | 000,344,064 | ---- | M] () [Disabled] -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - [2010/04/27 18:19:16 | 000,245,760 | ---- | M] (SMServer) [Disabled] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SMServer)
SRV - [2010/03/18 13:10:16 | 001,488,728 | ---- | M] () [Disabled] -- E:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe -- (AAMWService)
SRV - [2010/03/01 00:49:44 | 000,053,248 | ---- | M] () [Disabled] -- E:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe -- (AAMW_WSC_Service_XP)
SRV - [2010/02/02 11:06:18 | 000,120,832 | ---- | M] (SUPERAntiSpyware.com) [Disabled] -- E:\Program Files\SUPERAntiSpyware\SASCore.exe -- (SASCORE)
SRV - [2009/11/12 03:49:10 | 000,660,664 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/09/08 13:46:32 | 001,012,040 | ---- | M] (Sunbelt Software) [Disabled] -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009/07/15 10:44:18 | 000,749,912 | ---- | M] () [Disabled] -- E:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe -- (AASW2_Service)
SRV - [2009/05/19 23:58:14 | 000,077,944 | ---- | M] (Autodesk) [Disabled] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/09/29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008/09/29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2008/09/29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2008/09/29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2008/07/11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Disabled] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto] -- D:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Disabled] -- D:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2005/06/29 05:45:14 | 000,149,152 | ---- | M] (Hummingbird Ltd.) [Disabled] -- E:\Program Files\Hummingbird\Connectivity\11.00\HostExplorer\PrintServices\PESRV.exe -- (PESRV)
SRV - [2005/06/29 05:44:02 | 000,054,928 | ---- | M] (Hummingbird Ltd.) [Disabled] -- E:\Program Files\Hummingbird\Connectivity\11.00\InetD\inetd32.exe -- (HCLInetd)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WINIO)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (sptd)
DRV - File not found [Kernel | Boot] -- -- (snapman)
DRV - File not found [Kernel | On_Demand] -- -- (RRMONX)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand] -- -- (PCIUtil)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GT681x)
DRV - File not found [Kernel | Auto] -- -- (DS1410D)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz134)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [File_System | On_Demand] -- -- (ATE_PROCMON)
DRV - File not found [Kernel | Auto] -- -- (adfs)1
DRV - [2011/06/21 19:22:02 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/06/21 19:21:32 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2011/06/21 19:21:18 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011/03/28 22:16:40 | 000,098,160 | ---- | M] (Tonec Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2011/02/25 15:37:40 | 000,008,864 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2011/01/07 13:49:18 | 000,065,856 | ---- | M] (WinMount International Inc) [File_System | System] -- C:\WINDOWS\system32\drivers\WMDrive.sys -- (WMDrive)
DRV - [2010/09/26 18:59:12 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/08/30 20:37:18 | 000,002,368 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\PARCLASS1.sys -- (PARCLASS1)
DRV - [2010/04/28 08:38:54 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010/04/12 13:14:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/12 20:22:02 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2010/02/24 15:41:00 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/02/24 15:40:50 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2010/02/02 11:06:18 | 000,077,896 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/02 11:06:18 | 000,013,384 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/02 11:06:18 | 000,004,096 | R--- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- E:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/30 12:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/04 11:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/12/04 11:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/12/04 11:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/12/04 11:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/12/04 11:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/15 09:17:58 | 000,203,056 | ---- | M] (Sunbelt Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (sbtis)
DRV - [2009/02/13 22:32:52 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/02/10 17:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System] -- D:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/12/31 20:30:00 | 004,127,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/09/29 08:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/09/29 08:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/09/29 08:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/09/29 08:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2008/09/29 08:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/09/29 08:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/06/08 09:37:56 | 000,132,904 | ---- | M] (Ahead Software AG) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv)
DRV - [2008/06/08 09:37:46 | 000,011,304 | ---- | M] (Ahead Software AG) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv)
DRV - [2008/04/02 09:27:28 | 000,038,592 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vacjrmkd.sys -- (EuMusDesignVirtualAudioCableWdm_jrm)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/02/14 04:57:38 | 000,131,672 | ---- | M] (Paragon) [Kernel | System] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2008/02/14 04:57:38 | 000,039,472 | ---- | M] (Paragon Software Group) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2008/02/14 04:57:38 | 000,032,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/02/22 11:28:48 | 000,030,864 | ---- | M] (Licensed for Sysinfo Lab) [Kernel | Auto] -- D:\Program Files\ASTRA32\astra32.sys -- (ASTRA32)
DRV - [2007/02/16 05:27:06 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/11/21 09:18:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 13:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 13:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 13:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 13:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 13:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 13:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 13:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 13:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 13:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.IID-A0EBCVZ23NJ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autoco...?si=7981&bi=400
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.autoco...?si=7981&bi=400
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autoco...?si=7981&bi=400
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autoco...?si=7981&bi=400
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Search,Search Page = http://search.autoco...?si=7981&bi=400
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Owner_ON_C\..\URLSearchHook: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - File not found
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\systemprofile_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:7.2.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2011/03/24 19:24:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/10/23 19:37:42 | 000,000,000 | ---D | M]

[2011/05/19 14:55:26 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\IDM\IDMMZCC3
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U0SOVWV7.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U0SOVWV7.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U0SOVWV7.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U0SOVWV7.DEFAULT\EXTENSIONS\[email protected]
[2009/05/19 13:24:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2011/03/05 20:10:40 | 000,000,936 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SearchWin) - {48A9D9E3-DD0A-11D5-8BD1-00A0CCE781D4} - E:\Program Files\SearchWin\SWBand.dll (Software by DalesPlace)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [ShStatEXE] E:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 219
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - E:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - E:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - E:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Program Files\Hummingbird\Connectivity\11.00\Exceed\humshmx.dll (Hummingbird Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Program Files\Hummingbird\Connectivity\11.00\Exceed\humshmx.dll (Hummingbird Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Program Files\Hummingbird\Connectivity\11.00\Exceed\humshmx.dll (Hummingbird Ltd.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\permham: DllName - C:\Documents and Settings\Owner\Local Settings\Application Data\permham.dll - C:\Documents and Settings\Owner\Local Settings\Application Data\permham.dll ()
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O20 - Winlogon\Notify\winjqa32: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (4 | ---- | M] (Microsoft Corpor) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/08 20:19:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/11/29 13:10:48 | 000,000,000 | ---D | M] - D:\Autocad 2005 -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{466f966a-fc62-11de-b74f-d9690efa284a}\Shell - "" = AutoRun
O33 - MountPoints2\{466f966a-fc62-11de-b74f-d9690efa284a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{466f966a-fc62-11de-b74f-d9690efa284a}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 19:22:01 | 000,160,288 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys
[2011/06/21 19:21:30 | 000,911,680 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpm258.sys
[2011/06/21 19:21:08 | 000,581,984 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2011/06/21 19:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Acronis
[2011/06/21 19:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2011/06/21 19:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2011/06/21 18:28:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/06/21 17:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\MyBackups
[2011/06/21 16:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Anti-Malware
[2011/06/20 15:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/18 23:16:34 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/06/18 15:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/16 00:11:44 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/06/16 00:11:44 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2011/06/16 00:11:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2011/06/16 00:11:43 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2011/06/16 00:11:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/06/16 00:11:42 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/06/16 00:11:42 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2011/06/16 00:11:42 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2011/06/16 00:11:41 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2011/06/16 00:11:40 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2011/06/16 00:11:40 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2011/06/16 00:11:39 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2011/06/16 00:11:38 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/06/16 00:11:38 | 001,211,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2011/06/16 00:11:37 | 005,964,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/06/16 00:11:36 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2011/06/16 00:03:08 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2011/06/16 00:02:37 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/16 00:02:15 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/06/15 23:56:26 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/06/15 23:55:22 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/06/05 02:39:56 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/06/01 14:11:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\temp.007
[2011/06/01 14:09:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\temp.006
[2011/06/01 14:07:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\temp.005
[2011/06/01 14:06:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\temp.004
[2011/06/01 13:57:10 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ArchSet1.exe
[2011/06/01 13:57:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\temp.003
[2011/05/24 16:14:58 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL ) -- C:\Documents and Settings\Owner\Application Data\nb-setup.exe
[2004/06/13 16:04:08 | 000,626,688 | ---- | C] (Arcadia Software Development) -- C:\Program Files\Common Files\PowerButton.ocx
[2003/03/20 12:21:52 | 000,409,600 | ---- | C] (ActiveLock) -- C:\Program Files\Common Files\activelock1884.ocx
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/21 19:22:02 | 000,160,288 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys
[2011/06/21 19:21:32 | 000,911,680 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpm258.sys
[2011/06/21 19:21:18 | 000,581,984 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2011/06/21 19:20:50 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Acronis One-Click Backup.lnk
[2011/06/21 19:20:50 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Acronis True Image Home 2010.lnk
[2011/06/21 19:09:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/21 16:28:18 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/21 13:09:50 | 000,226,304 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 03:08:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/20 17:46:26 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/19 16:36:40 | 000,005,610 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/19 16:36:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/18 23:17:02 | 000,003,084 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\log.xml
[2011/06/18 23:16:36 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/06/18 23:10:04 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/18 18:39:30 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\permham.dll
[2011/06/16 00:16:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/06 01:00:02 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/05 01:45:22 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/05 01:45:22 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/04 23:31:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/02 01:55:02 | 007,283,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/01 14:11:36 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ArchSet1.exe
[2011/06/01 14:11:34 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\temp.007
[2011/06/01 14:09:54 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\temp.006
[2011/06/01 14:08:00 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\temp.005
[2011/06/01 14:06:04 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\temp.004
[2011/06/01 13:57:12 | 000,001,591 | ---- | M] () -- C:\WINDOWS\ST6UNST.006
[2011/06/01 13:57:08 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\temp.003
[2011/05/31 22:39:18 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/05/31 02:49:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/30 20:42:34 | 000,498,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/30 20:42:34 | 000,094,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/21 19:20:49 | 000,001,798 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Acronis One-Click Backup.lnk
[2011/06/21 19:20:48 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Acronis True Image Home 2010.lnk
[2011/06/18 18:39:29 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\permham.dll
[2011/06/18 15:37:49 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/04 23:29:57 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/01 13:57:06 | 000,001,591 | ---- | C] () -- C:\WINDOWS\ST6UNST.006
[2011/05/24 16:14:57 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2011/05/22 23:45:29 | 000,000,158 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2011/05/06 21:25:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/20 16:47:33 | 000,000,093 | ---- | C] () -- C:\WINDOWS\NoClose.ini
[2011/03/16 23:11:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2011/03/11 00:15:50 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\tcusbdrv.dll
[2011/03/04 22:51:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wininet.exe
[2011/02/28 00:39:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\Mscuistf.dll
[2011/02/25 15:37:38 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2011/01/29 15:34:29 | 000,120,376 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
[2011/01/29 15:34:29 | 000,097,888 | ---- | C] () -- C:\WINDOWS\System32\rrsec2k.exe
[2011/01/19 18:07:16 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\winscp.rnd
[2010/11/12 13:06:18 | 000,038,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\vacjrmkd.sys
[2010/11/11 21:58:19 | 000,000,048 | ---- | C] () -- C:\WINDOWS\REGKEYNT.INI
[2010/11/09 21:31:22 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\GSComm.dll
[2010/11/09 21:31:17 | 000,002,139 | ---- | C] () -- C:\WINDOWS\vissim.ini
[2010/11/02 19:41:15 | 000,035,000 | ---- | C] () -- C:\WINDOWS\System32\mxntdfg.exe
[2010/10/25 21:38:07 | 000,042,584 | ---- | C] () -- C:\WINDOWS\SETUPQSB.EXE
[2010/10/23 19:02:25 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/10/22 17:28:14 | 001,584,149 | ---- | C] () -- C:\WINDOWS\System32\setupapinew.dll
[2010/10/22 17:28:14 | 000,789,525 | ---- | C] () -- C:\WINDOWS\System32\rpcrt4new.dll
[2010/10/22 17:28:14 | 000,633,871 | ---- | C] () -- C:\WINDOWS\System32\user32new.dll
[2010/10/22 17:28:14 | 000,134,671 | ---- | C] () -- C:\WINDOWS\System32\winstanew.dll
[2010/10/22 17:28:14 | 000,096,783 | ---- | C] () -- C:\WINDOWS\System32\powrprofnew.dll
[2010/10/22 17:28:14 | 000,087,558 | ---- | C] () -- C:\WINDOWS\System32\ntdsapinew.dll
[2010/10/22 17:28:14 | 000,072,707 | ---- | C] () -- C:\WINDOWS\System32\secur32new.dll
[2010/10/22 17:28:14 | 000,025,037 | ---- | C] () -- C:\WINDOWS\System32\Nucleus.dll
[2010/10/22 17:28:14 | 000,000,236 | -H-- | C] () -- C:\Program Files\Common Files\dx.reg
[2010/10/22 17:28:13 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2010/10/22 17:28:13 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
[2010/10/22 17:28:13 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll
[2010/10/22 17:28:13 | 000,167,948 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll
[2010/10/22 17:28:13 | 000,039,948 | ---- | C] () -- C:\WINDOWS\System32\dwmapi.dll
[2010/10/22 17:28:11 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2010/10/22 17:28:11 | 000,974,354 | ---- | C] () -- C:\WINDOWS\System32\crypt32new.dll
[2010/10/22 17:28:11 | 000,770,069 | ---- | C] () -- C:\WINDOWS\System32\advapi32new.dll
[2010/10/22 17:28:11 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2010/10/22 17:28:11 | 000,171,023 | ---- | C] () -- C:\WINDOWS\System32\apphelpnew.dll
[2010/10/07 14:32:41 | 000,000,019 | ---- | C] () -- C:\WINDOWS\wp.ini
[2010/10/07 14:32:40 | 000,002,303 | ---- | C] () -- C:\WINDOWS\wp3.ini
[2010/10/07 14:29:17 | 000,002,303 | ---- | C] () -- C:\WINDOWS\guess.ini
[2010/10/07 14:29:06 | 000,002,303 | ---- | C] () -- C:\WINDOWS\wp2.ini
[2010/10/07 02:57:53 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/10/07 02:57:53 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/07 02:57:47 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/30 20:37:17 | 000,002,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\PARCLASS1.sys
[2010/08/27 13:26:24 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2010/07/24 20:57:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\djvppm.dll
[2010/07/12 14:15:48 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/07/12 14:15:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/07/06 04:01:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\krx260.dat
[2010/07/03 02:29:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\w32apiw.dll
[2010/07/02 01:20:49 | 000,000,034 | ---- | C] () -- C:\WINDOWS\winver.ini
[2010/05/26 21:33:46 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2010/04/22 22:41:51 | 000,000,046 | ---- | C] () -- C:\WINDOWS\PIC1XXXDIS.INI
[2010/04/21 17:45:21 | 000,000,281 | ---- | C] () -- C:\WINDOWS\w32demo8.ini
[2010/04/21 15:07:04 | 000,011,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2010/04/21 15:07:03 | 000,247,560 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2010/04/21 15:07:02 | 004,244,744 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2010/04/03 18:46:45 | 000,016,060 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Cracklock.settings
[2010/04/03 14:37:22 | 002,767,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/02 22:11:38 | 000,000,011 | ---- | C] () -- C:\WINDOWS\v34peformatei.dll
[2010/04/02 22:11:38 | 000,000,011 | ---- | C] () -- C:\WINDOWS\eithirtyfour.dll
[2010/04/02 22:11:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tellei34.sys
[2010/04/02 22:11:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sysaddei34.dll
[2010/03/30 21:25:04 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\regxplor.dll
[2010/03/27 20:11:13 | 000,000,616 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/03/27 17:47:30 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2010/03/25 16:32:36 | 000,001,289 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2010/03/03 21:10:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/24 23:11:24 | 000,794,906 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2010/02/24 23:11:24 | 000,004,192 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/02/23 14:05:43 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2010/02/22 00:15:57 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/02/18 20:59:48 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/02/07 22:20:46 | 000,000,048 | ---- | C] () -- C:\WINDOWS\ClonyDrives.ini
[2010/02/07 22:19:24 | 000,000,351 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2010/02/07 20:05:17 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2010/01/30 23:37:04 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/12/24 17:14:07 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\haspaddr.dat
[2009/12/24 17:08:02 | 000,000,205 | ---- | C] () -- C:\WINDOWS\aksmon.ini
[2009/12/24 13:51:14 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2009/11/26 15:17:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Infob.dat
[2009/11/26 15:17:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Infoa.dat
[2009/11/25 23:30:33 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/11/25 16:07:15 | 000,069,681 | ---- | C] () -- C:\WINDOWS\System32\ympguninst.exe
[2009/11/20 17:37:41 | 000,000,226 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/30 19:36:31 | 000,018,991 | ---- | C] () -- C:\WINDOWS\System32\Vmscnt3.dll
[2009/09/22 23:47:33 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\rvkauth2.dll
[2009/09/22 23:47:33 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\rvkauth1.dll
[2009/09/22 23:47:33 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\prsrvk.dll
[2009/09/22 22:59:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WBunit.INI
[2009/09/22 22:48:06 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\Sx32w.dll
[2009/09/21 23:28:30 | 000,000,009 | ---- | C] () -- C:\WINDOWS\windatser.ini
[2009/09/19 20:58:47 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\RockVdd.dll
[2009/09/18 00:56:03 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2009/08/31 15:09:39 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SIMSYNTH.INI
[2009/08/22 18:23:14 | 000,000,892 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2009/08/22 18:16:54 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\PDF2TXT.DAT
[2009/08/13 23:48:40 | 000,003,506 | ---- | C] () -- C:\WINDOWS\System32\events.dat
[2009/07/30 23:30:58 | 000,003,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\NTHANDLE.SYS
[2009/07/23 02:31:32 | 000,000,082 | ---- | C] () -- C:\WINDOWS\sremcon.dat
[2009/07/22 03:51:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hdduinst.exe
[2009/07/22 03:08:07 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/07/22 03:08:07 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/07/22 01:48:31 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\Ry4CoInst.dll
[2009/06/17 15:54:45 | 000,936,288 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/06/17 15:53:55 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2009/06/03 23:46:37 | 000,000,070 | ---- | C] () -- C:\WINDOWS\RegisterRSM.ini
[2009/05/31 23:01:02 | 000,000,165 | ---- | C] () -- C:\WINDOWS\_pdf2word.INI
[2009/05/28 21:43:04 | 000,000,062 | ---- | C] () -- C:\WINDOWS\TEXTware.ini
[2009/05/28 21:42:55 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\TWAIED02.DLL
[2009/05/28 21:42:53 | 000,099,092 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2009/05/28 21:42:52 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\Twavbx32.dll
[2009/05/28 21:42:52 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll
[2009/05/28 21:42:50 | 000,209,408 | ---- | C] () -- C:\WINDOWS\System32\TWASBB01.DLL
[2009/05/28 21:42:50 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\TWASFI.DLL
[2009/05/28 21:42:48 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ILXTBS.DLL
[2009/05/28 21:42:47 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ILXTBL.DLL
[2009/05/28 21:42:47 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ILXIMC.DLL
[2009/05/28 21:42:46 | 000,322,048 | ---- | C] () -- C:\WINDOWS\System32\IllViSup.dll
[2009/05/21 17:15:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2009/05/21 12:59:02 | 000,000,042 | ---- | C] () -- C:\WINDOWS\naw.ini
[2009/05/20 21:44:31 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/05/14 18:40:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\wbhelper.exe
[2009/05/09 22:58:37 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/05/09 22:18:37 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/09 20:16:46 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/08 21:24:15 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/05/08 20:34:19 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/05/08 20:21:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/08 20:17:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/08 20:09:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/08 20:08:33 | 007,283,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/31 20:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/12/31 20:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/12/31 20:30:00 | 000,498,584 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/31 20:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/12/31 20:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/12/31 20:30:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/12/31 20:30:00 | 000,094,450 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/31 20:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/12/31 20:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/12/31 20:30:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/12/31 20:30:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\m7r6xrz.dll
[2008/12/31 20:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/12/31 20:30:00 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\jr1yf8u.dll
[2008/12/31 20:30:00 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/12/31 20:30:00 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/12/31 20:30:00 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2008/12/31 20:30:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\g0eo7hh.dll
[2007/09/09 09:07:12 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\ympg.dll
[2007/09/09 09:06:48 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ympgcdc.dll
[2007/04/11 12:44:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Maple_FP.dll
[2007/01/23 16:41:20 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/28 15:56:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/11/02 20:40:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/10/04 01:03:54 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/05/04 10:36:12 | 000,245,760 | R--- | C] () -- C:\WINDOWS\System32\setupsup.dll
[2006/01/11 17:20:30 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\ctxmagic.dll
[2005/10/14 13:26:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 13:26:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 13:26:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/07/15 23:05:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 23:05:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 23:05:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/07/26 21:24:52 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\hackman2.dll
[2003/02/05 23:04:23 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\debuggy.dll
[2002/10/16 03:24:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002/04/24 17:02:08 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\ctxmlsnd.dll
[2002/03/21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/08/29 19:57:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\addurl41.DLL
[2001/08/13 21:09:48 | 000,659,520 | ---- | C] () -- C:\WINDOWS\System32\vbid3lib.dll
[2001/07/10 14:43:16 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\winwatch.DLL
[2001/04/20 20:23:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PManager.dll
[2000/11/28 00:00:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\vcu.ini
[2000/11/28 00:00:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\rgt32.ini
[2000/09/21 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\Cdv.dll
[1998/09/07 02:03:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\System32\Cdio16.dll
[1998/09/07 01:55:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\cdio32.dll
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1997/12/19 00:03:38 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[1997/03/25 05:02:00 | 000,906,784 | ---- | C] () -- C:\WINDOWS\System32\OWL52f.dll
[1996/11/18 22:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2SODBC.DLL
[1996/11/18 22:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[1996/11/18 22:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL
[1996/11/18 22:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[1996/08/20 08:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[1996/03/22 00:32:26 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\DLWBC31.DLL

========== LOP Check ==========

[2010/10/22 19:48:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SD).job
[2010/10/30 23:57:30 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2011/05/31 22:39:18 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========



========== Restore Points Found ==========
[2011/06/21 19:17:48 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{63DBED25-11B3-4FB5-B41E-65A0ADF4B333}\RP704\snapshot
[2011/06/21 18:08:58 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{63DBED25-11B3-4FB5-B41E-65A0ADF4B333}\RP703\snapshot
  • 0

#6
Aaron
Posted 28 June 2011 - 10:28 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
we'll see if system restore helps or not. It won't help if the MBR is the problem, but I'm not 100% sure whether the MBR is the problem here or not.

Run OTLPE again

  • Under the Posted Image box at the bottom, paste in the following

    :restorepoint
[2011/06/21 18:08:58 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{63DBED25-11B3-4FB5-B41E-65A0ADF4B333}\RP703\snapshot
  • Then click the Posted Image button at the top
  • Let the program run unhindered!
  • After the fix, reboot in normal mode. Sometimes there is a BSOD when we use system restore this way, if this occurs then try again and it will boot normally next time.

  • 0

#7
bleew
Posted 28 June 2011 - 11:11 AM

bleew

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I did what you told by OTLPE, but the system restore didn't work as I think I had done that by manually copying the registry hives. It didin't boot in any mode. Is it possible that it can be related to bad or corrupt driver issues or what the Cleanup Utility did?
what about MBR? Is it always safe to write to MBR?
  • 0

#8
Aaron
Posted 28 June 2011 - 01:46 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
A few things:
- Is your C: drive only 15 gig?
- Remove AutocompletePro asap.

Let's see if removing some malware helps:

Copy the attached Attached File  Fix.txt   3.64KB   251 downloads to a USB
Start OTLPE as you did previously from CD

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
- Maser00
  • 0

#9
bleew
Posted 29 June 2011 - 03:29 AM

bleew

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Yes,my C: drive is 15 gig.
It didn't work. Same result. Instant reboot, both in normal and safe mode.

I'm really beginning to wonder what can be the cause of the this issue. I know I asked for your help Malware Removal forum, but according to the story, is it possible that the problem comes from somewhere else?

Edited by bleew, 29 June 2011 - 04:00 AM.

  • 0

#10
Aaron
Posted 29 June 2011 - 04:02 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
I still have a few things in mind :)

============ Step one ============

Note: only proceed with the next steps if you only have one operating system on your computer (no dualboot).

You will need your Windows XP cd for this.

  • Put the Windows XP cd in your computer and restart.
  • Press a key when you are prompted.
    Note: If Windows loads automatically, you will first have to enter the BIOS setup and change the order of the boot devices to start with the CD drive.
  • Once the setup loads, you will see the option to press R to repair a Windows installation.
  • Once the Recovery Console loads up, you will have to type in a number that corresponds to your Windows installation. This is normally just 1. Press Enter and then type in the Administrator password (just enter if you don't have one).
  • Now at the prompt, type in fixmbr and [enter].
  • Restart you computer.
If your computer still doesn't boot, repeat these steps but now use fixboot instead.

============ Step two ============

Only continue if your computer still doesn't boot.

Just before the Windows loading screen appears, or just before your PC automatically restarts, press the F8 key to enter Advanced Boot Options.
Do you see this option “Disable automatic restart on system failure” on that list? If possible, select it and press [ENTER]

Posted Image

Now your computer won't keep restarting but show you the BSOD instead. Please post the description, the Windows STOP message and the filename in your next reply (it's possible they aren't all displayed, just post what you can):

Posted Image

============ Step three ============

Go to C:\Windows\Minidump\ select all the .dmp files and zip them, this is how:

Right-click the selected files, point to Send To and then click Compressed (zipped) Folder.
A new compressed folder is created, right-click the folder, click Rename and type Minidumps . Now place this folder on your desktop and upload it to the forum: see THIS topic for more information.
  • 0

Advertisements

#11
bleew
Posted 29 June 2011 - 09:17 AM

bleew

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks.
I did fixmbr and fixboot, really frustrating, didn't work either. The STOP code was still the same I reported in my first post. But the exact one is

A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical information:

*** STOP: 0x0000007B (0xF79CD528, 0xC0000034, 0x00000000, 0x00000000)

I looked before in minidump folder, but was empty.

What options have I still got?
  • 0

#12
Aaron
Posted 29 June 2011 - 10:20 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Did you get the confirmation that the MBR was correctly written?
Did you changed any options in the BIOS since you got this problem?
  • 0

#13
bleew
Posted 29 June 2011 - 01:16 PM

bleew

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
The MBR was correctly written. I got confirmation for that.
I didn't change any options in BIOS.

If there are any options left for me, please let me know. Otherwise I think I should go with a clean install. I really appreciate all your help. :)
  • 0

#14
Aaron
Posted 29 June 2011 - 04:02 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
I can discuss this with my colleagues if you want to. A clean install will help for sure, but maybe you would rather see your computer fixed another way.
What do you think is the easiest for you? I don't mind helping you with this.

- Maser00
  • 0

#15
bleew
Posted 29 June 2011 - 05:31 PM

bleew

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I would really appreciate discussing it with your colleagues.

Actually, it doesn't satisfy me to simply ignore the time spent to solve the problem and ending up to the same result that I could have taken in the first place without wasting your time.

Thanks for your support.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP