Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Reposting: Trojans, Bing Redirects, Hidden Files

Started by dipaoj , Jul 13 2011 06:10 PM

  • This topic is locked This topic is locked

#16
dipaoj
Posted 15 July 2011 - 06:03 PM

dipaoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
More difficulties - when tried to run OTLPE, a window opened and then immediately closed. A "Browse for Folder" window then opened, pointing to "My Computer." Clicked "OK" and got "RunScanner Window" saying no Windows installations were found. Tried pointing to CD drive and got "RunScanner Error: Target is not Windows 2000 or later." Should I have looked somewhere else (e.g., primary hard drive) or could there be a problem with the boot disc?
  • 0

Advertisements

#17
ali.B
Posted 16 July 2011 - 01:19 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
You need to select the infected Windows Folder in order for it to open the OTLPE. you must select a windows folder
  • 0

#18
dipaoj
Posted 16 July 2011 - 06:54 AM

dipaoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Had trouble locating Windows folder - finally realized it was under drive I:\. Log is shown below. Meant to mention this yesterday, but Google windows have agaain started opening spontaneously and Bing searches are still being redirected. Also, McAfee keeps notifying that it blocked a "potentially unwanted program" from running, "Tool-NirCmd," which it quarantined from C:\Windows\Temp\SB_LIBNSIS_Temp_20110615231124.252_5. When I click to Remove it, McAfee warns that it's part of a program and might cause problems if deleted - do you know what I should do with it?

Here is the log:

OTL logfile created on: 7/16/2011 9:28:41 AM - Run
OTLPE by OldTimer - Version 3.1.47.1 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 9.12 Gb Total Space | 4.03 Gb Free Space | 44.22% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 918.54 Gb Free Space | 98.61% Space Free | Partition Type: NTFS
Drive I: | 456.60 Gb Total Space | 279.19 Gb Free Space | 61.15% Space Free | Partition Type: NTFS
Drive X: | 284.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/24 23:03:38 | 000,204,288 | ---- | M] (AMD) [Auto] -- I:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto] -- I:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] (McAfee, Inc.) [Auto] -- I:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2011/04/14 14:01:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto] -- I:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 21:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand] -- I:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto] -- I:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto] -- I:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto] -- I:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto] -- I:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto] -- I:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto] -- I:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto] -- I:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/07/06 19:14:41 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) [Auto] -- I:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/07/06 09:01:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto] -- I:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- I:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto] -- I:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto] -- I:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/24 01:24:22 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- I:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/01/24 01:20:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- I:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2010/01/08 20:28:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- I:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/01/08 20:20:30 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- I:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto] -- I:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 12:59:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled] -- I:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009/06/10 12:59:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto] -- I:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009/06/10 12:58:46 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand] -- I:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/04/29 15:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto] -- I:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto] -- I:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/06 09:01:39 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- I:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/06 09:01:39 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- I:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/06/20 10:31:32 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- I:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/05/25 00:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/05/25 00:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/24 22:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/14 14:01:38 | 000,530,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- I:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | System] -- I:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,121,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System] -- I:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/30 14:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- I:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/22 10:14:24 | 000,135,304 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot] -- I:\Windows\System32\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/03/22 10:14:22 | 000,037,512 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot] -- I:\Windows\System32\drivers\ssfs0bbc.sys -- (ssfs0bbc)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/10/24 02:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/23 14:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/27 02:50:06 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/07/24 22:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- I:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 20:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 20:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 20:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- I:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/04 20:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 15:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- I:\Windows\System32\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/13 18:21:20 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2009/02/13 18:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/02/13 02:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/08/01 02:01:00 | 000,306,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\OA002Vid.sys -- (OA002Vid)
DRV:64bit: - [2008/06/03 18:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\OA002Ufd.sys -- (OA002Ufd)
DRV:64bit: - [2007/06/08 02:00:02 | 000,219,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\OA002Afx.sys -- (OA002Afx)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- I:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/07/05 19:48:30 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- I:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/05/11 17:59:58 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/08 18:30:07] [Kernel | Auto] -- I:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Admin_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\Admin_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = http://optimum.com/
IE - HKU\Admin_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Family_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\Family_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/
IE - HKU\Family_ON_I\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Family_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0






O1 HOSTS File: ([2011/07/14 16:35:49 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - I:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - I:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110511182025.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - I:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - I:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110511182025.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - I:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Family_ON_I\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] I:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] File not found
O4 - HKLM..\Run: [mcui_exe] I:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] I:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] I:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [SPIRunE] File not found
O4 - HKLM..\Run: [SpySweeper] I:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [StartCCC] I:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] I:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\LocalService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] I:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] File not found
O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] File not found
O4 - Startup: I:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ()
O4 - Startup: I:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ()
O4 - Startup: I:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Admin_ON_I\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Family_ON_I\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\LocalService_ON_I\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_I\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\systemprofile_ON_I\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - I:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - I:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Admin_ON_I\..Trusted Domains: internet ([]about in Trusted sites)
O15:64bit: - Admin_ON_I\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15:64bit: - Admin_ON_I\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭) - File not found
O30 - LSA: Security Packages - (몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭몭) -) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - File not found - -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/16 00:54:14 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/07/15 12:12:04 | 098,075,831 | ---- | C] (Igor Pavlov) -- I:\Users\Family\Desktop\OTLPEStd.exe
[2011/07/14 15:51:52 | 000,000,000 | ---D | C] -- I:\Windows\ERDNT
[2011/07/14 15:51:46 | 000,000,000 | --SD | C] -- I:\ComboFix
[2011/07/14 15:14:51 | 000,000,000 | ---D | C] -- I:\Qoobox
[2011/07/14 14:58:04 | 004,152,661 | R--- | C] (Swearware) -- I:\Users\Family\Desktop\ComboFix.exe
[2011/07/14 07:43:59 | 001,905,664 | ---- | C] (AVAST Software) -- I:\Users\Family\Desktop\aswMBR.exe
[2011/07/13 19:39:43 | 000,000,000 | ---D | C] -- I:\Users\Family\AppData\Roaming\Malwarebytes
[2011/07/10 09:00:44 | 000,000,000 | -H-D | C] -- I:\Windows\AxInstSV
[2011/07/08 20:35:27 | 000,579,584 | ---- | C] (OldTimer Tools) -- I:\Users\Family\Desktop\OTL by OldTimer.exe
[2011/07/08 19:18:11 | 000,000,000 | ---D | C] -- I:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/08 19:18:09 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Trend Micro
[2011/07/08 18:15:05 | 000,000,000 | ---D | C] -- I:\Users\Admin\AppData\Roaming\Malwarebytes
[2011/07/08 18:14:51 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- I:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/08 18:14:51 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/08 18:14:51 | 000,000,000 | ---D | C] -- I:\ProgramData\Malwarebytes
[2011/07/08 18:14:47 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- I:\Windows\System32\drivers\mbam.sys
[2011/07/08 18:14:47 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/08 18:13:33 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- I:\Users\Admin\Desktop\Malwarebytes-setup-1.51.0.1200.exe
[2011/07/07 19:49:44 | 000,000,000 | ---D | C] -- I:\Users\Family\Desktop\tdsskiller
[2011/07/07 17:33:43 | 006,918,464 | ---- | C] (McAfee Inc.) -- I:\Users\Family\Desktop\stinger10.2.0.164.exe
[2011/07/07 13:47:03 | 000,000,000 | ---D | C] -- I:\Users\Family\AppData\Local\{BB9A683A-6381-4372-B1AA-CF92694180CE}
[2011/07/06 21:04:13 | 000,000,000 | ---D | C] -- I:\Users\Family\AppData\Local\{9614330B-8256-4F1F-A766-A477D954A522}
[2011/07/06 20:33:12 | 000,000,000 | ---D | C] -- I:\Users\Admin\AppData\Local\ElevatedDiagnostics
[2011/07/06 19:54:20 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\AMD APP
[2011/07/06 19:54:11 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Common Files\ATI Technologies
[2011/07/06 19:54:10 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\ATI Technologies
[2011/07/06 19:53:59 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/07/06 19:52:24 | 000,000,000 | ---D | C] -- I:\Program Files\ATI Technologies
[2011/07/06 19:52:18 | 000,000,000 | ---D | C] -- I:\Program Files\ATI
[2011/07/06 19:51:23 | 000,000,000 | ---D | C] -- I:\ATI
[2011/07/06 19:49:56 | 090,660,504 | ---- | C] (Advanced Micro Devices, Inc.) -- I:\Users\Family\Desktop\11-6_vista64_win7_64_dd_ccc_ocl.exe
[2011/07/06 19:20:12 | 000,000,000 | ---D | C] -- I:\Windows\Minidump
[2011/07/06 19:09:04 | 046,952,384 | ---- | C] (Webroot Software, Inc. ) -- I:\Users\Family\Desktop\SpySweeperRegSetup_EN.exe
[2011/07/06 17:55:20 | 000,000,000 | ---D | C] -- I:\Users\Family\AppData\Roaming\Webroot
[2011/07/06 17:51:45 | 000,511,328 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\capicom.dll
[2011/07/06 17:51:45 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2011/07/06 17:46:55 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\MSSOAP
[2011/07/06 17:46:55 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Common Files\MSSoap
[2011/07/06 17:46:46 | 000,017,280 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- I:\Windows\System32\SsiEfr.exe
[2011/07/06 17:46:43 | 001,563,024 | ---- | C] (Webroot Software, Inc.) -- I:\Windows\WRSetup.dll
[2011/07/06 17:46:43 | 000,000,000 | ---D | C] -- I:\Users\Admin\AppData\Roaming\Webroot
[2011/07/06 17:46:43 | 000,000,000 | ---D | C] -- I:\ProgramData\Webroot
[2011/07/06 17:46:43 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Webroot
[2011/07/06 08:59:07 | 000,000,000 | ---D | C] -- I:\Users\Family\AppData\Local\{79AF6896-BB7D-4172-AC9E-6BF943023AA1}
[2011/07/05 19:48:32 | 000,055,384 | ---- | C] (Sunbelt Software) -- I:\Windows\System32\drivers\SBREDrv.sys
[2011/07/05 19:42:21 | 000,069,376 | ---- | C] (Lavasoft AB) -- I:\Windows\System32\drivers\Lbd.sys
[2011/07/05 19:42:21 | 000,000,000 | ---D | C] -- I:\Windows\System32\DRVSTORE
[2011/07/05 19:42:15 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/07/05 19:42:15 | 000,000,000 | ---D | C] -- I:\ProgramData\Lavasoft
[2011/07/05 19:42:15 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Lavasoft
[2011/07/05 17:02:11 | 000,000,000 | ---D | C] -- I:\ProgramData\Spybot - Search & Destroy
[2011/07/05 13:29:48 | 000,000,000 | ---D | C] -- I:\Users\Family\AppData\Local\{46878C20-9A75-401D-8D42-03F1851B97F1}
[2011/07/05 01:35:36 | 000,458,096 | ---- | C] (McAfee Inc.) -- I:\Users\Family\Desktop\MVTInstaller.exe
[2011/07/05 01:32:58 | 000,000,000 | ---D | C] -- I:\Users\Admin\AppData\Roaming\McAfee
[2011/07/05 01:29:12 | 000,000,000 | ---D | C] -- I:\Users\Family\AppData\Local\{51AA2A4C-46C2-4BAA-9CF9-657EB929BCFA}
[2011/07/05 01:28:01 | 000,000,000 | ---D | C] -- I:\Users\Family\AppData\Roaming\Avira
[2011/07/05 01:26:14 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/07/05 01:26:01 | 000,123,784 | ---- | C] (Avira GmbH) -- I:\Windows\System32\drivers\avipbb.sys
[2011/07/05 01:26:01 | 000,088,288 | ---- | C] (Avira GmbH) -- I:\Windows\System32\drivers\avgntflt.sys
[2011/07/05 01:26:01 | 000,000,000 | ---D | C] -- I:\ProgramData\Avira
[2011/07/05 01:26:01 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Avira
[2011/07/04 14:04:01 | 000,000,000 | ---D | C] -- I:\Users\Family\Desktop\Outlook Express
[2011/07/04 13:02:11 | 000,000,000 | -H-D | C] -- I:\Users\Family\AppData\Local\{F070EBD6-5BD3-4BA0-8165-C874760CFD30}
[2011/07/04 12:51:51 | 000,000,000 | -H-D | C] -- I:\Users\Family\AppData\Local\{ADCDEFBA-AB72-4524-A79D-3A58204EDEB1}
[2011/06/29 20:44:38 | 002,315,776 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\tquery.dll
[2011/06/29 20:44:38 | 002,223,616 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mssrch.dll
[2011/06/29 20:44:38 | 001,549,312 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\tquery.dll
[2011/06/29 20:44:38 | 001,401,344 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mssrch.dll
[2011/06/29 20:44:38 | 000,491,520 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mssph.dll
[2011/06/29 20:44:38 | 000,337,408 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mssph.dll
[2011/06/29 20:44:38 | 000,249,856 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\SearchProtocolHost.exe
[2011/06/29 20:44:37 | 000,778,752 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mssvp.dll
[2011/06/29 20:44:37 | 000,666,624 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mssvp.dll
[2011/06/29 20:44:37 | 000,288,256 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mssphtb.dll
[2011/06/29 20:44:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mssphtb.dll
[2011/06/29 20:44:37 | 000,113,664 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\SearchFilterHost.exe
[2011/06/29 20:44:37 | 000,075,264 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msscntrs.dll
[2011/06/29 20:44:37 | 000,059,392 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msscntrs.dll
[2011/06/29 06:57:44 | 000,000,000 | ---D | C] -- I:\Windows\System32\SPReview
[2011/06/29 06:57:23 | 000,000,000 | ---D | C] -- I:\Windows\System32\EventProviders
[2011/06/29 05:57:07 | 000,252,928 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\drvinst.exe
[2011/06/29 05:57:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\devrtl.dll
[2011/06/26 13:10:46 | 000,000,000 | -H-D | C] -- I:\Users\Family\AppData\Local\{F93D4643-F8B0-4868-9BB9-7C3A3D54F382}
[2011/06/26 13:10:46 | 000,000,000 | -H-D | C] -- I:\Users\Family\AppData\Local\{3496612F-567C-4CF6-898D-CAC64793D8D8}
[2011/06/26 13:10:30 | 000,000,000 | -H-D | C] -- I:\Users\Family\AppData\Roaming\Windows Live Writer
[2011/06/26 13:10:30 | 000,000,000 | -H-D | C] -- I:\Users\Family\AppData\Local\Windows Live Writer
[2011/06/18 20:41:37 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Common Files\Adobe
[2011/06/16 16:55:16 | 000,288,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/06/16 16:55:02 | 000,702,464 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeeds.dll
[2011/06/16 16:55:02 | 000,599,552 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msfeeds.dll
[2011/06/16 16:55:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll
[2011/06/16 16:55:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieui.dll
[2011/06/16 16:54:42 | 000,321,024 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\d3d10_1core.dll
[2011/06/16 16:54:42 | 000,219,136 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\d3d10_1core.dll
[2011/06/16 16:54:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\d3d10_1.dll
[2011/06/16 16:54:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\d3d10_1.dll
[2011/06/16 16:54:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\oleaut32.dll
[2010/01/23 21:49:59 | 008,656,832 | ---- | C] (Dell, Inc. ) -- I:\Users\Family\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011/07/16 08:22:22 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2011/07/16 08:22:00 | 000,000,422 | ---- | M] () -- I:\Windows\tasks\SystemToolsDailyTest.job
[2011/07/16 08:17:00 | 000,000,564 | ---- | M] () -- I:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/07/16 08:11:51 | 000,001,690 | ---- | M] () -- I:\Windows\tasks\wrSpySweeper_L46DF4DDEB97E4AE1AEBFFB70CE48B877.job
[2011/07/16 00:56:32 | 000,000,064 | ---- | M] () -- I:\Windows\SysWow64\rp_stats.dat
[2011/07/16 00:56:32 | 000,000,044 | ---- | M] () -- I:\Windows\SysWow64\rp_rules.dat
[2011/07/16 00:54:15 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/07/16 00:53:44 | 1066,651,646 | -HS- | M] () -- I:\hiberfil.sys
[2011/07/15 20:01:51 | 000,014,256 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 20:01:51 | 000,014,256 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 12:12:04 | 098,075,831 | ---- | M] (Igor Pavlov) -- I:\Users\Family\Desktop\OTLPEStd.exe
[2011/07/14 19:58:11 | 000,080,384 | ---- | M] () -- I:\Users\Family\Desktop\MBRCheck.exe
[2011/07/14 16:34:00 | 613,514,828 | ---- | M] () -- I:\Windows\MEMORY.DMP
[2011/07/14 14:58:05 | 004,152,661 | R--- | M] (Swearware) -- I:\Users\Family\Desktop\ComboFix.exe
[2011/07/14 14:43:06 | 001,383,430 | ---- | M] () -- I:\Users\Family\Desktop\tdsskiller.zip
[2011/07/14 10:43:35 | 000,000,959 | ---- | M] () -- I:\Users\Family\Desktop\aswMBR Log 071411.lnk
[2011/07/14 10:12:56 | 000,000,512 | ---- | M] () -- I:\Users\Admin\Desktop\MBR.dat
[2011/07/14 09:03:38 | 000,623,940 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2011/07/14 09:03:38 | 000,106,316 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2011/07/14 07:44:02 | 001,905,664 | ---- | M] (AVAST Software) -- I:\Users\Family\Desktop\aswMBR.exe
[2011/07/13 22:39:37 | 000,000,022 | ---- | M] () -- I:\Users\Family\Desktop\stinger10.2.0.164.opt
[2011/07/10 09:01:43 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/07/08 20:35:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- I:\Users\Family\Desktop\OTL by OldTimer.exe
[2011/07/08 20:04:38 | 000,014,619 | ---- | M] () -- I:\Users\Family\Desktop\HiJackThis Log File_070811
[2011/07/08 19:18:11 | 000,002,981 | ---- | M] () -- I:\Users\Family\Desktop\HiJackThis.lnk
[2011/07/08 19:17:18 | 001,402,880 | ---- | M] () -- I:\Users\Family\Desktop\HijackThis.msi
[2011/07/08 19:11:53 | 001,402,880 | ---- | M] () -- I:\Users\Admin\Desktop\HijackThis.msi
[2011/07/08 18:14:52 | 000,001,115 | ---- | M] () -- I:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/08 18:14:52 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/08 18:13:33 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- I:\Users\Admin\Desktop\Malwarebytes-setup-1.51.0.1200.exe
[2011/07/07 21:48:35 | 070,237,752 | ---- | M] () -- I:\Users\Family\Desktop\CureIt! Dr. Web.exe
[2011/07/07 17:33:45 | 006,918,464 | ---- | M] (McAfee Inc.) -- I:\Users\Family\Desktop\stinger10.2.0.164.exe
[2011/07/06 19:53:59 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/07/06 19:49:57 | 090,660,504 | ---- | M] (Advanced Micro Devices, Inc.) -- I:\Users\Family\Desktop\11-6_vista64_win7_64_dd_ccc_ocl.exe
[2011/07/06 19:14:40 | 000,002,022 | ---- | M] () -- I:\Users\Public\Desktop\Spy Sweeper.lnk
[2011/07/06 19:14:39 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2011/07/06 19:12:07 | 000,017,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- I:\Windows\System32\SsiEfr.exe
[2011/07/06 19:12:03 | 000,000,164 | ---- | M] () -- I:\Windows\install.dat
[2011/07/06 19:09:04 | 046,952,384 | ---- | M] (Webroot Software, Inc. ) -- I:\Users\Family\Desktop\SpySweeperRegSetup_EN.exe
[2011/07/06 09:01:39 | 000,123,784 | ---- | M] (Avira GmbH) -- I:\Windows\System32\drivers\avipbb.sys
[2011/07/06 09:01:39 | 000,088,288 | ---- | M] (Avira GmbH) -- I:\Windows\System32\drivers\avgntflt.sys
[2011/07/05 19:48:30 | 000,055,384 | ---- | M] (Sunbelt Software) -- I:\Windows\System32\drivers\SBREDrv.sys
[2011/07/05 19:48:27 | 000,016,432 | ---- | M] () -- I:\Windows\System32\lsdelete.exe
[2011/07/05 19:42:24 | 000,001,062 | ---- | M] () -- I:\Users\Public\Desktop\Ad-Aware.lnk
[2011/07/05 19:42:15 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/07/05 19:40:24 | 010,145,792 | ---- | M] () -- I:\Users\Family\Desktop\Ad-Aware90Install.msi
[2011/07/05 01:36:45 | 000,002,158 | ---- | M] () -- I:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2011/07/05 01:36:11 | 000,002,168 | ---- | M] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/05 01:35:41 | 000,458,096 | ---- | M] (McAfee Inc.) -- I:\Users\Family\Desktop\MVTInstaller.exe
[2011/07/05 01:26:14 | 000,002,072 | ---- | M] () -- I:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/07/05 01:26:14 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/07/05 01:16:42 | 000,000,000 | R--D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/07/05 01:16:42 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/07/05 01:16:42 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
[2011/07/05 01:16:42 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2011/07/05 01:14:39 | 000,000,000 | R--D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2011/07/05 01:14:39 | 000,000,000 | R--D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/07/05 01:14:38 | 000,000,000 | R--D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/07/05 01:14:38 | 000,000,000 | R--D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/07/05 01:13:53 | 000,000,000 | R--D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/07/05 01:13:53 | 000,000,000 | R--D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011/07/05 01:13:53 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier
[2011/07/05 01:13:53 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/07/05 01:13:53 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netwaiting
[2011/07/05 01:13:53 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modem Diagnostic Tool
[2011/07/05 01:13:53 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/05 01:13:53 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2011/07/05 01:13:53 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/07/05 01:13:53 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2011/07/05 01:13:52 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX870 series Manual
[2011/07/05 01:04:13 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center
[2011/07/05 01:04:11 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/07/04 23:06:38 | 000,000,040 | -H-- | M] () -- I:\ProgramData\~37019384
[2011/07/04 17:17:05 | 000,847,320 | ---- | M] () -- I:\Users\Family\Desktop\JD BSA Medical Form_2011.pdf
[2011/06/30 03:17:30 | 000,465,008 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT
[2011/06/29 20:47:00 | 000,000,564 | ---- | M] () -- I:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/06/29 07:04:19 | 000,175,616 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\msclmd.dll
[2011/06/29 07:04:19 | 000,152,576 | ---- | M] (Microsoft Corporation) -- I:\Windows\SysWow64\msclmd.dll
[2011/06/20 10:31:32 | 000,069,376 | ---- | M] (Lavasoft AB) -- I:\Windows\System32\drivers\Lbd.sys
[2011/06/18 20:41:43 | 000,002,441 | ---- | M] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/18 20:41:43 | 000,002,021 | ---- | M] () -- I:\Users\Public\Desktop\Adobe Reader X.lnk

========== Files Created - No Company Name ==========

[2011/07/14 19:58:07 | 000,080,384 | ---- | C] () -- I:\Users\Family\Desktop\MBRCheck.exe
[2011/07/14 10:40:14 | 000,000,959 | ---- | C] () -- I:\Users\Family\Desktop\aswMBR Log 071411.lnk
[2011/07/14 10:12:56 | 000,000,512 | ---- | C] () -- I:\Users\Admin\Desktop\MBR.dat
[2011/07/08 20:04:38 | 000,014,619 | ---- | C] () -- I:\Users\Family\Desktop\HiJackThis Log File_070811
[2011/07/08 19:42:54 | 000,000,064 | ---- | C] () -- I:\Windows\SysWow64\rp_stats.dat
[2011/07/08 19:42:54 | 000,000,044 | ---- | C] () -- I:\Windows\SysWow64\rp_rules.dat
[2011/07/08 19:18:11 | 000,002,981 | ---- | C] () -- I:\Users\Family\Desktop\HiJackThis.lnk
[2011/07/08 19:17:14 | 001,402,880 | ---- | C] () -- I:\Users\Family\Desktop\HijackThis.msi
[2011/07/08 19:11:45 | 001,402,880 | ---- | C] () -- I:\Users\Admin\Desktop\HijackThis.msi
[2011/07/08 18:14:52 | 000,001,115 | ---- | C] () -- I:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/07 21:48:24 | 070,237,752 | ---- | C] () -- I:\Users\Family\Desktop\CureIt! Dr. Web.exe
[2011/07/07 19:49:20 | 001,383,430 | ---- | C] () -- I:\Users\Family\Desktop\tdsskiller.zip
[2011/07/07 19:48:16 | 000,000,022 | ---- | C] () -- I:\Users\Family\Desktop\stinger10.2.0.164.opt
[2011/07/06 19:23:41 | 000,001,690 | ---- | C] () -- I:\Windows\tasks\wrSpySweeper_L46DF4DDEB97E4AE1AEBFFB70CE48B877.job
[2011/07/06 19:20:06 | 613,514,828 | ---- | C] () -- I:\Windows\MEMORY.DMP
[2011/07/06 19:14:40 | 000,002,022 | ---- | C] () -- I:\Users\Public\Desktop\Spy Sweeper.lnk
[2011/07/06 17:46:16 | 000,000,164 | ---- | C] () -- I:\Windows\install.dat
[2011/07/05 22:57:26 | 000,016,432 | ---- | C] () -- I:\Windows\System32\lsdelete.exe
[2011/07/05 19:42:24 | 000,001,062 | ---- | C] () -- I:\Users\Public\Desktop\Ad-Aware.lnk
[2011/07/05 19:40:24 | 010,145,792 | ---- | C] () -- I:\Users\Family\Desktop\Ad-Aware90Install.msi
[2011/07/05 01:32:55 | 000,002,158 | ---- | C] () -- I:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2011/07/05 01:32:37 | 000,002,168 | ---- | C] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/05 01:26:14 | 000,002,072 | ---- | C] () -- I:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/07/04 23:06:38 | 000,000,040 | -H-- | C] () -- I:\ProgramData\~37019384
[2011/07/04 16:51:28 | 000,847,320 | ---- | C] () -- I:\Users\Family\Desktop\JD BSA Medical Form_2011.pdf
[2011/06/29 19:17:30 | 000,000,564 | ---- | C] () -- I:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/06/18 20:41:43 | 000,002,441 | ---- | C] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/18 20:41:43 | 000,002,021 | ---- | C] () -- I:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/09 07:25:22 | 000,252,928 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- I:\Windows\SysWow64\OVDecode.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- I:\Windows\SysWow64\atipblag.dat
[2010/11/15 17:52:18 | 000,003,584 | ---- | C] () -- I:\Users\Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/30 22:40:32 | 000,215,179 | ---- | C] () -- I:\Windows\hpwins12.dat
[2010/05/30 22:40:32 | 000,000,731 | ---- | C] () -- I:\Windows\hpwmdl12.dat
[2010/02/16 18:47:00 | 000,000,731 | ---- | C] () -- I:\Windows\hpwmdl12.dat.temp
[2010/02/15 14:06:50 | 000,004,216 | -H-- | C] () -- I:\Users\Family\AppData\Local\rx_audio.Cache
[2010/02/06 19:42:00 | 000,000,144 | -H-- | C] () -- I:\Users\Family\AppData\Local\rx_image32.Cache
[2010/01/25 13:51:05 | 000,000,036 | -H-- | C] () -- I:\Users\Family\AppData\Roaming\MTScdAgt.dat
[2010/01/08 22:14:42 | 000,000,000 | ---- | C] () -- I:\Windows\ativpsrm.bin
[2010/01/08 20:20:58 | 000,148,480 | ---- | C] () -- I:\Windows\SysWow64\APOMngr.DLL
[2010/01/08 20:20:58 | 000,073,728 | ---- | C] () -- I:\Windows\SysWow64\CmdRtr.DLL
[2010/01/08 20:20:55 | 000,001,436 | ---- | C] () -- I:\Windows\CfgHPSp.ini
[2010/01/08 20:20:55 | 000,001,434 | ---- | C] () -- I:\Windows\Cfg05Sp.ini
[2010/01/08 20:20:55 | 000,001,434 | ---- | C] () -- I:\Windows\Cfg04Sp.ini
[2010/01/08 20:20:55 | 000,001,091 | ---- | C] () -- I:\Windows\Cfg03Sp.ini
[2010/01/08 20:20:55 | 000,001,091 | ---- | C] () -- I:\Windows\Cfg02Sp.ini
[2010/01/08 20:20:55 | 000,001,000 | ---- | C] () -- I:\Windows\Cfg01Sp.ini
[2010/01/08 20:20:55 | 000,000,932 | ---- | C] () -- I:\Windows\CfgHPHp.ini
[2010/01/08 20:20:55 | 000,000,932 | ---- | C] () -- I:\Windows\CfgHPDO.ini
[2010/01/08 20:20:55 | 000,000,932 | ---- | C] () -- I:\Windows\Cfg05DO.ini
[2010/01/08 20:20:55 | 000,000,932 | ---- | C] () -- I:\Windows\Cfg04DO.ini
[2010/01/08 20:20:55 | 000,000,930 | ---- | C] () -- I:\Windows\Cfg05Hp.ini
[2010/01/08 20:20:55 | 000,000,930 | ---- | C] () -- I:\Windows\Cfg04Hp.ini
[2010/01/08 20:20:55 | 000,000,818 | ---- | C] () -- I:\Windows\Cfg01APR.ini
[2010/01/08 20:20:55 | 000,000,725 | ---- | C] () -- I:\Windows\Cfg03Hp.ini
[2010/01/08 20:20:55 | 000,000,725 | ---- | C] () -- I:\Windows\Cfg03DO.ini
[2010/01/08 20:20:55 | 000,000,725 | ---- | C] () -- I:\Windows\Cfg02Hp.ini
[2010/01/08 20:20:55 | 000,000,725 | ---- | C] () -- I:\Windows\Cfg02DO.ini
[2010/01/08 20:20:55 | 000,000,725 | ---- | C] () -- I:\Windows\Cfg01Hp.ini
[2010/01/08 20:20:55 | 000,000,725 | ---- | C] () -- I:\Windows\Cfg01DO.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\CfgHPRMi.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\CfgHPRLI.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\CfgHPFMi.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\CfgHPDI.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg05RMi.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg05RLI.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg05FMi.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg05DI.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg04RMi.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg04RLI.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg04FMi.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg04DI.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg03RMi.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg03RLI.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg03FMi.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg03DI.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg02RMi.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg02RLI.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg02FMi.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg02DI.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg01Mic.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg01LI.ini
[2010/01/08 20:20:55 | 000,000,453 | ---- | C] () -- I:\Windows\Cfg01DI.ini
[2009/08/26 06:29:28 | 000,150,016 | ---- | C] () -- I:\Windows\SysWow64\OemSpiE.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- I:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- I:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data
[2011/07/05 01:13:48 | 000,000,000 | ---D | M] -- I:\ProgramData\CanonIJEGV
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites
[2011/07/05 01:04:14 | 000,000,000 | ---D | M] -- I:\ProgramData\PCDr
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates
[2011/07/05 01:04:17 | 000,000,000 | ---D | M] -- I:\ProgramData\Uninstall
[2011/06/29 20:47:00 | 000,000,564 | ---- | M] () -- I:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/07/16 08:17:00 | 000,000,564 | ---- | M] () -- I:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 01:08:49 | 000,030,424 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/16 08:22:00 | 000,000,422 | ---- | M] () -- I:\Windows\Tasks\SystemToolsDailyTest.job
[2011/07/16 08:11:51 | 000,001,690 | ---- | M] () -- I:\Windows\Tasks\wrSpySweeper_L46DF4DDEB97E4AE1AEBFFB70CE48B877.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> I:\Users\Family\Documents\Slideshow.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> I:\Users\Family\Documents\AOL Titles.jpg:Roxio EMC Stream
< End of report >
  • 0

#19
ali.B
Posted 16 July 2011 - 08:00 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Boot again from the CD

Double click on the OTLPE icon.

Under the Custom Scans/Fixes box paste the contents of Fix.txt

Click on the Run Fix button

Reboot when it done.

Next

Boot from the CD

Double click on MBRFix icon

enter this command and hit Enter

MBRFix /drive 1 fixmbr /win7

Reboot into normal mode and let me know it went

Attached Files

  • Attached File  Fix.txt   1.33KB   128 downloads

  • 0

#20
dipaoj
Posted 16 July 2011 - 09:04 AM

dipaoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Ran OTLPE with Fix.txt file and MBRFix for drive 1 (secondary hard drive) but am still getting Google pop-ups and Bing re-directs. (ATI Catalyst Control Center is also still not working, but could this be a separate problem?) Should I have run MBRFix on drive 0, the OS drive, as well?
I appreciate your on-going help, and am sorry this seems to be becoming a second career.
  • 0

#21
ali.B
Posted 16 July 2011 - 09:17 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

did the /drive 1 command worked with no errors?

try again with /drive 0.

Then reboot from Safe mode and try MBRCheck.exe from there.
  • 0

#22
dipaoj
Posted 16 July 2011 - 04:31 PM

dipaoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
I did not get an error message when running MBRFix on either drive. I could only get it to run by omitting the space after the drive # when executing "MBRFix /drive#fixmbr /win7" - was that correct or should I have included a space? I saved the results of running it on each drive and can post them if necessary. When I ran MBRCheck, I again got a window displaying "Physical Drive0 MBR Code Faked! Physical Drive1 MBR Code Faked! Found non-standard or infected MBR." When I pressed "N" it displayed "Done! Press ENTER to exit . . ." which I did and the window closed without producing a report.

I am still getting Google pop-ups and ATI Catalyst Control Center is not working, but the good news is that Bing re-directs seem to have stopped.
  • 0

#23
ali.B
Posted 17 July 2011 - 02:54 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

delete your current copy of TDSSKiller, its been updated

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#24
dipaoj
Posted 17 July 2011 - 07:35 AM

dipaoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Hi ali.B

Ran updated version of TDSSKiller and it did not find an infection. Here is the log file anyway:

2011/07/17 09:27:39.0704 2104 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/17 09:27:40.0003 2104 ================================================================================
2011/07/17 09:27:40.0003 2104 SystemInfo:
2011/07/17 09:27:40.0003 2104
2011/07/17 09:27:40.0003 2104 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/17 09:27:40.0003 2104 Product type: Workstation
2011/07/17 09:27:40.0003 2104 ComputerName: FAMILY-PC
2011/07/17 09:27:40.0003 2104 UserName: Admin
2011/07/17 09:27:40.0003 2104 Windows directory: C:\Windows
2011/07/17 09:27:40.0003 2104 System windows directory: C:\Windows
2011/07/17 09:27:40.0003 2104 Running under WOW64
2011/07/17 09:27:40.0003 2104 Processor architecture: Intel x64
2011/07/17 09:27:40.0003 2104 Number of processors: 8
2011/07/17 09:27:40.0003 2104 Page size: 0x1000
2011/07/17 09:27:40.0003 2104 Boot type: Normal boot
2011/07/17 09:27:40.0003 2104 ================================================================================
2011/07/17 09:27:40.0443 2104 Initialize success
2011/07/17 09:27:43.0551 2956 ================================================================================
2011/07/17 09:27:43.0551 2956 Scan started
2011/07/17 09:27:43.0551 2956 Mode: Manual;
2011/07/17 09:27:43.0551 2956 ================================================================================
2011/07/17 09:27:44.0419 2956 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/07/17 09:27:44.0516 2956 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
2011/07/17 09:27:44.0660 2956 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/17 09:27:44.0750 2956 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/17 09:27:44.0907 2956 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/17 09:27:44.0985 2956 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/17 09:27:45.0048 2956 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/17 09:27:45.0175 2956 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/17 09:27:45.0284 2956 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/17 09:27:45.0349 2956 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/17 09:27:45.0379 2956 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/17 09:27:45.0508 2956 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/17 09:27:45.0974 2956 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/17 09:27:46.0195 2956 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/07/17 09:27:46.0238 2956 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/17 09:27:46.0291 2956 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/07/17 09:27:46.0365 2956 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/17 09:27:46.0398 2956 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/07/17 09:27:46.0542 2956 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/17 09:27:46.0626 2956 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/17 09:27:46.0656 2956 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/17 09:27:46.0695 2956 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/17 09:27:46.0748 2956 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/17 09:27:46.0812 2956 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
2011/07/17 09:27:46.0887 2956 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
2011/07/17 09:27:46.0930 2956 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
2011/07/17 09:27:47.0107 2956 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/17 09:27:47.0205 2956 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
2011/07/17 09:27:47.0274 2956 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/17 09:27:47.0321 2956 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/17 09:27:47.0395 2956 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/17 09:27:47.0469 2956 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/17 09:27:47.0519 2956 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/17 09:27:47.0578 2956 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/17 09:27:47.0622 2956 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/17 09:27:47.0649 2956 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/17 09:27:47.0673 2956 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/17 09:27:47.0717 2956 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/17 09:27:47.0753 2956 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/17 09:27:47.0789 2956 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/17 09:27:47.0813 2956 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/17 09:27:47.0836 2956 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/17 09:27:47.0898 2956 CAXHWBS2 (46f088d1247e825b313200254edd9e5b) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
2011/07/17 09:27:47.0936 2956 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/17 09:27:47.0993 2956 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/07/17 09:27:48.0094 2956 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
2011/07/17 09:27:48.0153 2956 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/17 09:27:48.0196 2956 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/17 09:27:48.0245 2956 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/17 09:27:48.0299 2956 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/17 09:27:48.0344 2956 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/17 09:27:48.0380 2956 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/17 09:27:48.0441 2956 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/17 09:27:48.0499 2956 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/17 09:27:48.0617 2956 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/07/17 09:27:48.0695 2956 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/17 09:27:48.0721 2956 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/17 09:27:48.0791 2956 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/17 09:27:48.0862 2956 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/17 09:27:48.0910 2956 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
2011/07/17 09:27:48.0999 2956 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/17 09:27:49.0034 2956 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/17 09:27:49.0079 2956 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/17 09:27:49.0237 2956 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/17 09:27:49.0379 2956 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/17 09:27:49.0450 2956 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/17 09:27:49.0512 2956 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/17 09:27:49.0548 2956 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/17 09:27:49.0584 2956 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/17 09:27:49.0615 2956 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/17 09:27:49.0635 2956 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/17 09:27:49.0662 2956 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/17 09:27:49.0703 2956 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/17 09:27:49.0730 2956 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/17 09:27:49.0747 2956 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/17 09:27:49.0799 2956 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/17 09:27:49.0830 2956 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/17 09:27:49.0874 2956 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/17 09:27:49.0933 2956 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/07/17 09:27:50.0014 2956 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/17 09:27:50.0034 2956 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/17 09:27:50.0067 2956 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/17 09:27:50.0093 2956 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/17 09:27:50.0140 2956 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/07/17 09:27:50.0232 2956 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/17 09:27:50.0337 2956 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/07/17 09:27:50.0403 2956 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/17 09:27:50.0458 2956 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/17 09:27:50.0496 2956 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/07/17 09:27:50.0566 2956 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/17 09:27:50.0602 2956 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/07/17 09:27:50.0682 2956 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/17 09:27:50.0716 2956 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/17 09:27:50.0757 2956 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/17 09:27:50.0810 2956 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/17 09:27:50.0870 2956 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/17 09:27:50.0935 2956 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/17 09:27:50.0956 2956 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/17 09:27:50.0993 2956 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/17 09:27:51.0037 2956 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/17 09:27:51.0120 2956 JRAID (71235f7baa7e5e79d38157df7a0f806a) C:\Windows\system32\DRIVERS\jraid.sys
2011/07/17 09:27:51.0189 2956 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/07/17 09:27:51.0237 2956 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/07/17 09:27:51.0337 2956 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/17 09:27:51.0397 2956 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/17 09:27:51.0424 2956 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/17 09:27:51.0525 2956 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
2011/07/17 09:27:51.0569 2956 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
2011/07/17 09:27:51.0613 2956 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/17 09:27:51.0646 2956 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/17 09:27:51.0677 2956 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/17 09:27:51.0707 2956 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/17 09:27:51.0737 2956 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/17 09:27:51.0769 2956 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/17 09:27:51.0864 2956 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/17 09:27:51.0890 2956 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/17 09:27:51.0921 2956 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/17 09:27:51.0969 2956 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
2011/07/17 09:27:52.0014 2956 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
2011/07/17 09:27:52.0087 2956 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
2011/07/17 09:27:52.0178 2956 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
2011/07/17 09:27:52.0227 2956 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/07/17 09:27:52.0258 2956 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
2011/07/17 09:27:52.0296 2956 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
2011/07/17 09:27:52.0354 2956 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/17 09:27:52.0404 2956 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/17 09:27:52.0458 2956 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/07/17 09:27:52.0488 2956 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/17 09:27:52.0543 2956 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/17 09:27:52.0639 2956 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/17 09:27:52.0702 2956 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/17 09:27:52.0743 2956 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/17 09:27:52.0822 2956 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/17 09:27:52.0849 2956 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/17 09:27:52.0876 2956 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/17 09:27:52.0917 2956 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/17 09:27:52.0991 2956 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/17 09:27:53.0101 2956 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
2011/07/17 09:27:53.0126 2956 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/17 09:27:53.0162 2956 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/17 09:27:53.0206 2956 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/17 09:27:53.0253 2956 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/17 09:27:53.0277 2956 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/17 09:27:53.0296 2956 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/17 09:27:53.0341 2956 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/17 09:27:53.0379 2956 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/07/17 09:27:53.0405 2956 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/17 09:27:53.0436 2956 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/17 09:27:53.0462 2956 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/17 09:27:53.0501 2956 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/17 09:27:53.0573 2956 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/07/17 09:27:53.0655 2956 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/17 09:27:53.0687 2956 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/17 09:27:53.0731 2956 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/17 09:27:53.0772 2956 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/17 09:27:53.0829 2956 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/17 09:27:53.0901 2956 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/17 09:27:53.0942 2956 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/17 09:27:53.0981 2956 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/17 09:27:54.0011 2956 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/17 09:27:54.0033 2956 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/17 09:27:54.0174 2956 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/07/17 09:27:54.0234 2956 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/17 09:27:54.0276 2956 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/07/17 09:27:54.0350 2956 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/07/17 09:27:54.0427 2956 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/17 09:27:54.0466 2956 OA002Afx (226d2c0e1aa9040646d6b158fd344046) C:\Windows\system32\Drivers\OA002Afx.sys
2011/07/17 09:27:54.0553 2956 OA002Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA002Ufd.sys
2011/07/17 09:27:54.0626 2956 OA002Vid (2ce066adca145892715f1df163d879da) C:\Windows\system32\DRIVERS\OA002Vid.sys
2011/07/17 09:27:54.0698 2956 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/17 09:27:54.0738 2956 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/17 09:27:54.0787 2956 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/17 09:27:54.0831 2956 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/17 09:27:54.0883 2956 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/17 09:27:54.0958 2956 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/17 09:27:54.0997 2956 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/17 09:27:55.0030 2956 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/17 09:27:55.0146 2956 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/17 09:27:55.0174 2956 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/17 09:27:55.0227 2956 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/17 09:27:55.0269 2956 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/17 09:27:55.0351 2956 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/17 09:27:55.0414 2956 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/17 09:27:55.0450 2956 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/17 09:27:55.0493 2956 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/17 09:27:55.0530 2956 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/17 09:27:55.0579 2956 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/17 09:27:55.0608 2956 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/17 09:27:55.0625 2956 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/17 09:27:55.0650 2956 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/17 09:27:55.0675 2956 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/17 09:27:55.0693 2956 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/17 09:27:55.0738 2956 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/07/17 09:27:55.0763 2956 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/17 09:27:55.0789 2956 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/17 09:27:55.0838 2956 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/17 09:27:55.0939 2956 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/17 09:27:55.0999 2956 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/17 09:27:56.0052 2956 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
2011/07/17 09:27:56.0094 2956 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/07/17 09:27:56.0136 2956 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/07/17 09:27:56.0209 2956 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/17 09:27:56.0284 2956 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/17 09:27:56.0329 2956 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/17 09:27:56.0364 2956 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/17 09:27:56.0408 2956 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/17 09:27:56.0452 2956 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/17 09:27:56.0547 2956 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/07/17 09:27:56.0610 2956 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/17 09:27:56.0642 2956 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/17 09:27:56.0702 2956 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/17 09:27:56.0742 2956 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/17 09:27:56.0768 2956 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/17 09:27:56.0800 2956 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/17 09:27:56.0831 2956 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/17 09:27:56.0888 2956 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/17 09:27:56.0943 2956 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/17 09:27:57.0004 2956 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/17 09:27:57.0038 2956 ssfs0bbc (ad47a64046ddbc23a54d7c5cbc22db94) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
2011/07/17 09:27:57.0076 2956 ssidrv (4f5f30eed40cf4b4bd22f07902133ed7) C:\Windows\system32\DRIVERS\ssidrv.sys
2011/07/17 09:27:57.0101 2956 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/17 09:27:57.0179 2956 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/07/17 09:27:57.0223 2956 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/07/17 09:27:57.0293 2956 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/07/17 09:27:57.0364 2956 t3 (6b153e518dbe6ef59191152e1ecf7ed4) C:\Windows\system32\drivers\t3.sys
2011/07/17 09:27:57.0445 2956 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/17 09:27:57.0533 2956 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/17 09:27:57.0599 2956 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/17 09:27:57.0639 2956 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/17 09:27:57.0660 2956 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/17 09:27:57.0718 2956 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/17 09:27:57.0807 2956 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/07/17 09:27:57.0906 2956 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/17 09:27:57.0965 2956 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/17 09:27:58.0013 2956 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/17 09:27:58.0069 2956 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/17 09:27:58.0117 2956 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/17 09:27:58.0202 2956 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/17 09:27:58.0246 2956 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/07/17 09:27:58.0310 2956 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/17 09:27:58.0359 2956 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/07/17 09:27:58.0430 2956 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/17 09:27:58.0479 2956 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/17 09:27:58.0530 2956 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/17 09:27:58.0581 2956 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/17 09:27:58.0621 2956 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/07/17 09:27:58.0684 2956 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/17 09:27:58.0728 2956 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/17 09:27:58.0793 2956 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/17 09:27:58.0850 2956 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/17 09:27:58.0947 2956 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/17 09:27:58.0980 2956 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/17 09:27:59.0005 2956 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/17 09:27:59.0048 2956 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/17 09:27:59.0125 2956 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/17 09:27:59.0175 2956 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/07/17 09:27:59.0215 2956 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/07/17 09:27:59.0290 2956 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/17 09:27:59.0332 2956 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/17 09:27:59.0383 2956 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/17 09:27:59.0441 2956 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/17 09:27:59.0478 2956 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/17 09:27:59.0494 2956 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/17 09:27:59.0521 2956 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/07/17 09:27:59.0555 2956 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/17 09:27:59.0594 2956 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/17 09:27:59.0616 2956 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/17 09:27:59.0655 2956 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/17 09:27:59.0696 2956 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/17 09:27:59.0750 2956 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/17 09:27:59.0779 2956 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/07/17 09:27:59.0841 2956 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/17 09:27:59.0888 2956 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/07/17 09:27:59.0957 2956 WINUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.SYS
2011/07/17 09:28:00.0037 2956 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/17 09:28:00.0082 2956 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/17 09:28:00.0145 2956 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/17 09:28:00.0181 2956 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/17 09:28:00.0217 2956 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
2011/07/17 09:28:00.0300 2956 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
2011/07/17 09:28:00.0369 2956 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/07/17 09:28:00.0399 2956 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk1\DR1
2011/07/17 09:28:00.0407 2956 Boot (0x1200) (181aeb6cfc7f1851b6979776d97839ab) \Device\Harddisk0\DR0\Partition0
2011/07/17 09:28:00.0421 2956 Boot (0x1200) (b9b4991b116acd1888110f01d6a2fb67) \Device\Harddisk0\DR0\Partition1
2011/07/17 09:28:00.0431 2956 Boot (0x1200) (c1dda9351d5bd80177c917378587d68b) \Device\Harddisk1\DR1\Partition0
2011/07/17 09:28:00.0437 2956 ================================================================================
2011/07/17 09:28:00.0437 2956 Scan finished
2011/07/17 09:28:00.0437 2956 ================================================================================
2011/07/17 09:28:00.0445 1896 Detected object count: 0
2011/07/17 09:28:00.0445 1896 Actual detected object count: 0
  • 0

#25
ali.B
Posted 17 July 2011 - 12:37 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

lets try something different.

Download GETxPUD.exe to the desktop
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Make sure both the USB and CD are inserted
  • Boot the computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type testdisk/testdisk_static
  • Press Enter

The first screen will present log options - press Enter to continue.

Posted Image

TestDisk will scan the system and show drive information.
If more than 1 drive, select the correct drive, make sure [Proceed] is selected then press Enter to continue.

Posted Image

Select [Intel] partiton and press Enter to continue.

Posted Image

Select [MBR Code] and press Enter to continue.

Posted Image

Type Y when prompted to write a new mbr code to the first sector, then confirm at the next screen by typing Y again.

Posted Image

Press Q repeatedly until TestDisk exits then reboot.
  • 0

Advertisements

#26
dipaoj
Posted 17 July 2011 - 07:24 PM

dipaoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
I was able to create the boot CD and got the xPUD screen.

However, I then got a screen with a series of error messages saying things like "Spurious report Fatal server error: no screens found;" "ddxSig Giveup: Closing log;" "[4.953327] usb 1-1.1: devise descriptor read /64, error -32;" "[5.535674] usb 1-1.1: device not accepting address 6, error -32;" [6.014471] device not accepting address 7, error -32;" [6.014677] hub 1-1:1.0: unable to engage USB device on port 1;" "Err #2 unable to connect to x server;" "Err #3 server error bad display name "(none): cd" in "remove" command;" "no job control in this shell" etc.
  • 0

#27
ali.B
Posted 18 July 2011 - 04:09 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

You will have to create a Windows 7 recovery CD

See Here

Boot from the CD

you will presented with the following screen

Posted Image

Click on the Command Prompt

Type this command and hit Enter.

Bootrec.exe /FixMbr

Once finished type Exit and hit enter.

Click on Restart to reboot your system.

Let me know how it goes.
  • 0

#28
dipaoj
Posted 18 July 2011 - 06:46 PM

dipaoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Hi ali.B,

I created the Win 7 recovery CD as instructed and booted from it at the commmand prompt "x:\windows\system32." When I ran Bootrec.exe I received "The operation completed successfully." However, when I rebooted I got a "Windows Error Recovery" window and the message "Windows failed to start - Recent hardware or software changes may be the cause." I selected "Start Windows Normally" and the computer rebooted. When I selected "Launch Startup Repair" it returned "Startup Repair cannot repair this computer automatically." I cannot boot normally at all now.
  • 0

#29
ali.B
Posted 19 July 2011 - 01:09 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
did you type this command:

Bootrec.exe /FixMbr

?

Try Last known good configuration option.
  • 0

#30
dipaoj
Posted 19 July 2011 - 06:37 AM

dipaoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Yes, and I got "The operation completed successfully."
However, I can't get the computer to boot to a desktop - when I select "System Restore" from "System Recovery Options" screen, I get "rstrui.exe - Application Error, Memory could not be found." If I select "Add Drivers" and direct it to files on the boot CD, it returns an error saying non of the files there contain information about the hardware.
When I start in safe mode and select "Last Known Good Configuration" I get a Windows error and it takes me back to the recovery screen. "Start Windows Normally" only leads to a re-boot.
I have not tried Dell Datasafe since I had not configured it and am unsure if I will lose any data on either the primary or secondary hard drive.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP