Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can't get rid of Backdoor.Trojan Run&MSConfig

Started by TheFrommClub , Aug 04 2011 02:01 PM

This topic is locked

#1
TheFrommClub

Posted 04 August 2011 - 02:01 PM

New Member

Member
8 posts

I have a Backdoor.Trojan which IoBit finds and deletes but it quickly reinstalls on reboot. IObit says the file is RunMSConfig with the M underlined. AVG and MaladwareBytes do not find it. The virus crashes my computer, freezes the mouse and keyboard. I think it runs up the temperature of the CPU. Running on XP Media Center Edition on a Gateway Pentium. I have eliminated most of the startup files that are unnecessay but that hasn't stopped it.

OST file replaced see below.

Attached Files

Extras.Txt 89.72KB 124 downloads

Edited by TheFrommClub, 05 August 2011 - 03:45 PM.

#2
Homburg

Posted 05 August 2011 - 03:47 AM

Trusted Helper

Malware Removal
665 posts

Hello TheFrommClub and welcome to GeeksToGo

I'm Homburg and I'm going to help you fix your problem.

Note that I'm currently in training and my posts have to be approved by an expert before I reply.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
Please do not try to fix anything without being asked
Please continue to follow my instructions until I tell you your machine is clean. Absence of symptoms does not mean that everything is clear.
I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
I am currently reviewing your logs.

#3
Homburg

Posted 05 August 2011 - 04:05 AM

Trusted Helper

Malware Removal
665 posts

Hi,

When you ran OTL it should have produced a log called OTL.txt can you please post that. If it's not still on your desktop you should be able to find a copy at:

C:\_OTL\Moved Files

If you can't find it then just run OTL again as you did before and post the new log

Next

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Homburg

#4
TheFrommClub

Posted 05 August 2011 - 03:15 PM

New Member

Topic Starter
Member
8 posts

Post replaced below

Edited by TheFrommClub, 05 August 2011 - 03:43 PM.

#5
TheFrommClub

Posted 05 August 2011 - 03:20 PM

New Member

Topic Starter
Member
8 posts

Here is the log from running aswMBR.exe.

Attached Files

aswMBR.txt 1.9KB 111 downloads

#6
TheFrommClub

Posted 05 August 2011 - 03:41 PM

New Member

Topic Starter
Member
8 posts

Here is a fresh OTL.txt file. I used the OTL default settings. While it ran it gave me several exception error messages. I ran it while Avira and AVG were live - should I have turned them off? Thanks again.
Derek

Attached Files

OTL.Txt 163.24KB 90 downloads

Edited by TheFrommClub, 05 August 2011 - 03:48 PM.

#7
Homburg

Posted 06 August 2011 - 05:44 AM

Trusted Helper

Malware Removal
665 posts

Hi,

Next time can you please post your logs as it makes them easier to read

I will be back later with a fix when it has been approved. I've posted your previous logs.

OTL logfile created on: 8/5/2011 4:25:42 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.40 Gb Available Physical Memory | 26.62% Memory free
2.85 Gb Paging File | 1.69 Gb Available in Paging File | 59.16% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.38 Gb Total Space | 60.16 Gb Free Space | 26.34% Space Free | Partition Type: NTFS
Drive D: | 4.49 Gb Total Space | 1.68 Gb Free Space | 37.45% Space Free | Partition Type: FAT32
Drive L: | 641.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 465.76 Gb Total Space | 188.02 Gb Free Space | 40.37% Space Free | Partition Type: NTFS

Computer Name: GATEWAY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/05 13:10:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/04 14:34:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/13 01:33:08 | 004,615,064 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/04/18 20:18:34 | 000,133,320 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe
PRC - [2011/04/18 20:18:32 | 001,657,032 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Intel Desktop Utilities\iptray.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/04/13 17:31:14 | 001,646,936 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/08 11:21:30 | 000,750,920 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/06 15:31:52 | 001,122,304 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006/03/06 15:17:24 | 000,307,200 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
PRC - [2006/03/06 15:16:48 | 000,378,880 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
PRC - [2006/03/06 15:16:12 | 000,198,656 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
PRC - [2006/03/06 15:15:42 | 000,289,792 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
PRC - [2006/03/06 15:14:58 | 000,497,152 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\LCDMon.exe
PRC - [2005/05/10 13:31:22 | 000,241,664 | ---- | M] (Stardock) -- C:\Program Files\Common Files\Stardock\SDMCP.exe
PRC - [2005/04/01 20:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2005/02/24 21:34:02 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2004/05/17 21:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [1999/12/31 19:00:00 | 000,240,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe

========== Modules (SafeList) ==========

MOD - [2011/08/04 14:34:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/05 13:10:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/06/17 09:33:02 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EASEUS Agent)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/18 20:18:34 | 000,133,320 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe -- (IduService) Intel®
SRV - [2011/04/18 20:18:12 | 000,057,344 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\FSC\FSCAppServ.exe -- (Intel® Desktop Boards FSC Application Service) Intel®
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/07 17:48:20 | 000,054,516 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Expat Shield\bin\ExpatTrayService.exe -- (ExpatTrayService)
SRV - [2011/01/07 17:42:56 | 000,271,408 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Expat Shield\bin\openvpnas.exe -- (ExpatShieldService)
SRV - [2011/01/05 13:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Expat Shield\HssWPR\hsssrv.exe -- (ExpatSrv)
SRV - [2010/10/15 13:42:14 | 000,326,704 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Expat Shield\bin\hsswd.exe -- (ExpatWd)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/14 06:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 06:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 06:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/07/01 07:35:22 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/06/30 19:52:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/04/01 20:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2005/03/19 15:45:55 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/02/24 21:34:02 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
SRV - [1999/12/31 19:00:00 | 000,240,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/08/05 16:06:47 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3362815E-8FEB-4857-9F41-898BF396BDD7}\MpKslc8c9fdc0.sys -- (MpKslc8c9fdc0)
DRV - [2011/08/05 16:01:13 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3362815E-8FEB-4857-9F41-898BF396BDD7}\MpKsl3c1fee09.sys -- (MpKsl3c1fee09)
DRV - [2011/08/05 15:53:39 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3362815E-8FEB-4857-9F41-898BF396BDD7}\MpKsl249e0571.sys -- (MpKsl249e0571)
DRV - [2011/08/05 15:42:09 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3362815E-8FEB-4857-9F41-898BF396BDD7}\MpKsl73ef902f.sys -- (MpKsl73ef902f)
DRV - [2011/08/05 15:13:36 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3362815E-8FEB-4857-9F41-898BF396BDD7}\MpKsl3479ffc2.sys -- (MpKsl3479ffc2)
DRV - [2011/08/05 13:10:17 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/05 13:10:16 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/08/05 11:57:28 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3362815E-8FEB-4857-9F41-898BF396BDD7}\MpKsl16bf4c2e.sys -- (MpKsl16bf4c2e)
DRV - [2011/08/05 11:47:40 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3362815E-8FEB-4857-9F41-898BF396BDD7}\MpKsl9cf0b151.sys -- (MpKsl9cf0b151)
DRV - [2011/08/04 16:19:24 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3362815E-8FEB-4857-9F41-898BF396BDD7}\MpKsld612db49.sys -- (MpKsld612db49)
DRV - [2011/07/26 22:05:45 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2011/07/19 10:10:26 | 000,008,413 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2011/07/19 10:10:08 | 000,022,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel®
DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/06/28 12:53:33 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/06/15 03:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/04/22 18:26:12 | 000,035,720 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011/04/22 18:26:08 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2011/04/22 18:26:06 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/04/22 18:26:04 | 000,030,600 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/04/22 18:26:02 | 000,187,528 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eudisk.sys -- (EUDISK)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/01/03 19:15:43 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/09/23 04:11:28 | 000,298,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2010/09/22 14:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/09/22 14:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2008/04/14 01:15:36 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/11/25 11:43:04 | 000,067,584 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2006/02/19 13:16:36 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2005/08/10 07:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 08:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/05/02 21:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [2004/10/20 14:39:32 | 000,040,724 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/09/24 21:14:40 | 002,276,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/09/15 15:59:54 | 000,241,152 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88VidBB.sys -- (CX23880) AVerMedia AVerTV MPEG Video Capture (!)
DRV - [2004/09/15 13:30:58 | 000,296,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88EncBB.sys -- (CX88ENC)
DRV - [2004/09/15 13:29:38 | 000,010,112 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88BarBB.sys -- (CX88XBAR) AVerMedia AVerTV MPEG Crossbar (Dual-Input)
DRV - [2004/09/15 13:29:16 | 000,024,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88TunBB.sys -- (CXTUNE)
DRV - [2004/09/15 12:16:54 | 000,009,216 | ---- | M] (AVerMedia) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A88AudBB.sys -- (CXAVSAUD)
DRV - [2004/08/25 04:18:58 | 000,011,264 | ---- | M] ((Standard Mouse Types)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2004/08/25 04:16:52 | 000,009,856 | R--- | M] ((Standard Mouse Types)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)
DRV - [2004/08/25 04:15:52 | 000,004,992 | ---- | M] ((Standard Mouse Types)) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2004/07/05 11:12:00 | 000,014,336 | R--- | M] (Cisco-Linksys, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BEFCMU10V4XP.sys -- (BEFCMU10V4XP)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/03/17 18:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/06/12 04:56:44 | 000,098,304 | R--- | M] (ATMEL) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vnet558x.sys -- (FVNETusb)
DRV - [2002/02/17 13:10:32 | 000,050,264 | R--- | M] (Gemtek Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMUSB.sys -- (PRISM_USB)
DRV - [2001/08/23 14:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/07/24 10:39:22 | 000,014,816 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pelps2m.sys -- (pelps2m)
DRV - [2001/01/09 16:49:28 | 000,027,088 | ---- | M] (Primax Electronics Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PELMouse.SYS -- (pelmouse)
DRV - [1999/12/31 19:00:00 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [1999/12/31 19:00:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [1999/12/31 19:00:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [1999/12/31 19:00:00 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [1999/12/31 19:00:00 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [1999/12/31 19:00:00 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [1999/12/31 19:00:00 | 000,044,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=en&source=mpes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - Reg Error: Value error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/13 05:58:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/09 21:33:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 09:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 09:27:32 | 000,000,000 | ---D | M]

[2010/07/20 23:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/07/02 22:48:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g77sqzy.default\extensions
[2007/12/01 09:41:44 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g77sqzy.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/09/12 21:01:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g77sqzy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/21 00:29:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g77sqzy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/03 12:12:28 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g77sqzy.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2007/07/31 07:10:51 | 000,000,000 | ---D | M] ("Noia 2.0 (eXtreme)") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g77sqzy.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/07/21 00:01:11 | 000,000,000 | ---D | M] (Aluminium Kai 2) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g77sqzy.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2010/07/21 00:01:12 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g77sqzy.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/07/21 00:01:12 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g77sqzy.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/07/03 12:12:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g77sqzy.default\extensions\[email protected]
[2011/06/25 02:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g77sqzy.default\extensions\staged
[2011/07/26 22:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/05/25 00:03:31 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
[2010/12/15 16:50:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/26 22:13:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/03/19 12:38:47 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2011/07/13 05:58:34 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010/12/15 16:49:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/15 23:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [ipTray.exe] C:\Program Files\Intel\Intel Desktop Utilities\ipTray.exe (Intel® Corporation)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\G-series Software\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30155.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.93.41.125 24.93.41.126
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll - C:\Program Files\Common Files\Stardock\MCPStub.dll (Stardock)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\MCPCore.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/27 20:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/07/18 15:47:26 | 000,000,000 | ---D | M] - C:\Automobiles -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O32 - AutoRun File - [2003/08/28 18:02:12 | 000,000,000 | R--D | M] - L:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/28 18:02:13 | 000,000,059 | R--- | M] () - L:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6f4ac770-b342-11e0-aaa5-000c41597d54}\Shell - "" = AutoRun
O33 - MountPoints2\{6f4ac770-b342-11e0-aaa5-000c41597d54}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f4ac770-b342-11e0-aaa5-000c41597d54}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\{a4fc8f28-bcef-11df-9e7b-000c41597d54}\Shell\AutoRun\command - "" = G:\RDEapp.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/05 15:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/08/05 14:10:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/08/04 21:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2011/08/04 20:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/08/04 20:56:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/08/04 20:56:19 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/08/04 20:56:19 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/08/04 20:56:19 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/08/04 20:56:19 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/08/04 20:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/04 20:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/08/04 16:18:51 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/08/04 16:09:47 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/08/04 16:09:47 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/08/04 16:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/08/04 14:34:51 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/08/03 13:01:01 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2011/08/03 13:01:00 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2011/08/03 13:00:58 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2011/08/03 13:00:58 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2011/08/03 13:00:57 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2011/08/03 13:00:57 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2011/08/03 13:00:56 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2011/08/03 13:00:56 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2011/08/03 13:00:55 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2011/08/03 13:00:51 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2011/08/03 13:00:51 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2011/08/03 13:00:49 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/08/03 13:00:47 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011/08/03 13:00:46 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2011/08/03 13:00:45 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/08/03 13:00:44 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011/08/03 13:00:43 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011/08/03 12:54:20 | 000,000,000 | ---D | C] -- C:\I386
[2011/08/03 12:50:16 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011/08/03 12:50:13 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/08/03 12:50:12 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/08/03 12:50:11 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/08/03 12:50:11 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/08/03 12:50:10 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/08/03 12:50:10 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011/08/03 12:50:09 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011/08/03 12:50:08 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/08/03 12:50:07 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011/08/03 12:50:07 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2011/08/03 12:50:06 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011/08/03 12:50:05 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2011/08/03 12:50:04 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/08/03 12:50:04 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/08/03 12:50:04 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2011/08/03 12:50:03 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011/08/03 12:50:02 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2011/08/03 12:50:01 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/08/03 12:50:01 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/08/03 12:50:01 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/08/03 12:50:00 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011/08/03 12:18:46 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2011/08/02 18:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/02 18:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/02 18:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/08/02 16:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tanagra
[2011/08/02 16:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2011/07/29 15:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2011/07/29 15:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\System Explorer
[2011/07/29 11:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97(2)
[2011/07/29 10:16:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2011/07/29 10:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2011/07/28 15:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2011/07/26 22:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/07/26 22:13:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/26 22:13:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/26 22:13:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/25 09:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/07/22 11:29:12 | 000,000,000 | ---D | C] -- C:\00 Shopping
[2011/07/21 17:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/07/21 17:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\programs\SpeedFan
[2011/07/20 19:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\U3
[2011/07/19 10:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Intel
[2011/07/19 10:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2011/07/19 10:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel
[2011/07/19 10:11:40 | 000,008,192 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\cpuio.sys
[2011/07/19 10:11:40 | 000,007,680 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\variable.sys
[2011/07/19 10:11:28 | 000,022,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\intelsmb.sys
[2011/07/19 10:11:10 | 000,970,752 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ismbun.exe
[2011/07/19 10:11:10 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2011/07/19 10:10:55 | 000,008,413 | ---- | C] (OSA Technologies, An Avocent Company) -- C:\WINDOWS\System32\drivers\osaio.sys
[2011/07/19 09:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2011/07/19 09:28:03 | 000,036,484 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\SMBios.sys
[2011/07/19 09:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\Motherboard Monitor 5
[2011/07/17 17:50:58 | 000,118,784 | ---- | C] (Hauppauge Computer Works Inc) -- C:\WINDOWS\System32\HCWSched.ocx
[2011/07/17 17:50:58 | 000,040,960 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\HcwTvTvOCX.ocx
[2011/07/17 17:50:57 | 000,069,632 | ---- | C] (Hauppauge Computer Works ) -- C:\WINDOWS\System32\3DES.dll
[2011/07/17 17:50:57 | 000,028,672 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwsched.dll
[2011/07/17 17:50:56 | 000,204,800 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\Mdcustoms.ocx
[2011/07/17 17:50:56 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCAL.OCX
[2011/07/17 17:50:56 | 000,073,792 | ---- | C] (Hauppauge Computer Works, Inc) -- C:\WINDOWS\System32\CHSUITE.OCX
[2011/07/17 17:50:56 | 000,053,248 | ---- | C] (Hauppauge) -- C:\WINDOWS\System32\MDCustomPanels.ocx
[2011/07/17 17:50:56 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\HCWUTL32.DLL
[2011/07/17 17:50:34 | 000,393,216 | ---- | C] (Snowbound Software Corporation (www.Snowbnd.com)) -- C:\WINDOWS\System32\hcwsnbd9.dll
[2011/07/17 17:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinTV
[2011/07/17 17:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2011/07/17 17:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2011/07/17 17:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/17 17:33:09 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibrtmon.exe
[2011/07/17 17:33:06 | 003,227,648 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2011/07/17 17:33:06 | 000,126,976 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2011/07/17 17:33:06 | 000,049,664 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2011/07/17 17:33:06 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2011/07/17 17:33:06 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2011/07/17 16:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimDrivers
[2011/07/17 16:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\SlimDrivers
[2011/07/14 00:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011/07/14 00:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/07/14 00:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2011/07/14 00:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/07/14 00:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\YouTube Downloader
[2011/07/14 00:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Search Settings
[2011/07/14 00:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Funhouse
[2011/07/14 00:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2011/07/10 15:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Skype
[2011/07/10 15:48:20 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/10 15:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/07/10 15:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/07/10 01:10:43 | 000,000,000 | ---D | C] -- C:\Deborah's Files
[2011/07/09 16:03:21 | 000,000,000 | R--D | C] -- C:\My Documents
[2011/07/09 15:55:55 | 000,000,000 | --SD | C] -- C:\SharePoint Drafts
[2011/07/09 15:54:25 | 000,000,000 | ---D | C] -- C:\OZ Software
[2011/07/07 12:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SysTools BKF Viewer
[2011/07/07 12:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\SysTools BKF Viewer
[2011/07/07 00:14:26 | 000,000,000 | ---D | C] -- C:\Web Database
[2011/07/07 00:13:35 | 000,000,000 | ---D | C] -- C:\SPORTS
[2011/07/07 00:13:17 | 000,000,000 | ---D | C] -- C:\SCHOOL
[2011/07/07 00:10:41 | 000,000,000 | ---D | C] -- C:\LONDON
[2011/07/07 00:07:04 | 000,000,000 | ---D | C] -- C:\0 Domain Registrations
[2011/07/07 00:03:32 | 000,000,000 | ---D | C] -- C:\INVESTMENTWIZARD
[2011/07/07 00:02:10 | 000,000,000 | ---D | C] -- C:\Graphics
[2011/07/07 00:00:00 | 000,000,000 | ---D | C] -- C:\ARCHIVE EMAIL FOLDERS
[2011/07/06 23:57:51 | 000,000,000 | ---D | C] -- C:\Life is the shape it is
[2011/07/06 23:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\My Documents
[2011/07/06 23:48:23 | 000,000,000 | ---D | C] -- C:\0 Mail backup
[2011/07/06 23:47:44 | 000,000,000 | ---D | C] -- C:\AUCTION
[2011/07/06 23:46:58 | 000,000,000 | ---D | C] -- C:\RESEARCH
[2011/07/06 23:46:26 | 000,000,000 | ---D | C] -- C:\Quotations
[2011/07/06 23:45:01 | 000,000,000 | ---D | C] -- C:\OOGLIO
[2011/07/06 23:44:02 | 000,000,000 | ---D | C] -- C:\MANUALS & INSTRUCTIONS
[2011/07/06 23:42:26 | 000,000,000 | ---D | C] -- C:\INVESTA PROSPECTS
[2011/07/06 23:40:04 | 000,000,000 | ---D | C] -- C:\HomePcclean
[2011/07/06 23:39:50 | 000,000,000 | ---D | C] -- C:\HOGGETT PRESS
[2011/07/06 23:39:34 | 000,000,000 | ---D | C] -- C:\GODFATHERJOBS
[2011/07/06 23:39:07 | 000,000,000 | ---D | C] -- C:\Craigs list items
[2011/07/06 23:38:08 | 000,000,000 | ---D | C] -- C:\BIOGRAPHY
[2011/07/06 23:34:26 | 000,000,000 | ---D | C] -- C:\Advertising
[2011/07/06 23:30:48 | 000,000,000 | ---D | C] -- C:\0 ACCOUNTING
[2011/07/06 23:29:26 | 000,000,000 | ---D | C] -- C:\Automobiles
[30 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1334 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/05 16:33:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{06250F37-99C4-4962-AABF-2EC44CC01FC4}.job
[2011/08/05 16:18:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/08/05 16:11:49 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/05 16:00:41 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/05 16:00:39 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/08/05 16:00:38 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/08/05 16:00:25 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/08/05 16:00:19 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\SpeedFan.job
[2011/08/05 16:00:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/05 15:55:38 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/05 15:45:42 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3214691923-4029669270-4067804246-1006.job
[2011/08/05 15:23:13 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/08/05 14:04:25 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/05 13:10:17 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/08/05 13:10:16 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/08/05 12:50:18 | 165,178,844 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\before removal of ctfmon.reg
[2011/08/05 12:47:49 | 099,876,866 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\registry before removing ctfmon.exe
[2011/08/05 12:41:58 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/08/05 12:40:22 | 000,009,228 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/08/05 11:56:01 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2011/08/05 11:47:20 | 001,623,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/05 03:44:06 | 000,604,388 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/05 03:44:05 | 000,128,092 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/04 20:57:07 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/08/04 19:21:34 | 000,587,266 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Banking Report 2011 Final WM.pdf
[2011/08/04 16:10:35 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/04 16:04:29 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/04 14:34:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/08/03 13:25:36 | 000,001,295 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CabPath USED TO CHANGE SOURCEPATH.lnk
[2011/08/02 18:59:19 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/08/02 15:49:29 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/08/02 15:49:29 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/08/02 15:39:21 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/08/01 12:12:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/01 05:16:09 | 126,462,054 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/31 17:59:54 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007 (2).lnk
[2011/07/31 14:18:19 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\SYSTEM
[2011/07/31 09:04:29 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\magicJack.lnk
[2011/07/26 22:05:45 | 000,012,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/07/25 09:41:44 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/07/22 09:15:32 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2011/07/21 17:17:03 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpeedFan.lnk
[2011/07/21 17:16:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\initdebug.nfo
[2011/07/19 10:11:57 | 000,001,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intel® Desktop Utilities.lnk
[2011/07/19 10:10:26 | 000,008,413 | ---- | M] (OSA Technologies, An Avocent Company) -- C:\WINDOWS\System32\drivers\osaio.sys
[2011/07/19 10:10:26 | 000,008,192 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\cpuio.sys
[2011/07/19 10:10:26 | 000,007,680 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\variable.sys
[2011/07/19 10:10:08 | 000,022,272 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\intelsmb.sys
[2011/07/19 10:10:07 | 000,970,752 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ismbun.exe
[2011/07/19 10:10:07 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2011/07/19 09:40:45 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2011/07/19 09:40:45 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/07/18 10:31:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/17 16:54:12 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimDrivers.lnk
[2011/07/17 03:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\RegSERVO.job
[2011/07/15 04:14:50 | 001,009,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How can i grow a peach tree from this years pit - Yahoo! Answers.mht
[2011/07/14 21:05:16 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to DH Books.lnk
[2011/07/14 00:42:12 | 000,004,303 | ---- | M] () -- C:\logfile
[2011/07/10 15:49:09 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/10 09:43:09 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/07/08 20:09:42 | 595,539,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\QBPREM2006R1.iso
[2011/07/08 17:14:45 | 512,649,216 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WXPFPP_EN.iso
[2011/07/07 21:54:25 | 000,194,748 | -HS- | M] () -- C:\EASEUSLD.LDR
[2011/07/07 12:21:28 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SysTools BKF Viewer.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1334 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/05 16:18:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/08/05 15:23:13 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/08/05 14:04:25 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/05 12:48:20 | 165,178,844 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\before removal of ctfmon.reg
[2011/08/05 12:45:01 | 099,876,866 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\registry before removing ctfmon.exe
[2011/08/04 20:57:06 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/08/04 19:21:33 | 000,587,266 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Banking Report 2011 Final WM.pdf
[2011/08/04 16:14:16 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/04 16:10:35 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/08/04 16:07:59 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/08/03 13:25:36 | 000,001,295 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CabPath USED TO CHANGE SOURCEPATH.lnk
[2011/08/03 13:01:02 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/08/03 13:01:01 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/08/03 13:01:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/08/03 13:00:55 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/08/02 18:59:19 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/07/31 14:18:19 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM
[2011/07/25 09:41:44 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/07/23 22:26:25 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\SpeedFan.job
[2011/07/22 11:40:11 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/07/21 17:17:03 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpeedFan.lnk
[2011/07/21 17:16:59 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/07/21 17:16:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\initdebug.nfo
[2011/07/19 10:11:57 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intel® Desktop Utilities.lnk
[2011/07/19 09:40:45 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/07/19 09:40:45 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2011/07/19 09:40:45 | 000,000,939 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/07/19 09:40:43 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/07/18 10:31:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/17 17:50:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2011/07/17 17:35:42 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/07/17 17:33:06 | 000,151,824 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/07/17 16:54:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimDrivers.lnk
[2011/07/15 04:14:50 | 001,009,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How can i grow a peach tree from this years pit - Yahoo! Answers.mht
[2011/07/14 21:05:16 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to DH Books.lnk
[2011/07/14 01:16:59 | 001,164,476 | ---- | C] () -- C:\WINDOWS\System32\ms98.cab
[2011/07/10 15:48:20 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/10 01:18:34 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/10 01:18:17 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/08 20:07:13 | 595,539,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\QBPREM2006R1.iso
[2011/07/08 17:12:34 | 512,649,216 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WXPFPP_EN.iso
[2011/07/07 12:21:28 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SysTools BKF Viewer.lnk
[2011/07/05 16:12:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2011/06/20 10:14:09 | 000,035,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/06/11 19:11:08 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/11 19:11:05 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/06/08 17:38:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/06/08 13:39:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FH_setup.ini
[2011/04/25 14:25:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2011/04/18 18:01:24 | 000,003,223 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2011/04/18 18:01:24 | 000,000,193 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2011/04/11 01:49:13 | 000,665,652 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/04/11 01:47:16 | 000,224,098 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/04/11 01:30:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/03/16 12:29:22 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5c.DLL
[2011/03/01 23:53:47 | 000,102,006 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/03/01 23:53:47 | 000,017,218 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/03/01 17:21:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/07/21 00:38:23 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/01/27 15:16:04 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/12/10 21:26:27 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2007/12/02 11:37:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2007/09/29 03:36:06 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/09/29 03:36:06 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/09/29 03:36:06 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/09/16 00:27:29 | 000,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/09/09 20:02:05 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/09/09 20:02:02 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/09/09 20:01:26 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/09/09 20:01:25 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/09/09 20:01:24 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/08/14 22:11:54 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/07/15 18:49:59 | 000,002,308 | ---- | C] () -- C:\WINDOWS\XMailer.INI
[2007/06/22 20:52:10 | 000,061,608 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/06/03 14:43:51 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\qwavecache.dat
[2007/04/20 22:57:58 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/03/25 11:56:04 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2007/02/03 18:58:18 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/03 19:02:21 | 000,000,017 | ---- | C] () -- C:\WINDOWS\devqdat7417.dat
[2006/08/04 11:10:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI
[2006/07/04 11:53:41 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/30 11:48:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LCDMedia.INI
[2006/05/31 23:00:18 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/20 23:47:35 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2006/05/13 12:27:58 | 000,000,167 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/13 16:38:25 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE
[2006/04/13 16:38:24 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Copy of GkSui18.EXE
[2006/04/01 16:07:58 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/02/19 13:16:36 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/02/13 21:05:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/13 21:05:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/02/13 21:05:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/13 21:05:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/02/13 21:05:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/13 21:05:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/13 21:05:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/13 21:05:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/02/13 21:05:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/02/13 21:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/13 21:05:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/01/11 19:15:11 | 000,046,345 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/01/05 19:29:19 | 000,001,113 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/01/05 19:26:57 | 000,001,303 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2005/12/21 17:43:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/12/03 18:10:51 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2005/11/11 13:09:57 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2005/10/25 02:43:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/11 12:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2005/05/14 19:08:45 | 000,177,480 | ---- | C] () -- C:\WINDOWS\System32\hp9jnldp.dat
[2005/05/14 19:08:45 | 000,025,240 | ---- | C] () -- C:\WINDOWS\System32\kt5fut5g.dat
[2005/05/14 19:08:45 | 000,003,512 | ---- | C] () -- C:\WINDOWS\System32\m22a65t6.dat
[2005/05/14 19:08:45 | 000,002,744 | ---- | C] () -- C:\WINDOWS\System32\sbs1mmdk.dat
[2005/05/14 19:08:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\p6v6edlt.dat
[2005/05/14 19:08:40 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\s697chnl.ini
[2005/05/14 19:08:39 | 000,003,498 | ---- | C] () -- C:\WINDOWS\System32\rg5mv1lu.ini
[2005/05/14 19:08:39 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\fa52eemk.ini
[2005/04/15 00:40:12 | 000,003,144 | ---- | C] () -- C:\WINDOWS\System32\uttmg054.dat
[2005/04/15 00:40:12 | 000,001,879 | ---- | C] () -- C:\WINDOWS\System32\6qa7op3h.dat
[2005/04/15 00:40:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ibjekdkr.dat
[2005/04/15 00:40:07 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\hu7gmhaf.ini
[2005/04/15 00:40:07 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\0ftnch66.ini
[2005/04/15 00:40:06 | 000,003,474 | ---- | C] () -- C:\WINDOWS\System32\9ke2ft2m.ini
[2005/03/30 23:15:36 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2005/03/30 23:15:36 | 000,029,001 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2005/03/07 16:25:07 | 000,000,571 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/24 23:39:59 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/02/24 22:25:25 | 000,209,408 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/24 21:59:12 | 000,105,168 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2005/02/24 21:58:52 | 000,016,226 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/02/24 21:56:46 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2005/02/24 21:41:51 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2005/02/24 21:37:51 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/02/24 21:34:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2005/02/24 21:34:38 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/24 21:34:02 | 000,543,232 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2005/02/24 21:34:02 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2005/02/24 21:34:02 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2005/02/24 21:34:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2005/02/24 21:27:28 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2004/10/28 12:47:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/27 21:43:40 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/10/27 20:24:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/27 20:14:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/27 19:53:07 | 000,001,182 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/27 19:53:07 | 000,000,466 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/10/27 19:52:10 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003774_.tmp.dll
[2004/10/27 19:52:09 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/27 19:52:06 | 000,604,388 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/27 19:52:06 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/10/27 19:52:06 | 000,128,092 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/27 19:52:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/10/27 19:52:05 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/27 19:52:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/10/27 19:52:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/27 19:51:55 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/10/27 19:51:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/10/27 19:51:54 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003806_.tmp.dll
[2004/10/27 19:51:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/10/27 19:51:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/10/27 13:07:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/27 13:06:55 | 001,623,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/08/23 14:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1999/01/04 13:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 02:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[1996/08/20 23:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-05 16:17:05
-----------------------------
16:17:05.484 OS Version: Windows 5.1.2600 Service Pack 3
16:17:05.484 Number of processors: 2 586 0x304
16:17:05.484 ComputerName: GATEWAY UserName: Owner
16:17:06.890 Initialize success
16:17:35.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
16:17:35.281 Disk 0 Vendor: WDC_WD2500JD-22HBB0 08.02D08 Size: 238475MB BusType: 3
16:17:35.281 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-10
16:17:35.296 Disk 1 Vendor: Maxtor_3H500F0 HA431DD0 Size: 476940MB BusType: 3
16:17:37.375 Disk 0 MBR read successfully
16:17:37.375 Disk 0 MBR scan
16:17:37.375 Disk 0 unknown MBR code
16:17:37.390 Disk 0 scanning sectors +488376000
16:17:37.453 Disk 0 scanning C:\WINDOWS\system32\drivers
16:17:56.500 Service scanning
16:17:57.453 Service dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys **LOCKED** 32
16:17:58.218 Service MpKslc8c9fdc0 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3362815E-8FEB-4857-9F41-898BF396BDD7}\MpKslc8c9fdc0.sys **LOCKED** 32
16:17:58.578 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
16:17:59.296 Modules scanning
16:18:07.156 Disk 0 trace - called modules:
16:18:07.187 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spgh.sys hal.dll >>UNKNOWN [0x8aff9938]<<
16:18:07.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af1dab8]
16:18:07.187 3 CLASSPNP.SYS[f76b7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8af24d98]
16:18:07.187 Scan finished successfully
16:18:34.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
16:18:34.171 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#8
Homburg

Posted 06 August 2011 - 12:29 PM

Trusted Helper

Malware Removal
665 posts

Hi,

You are running multiple AntiVirus software on your system. You should never have more than one as they conflict with each other and make your computer unstable. Can you please choose one and uninstall the rest.

I can see traces of McAfee so you might need to use the uninstall tool here.

Step 1:

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 2:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3:

Please confirm that you now have only one AntiVirus remaining.
Post the TDSSkiller log

Homburg

#9
TheFrommClub

Posted 07 August 2011 - 02:58 PM

New Member

Topic Starter
Member
8 posts

Done. No problems found. Here is the log file:
2011/08/07 15:53:14.0843 5792 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/07 15:53:15.0281 5792 ================================================================================
2011/08/07 15:53:15.0281 5792 SystemInfo:
2011/08/07 15:53:15.0281 5792
2011/08/07 15:53:15.0281 5792 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/07 15:53:15.0281 5792 Product type: Workstation
2011/08/07 15:53:15.0281 5792 ComputerName: GATEWAY
2011/08/07 15:53:15.0281 5792 UserName: Owner
2011/08/07 15:53:15.0281 5792 Windows directory: C:\WINDOWS
2011/08/07 15:53:15.0281 5792 System windows directory: C:\WINDOWS
2011/08/07 15:53:15.0281 5792 Processor architecture: Intel x86
2011/08/07 15:53:15.0281 5792 Number of processors: 2
2011/08/07 15:53:15.0281 5792 Page size: 0x1000
2011/08/07 15:53:15.0281 5792 Boot type: Normal boot
2011/08/07 15:53:15.0281 5792 ================================================================================
2011/08/07 15:53:17.0140 5792 Initialize success
2011/08/07 15:53:19.0406 4040 ================================================================================
2011/08/07 15:53:19.0406 4040 Scan started
2011/08/07 15:53:19.0406 4040 Mode: Manual;
2011/08/07 15:53:19.0406 4040 ================================================================================
2011/08/07 15:53:20.0656 4040 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/07 15:53:20.0734 4040 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/07 15:53:20.0796 4040 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/07 15:53:20.0859 4040 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/07 15:53:20.0921 4040 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/07 15:53:20.0984 4040 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/08/07 15:53:21.0046 4040 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/07 15:53:21.0093 4040 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/07 15:53:21.0140 4040 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/07 15:53:21.0187 4040 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/07 15:53:21.0234 4040 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/07 15:53:21.0296 4040 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/07 15:53:21.0343 4040 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/07 15:53:21.0640 4040 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/07 15:53:23.0015 4040 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/07 15:53:23.0109 4040 Amfilter (45e61cd5c79b6d81334a1cddf0619091) C:\WINDOWS\system32\DRIVERS\Amfilter.sys
2011/08/07 15:53:23.0187 4040 Amps2prt (dc3af17b414169c566f38be5492871bc) C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
2011/08/07 15:53:23.0250 4040 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/07 15:53:23.0328 4040 Amusbprt (4872317e5d59c925a4eb532898e8c0be) C:\WINDOWS\system32\DRIVERS\Amusbprt.sys
2011/08/07 15:53:23.0421 4040 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/07 15:53:23.0484 4040 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/07 15:53:23.0531 4040 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/07 15:53:23.0578 4040 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/07 15:53:23.0671 4040 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/07 15:53:23.0750 4040 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/07 15:53:23.0984 4040 ati2mtag (8763ede3e0cd40f5c3450571ac57f205) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/07 15:53:24.0218 4040 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/07 15:53:24.0281 4040 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/07 15:53:24.0359 4040 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/07 15:53:24.0421 4040 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/07 15:53:24.0531 4040 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/07 15:53:24.0578 4040 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/07 15:53:24.0687 4040 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/07 15:53:24.0750 4040 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/07 15:53:24.0796 4040 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/07 15:53:24.0859 4040 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/07 15:53:24.0921 4040 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/08/07 15:53:25.0000 4040 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/07 15:53:25.0062 4040 BEFCMU10V4XP (bc277a864759e6ea5e89a67bd73f4c27) C:\WINDOWS\system32\DRIVERS\BEFCMU10V4XP.sys
2011/08/07 15:53:25.0140 4040 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/07 15:53:25.0187 4040 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/07 15:53:25.0281 4040 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/07 15:53:25.0343 4040 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/07 15:53:25.0390 4040 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/07 15:53:25.0437 4040 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/07 15:53:25.0500 4040 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/07 15:53:25.0718 4040 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/07 15:53:25.0781 4040 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/07 15:53:25.0875 4040 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/08/07 15:53:26.0000 4040 CX23880 (0cdad5c0e3634b0c3fae91a61b419143) C:\WINDOWS\system32\drivers\A88VidBB.sys
2011/08/07 15:53:26.0093 4040 CX88ENC (a1b918bb5df62d48596863b3a6c7a1db) C:\WINDOWS\system32\drivers\A88EncBB.sys
2011/08/07 15:53:26.0171 4040 CX88XBAR (e4d09bae3963745930eedbaeb32264a1) C:\WINDOWS\system32\drivers\A88BarBB.sys
2011/08/07 15:53:26.0218 4040 CXAVSAUD (79127a6522c4c858c407e9685971c8fd) C:\WINDOWS\system32\drivers\A88AudBB.sys
2011/08/07 15:53:26.0312 4040 CXTUNE (feb738a2aa102e35e22061ef07b87081) C:\WINDOWS\system32\drivers\A88TunBB.sys
2011/08/07 15:53:26.0359 4040 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/07 15:53:26.0406 4040 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/07 15:53:26.0500 4040 dc3d (484ffbcec4091ff617494b6b0cb04eb3) C:\WINDOWS\system32\DRIVERS\dc3d.sys
2011/08/07 15:53:26.0578 4040 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/07 15:53:26.0671 4040 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/07 15:53:26.0765 4040 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/07 15:53:26.0812 4040 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/07 15:53:26.0875 4040 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/07 15:53:26.0921 4040 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/07 15:53:26.0968 4040 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/07 15:53:27.0046 4040 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
2011/08/07 15:53:27.0140 4040 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
2011/08/07 15:53:27.0156 4040 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
2011/08/07 15:53:27.0171 4040 dtscsi - detected LockedFile.Multi.Generic (1)
2011/08/07 15:53:27.0250 4040 EUBAKUP (1fc4211733c428c7089f6025559581d1) C:\WINDOWS\system32\drivers\eubakup.sys
2011/08/07 15:53:27.0296 4040 EUBKMON (822a9bd84571d4524c9cc00d4fd69108) C:\WINDOWS\system32\drivers\EUBKMON.sys
2011/08/07 15:53:27.0359 4040 EUDISK (7f6b645f430191ff235e657fc0016551) C:\WINDOWS\system32\drivers\eudisk.sys
2011/08/07 15:53:27.0406 4040 EUDSKACS (cf10797dd2215ffc2e015d182384dd59) C:\WINDOWS\system32\drivers\eudskacs.sys
2011/08/07 15:53:27.0703 4040 EUFS (57ff011f09bc272a69926e7f35e9bfb1) C:\WINDOWS\system32\drivers\eufs.sys
2011/08/07 15:53:27.0937 4040 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/07 15:53:28.0015 4040 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/07 15:53:28.0562 4040 FileMonitor (c21fc36d3cd28c2726fee10d397216c7) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
2011/08/07 15:53:29.0015 4040 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/07 15:53:29.0125 4040 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/07 15:53:29.0250 4040 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/07 15:53:29.0437 4040 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/07 15:53:29.0515 4040 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/07 15:53:29.0609 4040 FVNETusb (25430fd938e631f028933069c266ad1d) C:\WINDOWS\system32\DRIVERS\vnet558x.sys
2011/08/07 15:53:29.0671 4040 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/07 15:53:29.0734 4040 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/08/07 15:53:29.0796 4040 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/07 15:53:29.0875 4040 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/08/07 15:53:29.0953 4040 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/07 15:53:30.0031 4040 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
2011/08/07 15:53:30.0109 4040 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/07 15:53:30.0203 4040 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/07 15:53:30.0281 4040 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/07 15:53:30.0375 4040 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/07 15:53:30.0515 4040 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/07 15:53:30.0625 4040 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/08/07 15:53:30.0765 4040 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/08/07 15:53:30.0937 4040 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/08/07 15:53:31.0171 4040 HssDrv (06c9c9de9ab51daa5a83a838c7a58adf) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
2011/08/07 15:53:31.0281 4040 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/07 15:53:31.0390 4040 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/07 15:53:31.0468 4040 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/07 15:53:31.0609 4040 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/07 15:53:31.0703 4040 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/07 15:53:31.0812 4040 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/07 15:53:32.0000 4040 IntcAzAudAddService (c60b77a9eac40774556201a736e050a8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/07 15:53:32.0187 4040 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/07 15:53:32.0281 4040 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/07 15:53:32.0375 4040 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/07 15:53:32.0468 4040 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/07 15:53:32.0546 4040 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/07 15:53:32.0718 4040 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/07 15:53:32.0781 4040 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/07 15:53:32.0921 4040 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
2011/08/07 15:53:33.0015 4040 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/07 15:53:33.0062 4040 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/07 15:53:33.0140 4040 ISODrive (d7ad3c72b9f956798a578a9e0d07b933) C:\Program Files\UltraISO\drivers\ISODrive.sys
2011/08/07 15:53:33.0218 4040 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/07 15:53:33.0265 4040 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/07 15:53:33.0312 4040 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/07 15:53:33.0359 4040 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/07 15:53:33.0671 4040 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/07 15:53:33.0765 4040 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/08/07 15:53:33.0828 4040 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/07 15:53:33.0890 4040 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/07 15:53:34.0031 4040 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/07 15:53:34.0171 4040 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/07 15:53:34.0265 4040 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/07 15:53:34.0359 4040 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/07 15:53:34.0453 4040 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/08/07 15:53:34.0671 4040 MpKsl9da1ec21 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47D18F02-4452-4D4D-A1DD-E1DD390AF37C}\MpKsl9da1ec21.sys
2011/08/07 15:53:34.0750 4040 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/07 15:53:34.0843 4040 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/07 15:53:34.0984 4040 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/07 15:53:35.0078 4040 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/07 15:53:35.0140 4040 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/07 15:53:35.0218 4040 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/07 15:53:35.0281 4040 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/07 15:53:35.0375 4040 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/07 15:53:35.0437 4040 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/07 15:53:35.0500 4040 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/07 15:53:35.0578 4040 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2011/08/07 15:53:35.0656 4040 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/07 15:53:35.0718 4040 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/07 15:53:36.0078 4040 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/07 15:53:36.0500 4040 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/07 15:53:36.0937 4040 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/07 15:53:37.0203 4040 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/07 15:53:37.0375 4040 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/07 15:53:37.0500 4040 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/07 15:53:37.0640 4040 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/07 15:53:37.0906 4040 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/07 15:53:38.0156 4040 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/07 15:53:38.0281 4040 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/07 15:53:38.0453 4040 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/08/07 15:53:38.0546 4040 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/07 15:53:39.0078 4040 nv (2282ad3b19b00967c6e48531c25bfe01) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/07 15:53:39.0406 4040 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/07 15:53:39.0500 4040 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/07 15:53:39.0593 4040 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/07 15:53:39.0656 4040 osaio (6ec2c93fe378eed5b3e069c303bd7848) C:\WINDOWS\system32\drivers\osaio.sys
2011/08/07 15:53:39.0734 4040 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/08/07 15:53:39.0781 4040 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/07 15:53:39.0828 4040 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/07 15:53:39.0890 4040 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/07 15:53:39.0953 4040 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/07 15:53:40.0062 4040 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/07 15:53:40.0140 4040 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/07 15:53:40.0437 4040 pelmouse (03f37bebd1f699b12304c4aeeedc0fae) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2011/08/07 15:53:40.0515 4040 pelps2m (efaf54987ca0102481753363b0759dda) C:\WINDOWS\system32\DRIVERS\pelps2m.sys
2011/08/07 15:53:40.0578 4040 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/07 15:53:40.0625 4040 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/07 15:53:40.0734 4040 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/07 15:53:40.0812 4040 PRISM_USB (46a7bb412d7f0ba1813fc191d460f991) C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys
2011/08/07 15:53:40.0890 4040 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/07 15:53:40.0937 4040 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/07 15:53:40.0984 4040 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/07 15:53:41.0046 4040 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/07 15:53:41.0093 4040 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/07 15:53:41.0140 4040 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/07 15:53:41.0203 4040 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/07 15:53:41.0312 4040 QWAVEDRV (2bb1d2baf3493362e5c1949c5f210d5f) C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
2011/08/07 15:53:41.0375 4040 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/07 15:53:41.0421 4040 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/07 15:53:41.0484 4040 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/07 15:53:41.0531 4040 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/07 15:53:41.0593 4040 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/07 15:53:41.0640 4040 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/07 15:53:41.0703 4040 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/07 15:53:41.0781 4040 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/07 15:53:41.0843 4040 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/07 15:53:42.0015 4040 RegFilter (3bc05ec17f0a2bf4f141cb3d3390515e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
2011/08/07 15:53:42.0125 4040 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2011/08/07 15:53:42.0187 4040 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/08/07 15:53:42.0281 4040 SCDEmu (9feb2026a460916d1a1198b460632630) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/08/07 15:53:42.0375 4040 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/07 15:53:42.0437 4040 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/07 15:53:42.0484 4040 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/07 15:53:42.0609 4040 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/08/07 15:53:42.0671 4040 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/08/07 15:53:42.0734 4040 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/07 15:53:42.0921 4040 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/07 15:53:43.0046 4040 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/07 15:53:43.0125 4040 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2011/08/07 15:53:43.0203 4040 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
2011/08/07 15:53:43.0265 4040 smbusp (d819163f6cb2b88b1ed182afba3b9eb2) C:\WINDOWS\system32\DRIVERS\intelsmb.sys
2011/08/07 15:53:43.0343 4040 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/07 15:53:43.0437 4040 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
2011/08/07 15:53:43.0500 4040 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/07 15:53:43.0593 4040 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/07 15:53:43.0640 4040 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/08/07 15:53:43.0640 4040 sptd - detected LockedFile.Multi.Generic (1)
2011/08/07 15:53:43.0718 4040 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/07 15:53:43.0812 4040 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/07 15:53:43.0937 4040 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/07 15:53:44.0031 4040 SunkFilt (9152dc78005a58a17e79390aa0853bb1) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2011/08/07 15:53:44.0265 4040 SWDUMon (e170114e6262b1d019f85669179a9982) C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
2011/08/07 15:53:44.0343 4040 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/07 15:53:44.0406 4040 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/07 15:53:44.0468 4040 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/07 15:53:44.0531 4040 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/07 15:53:44.0578 4040 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/07 15:53:44.0625 4040 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/07 15:53:44.0687 4040 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/07 15:53:44.0781 4040 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2011/08/07 15:53:44.0875 4040 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/07 15:53:44.0937 4040 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/07 15:53:45.0031 4040 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/07 15:53:45.0093 4040 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/07 15:53:45.0171 4040 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/07 15:53:45.0281 4040 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/07 15:53:45.0359 4040 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/07 15:53:45.0437 4040 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/07 15:53:45.0640 4040 UrlFilter (6a65cd6761337d339001959232233f0d) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
2011/08/07 15:53:45.0718 4040 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/07 15:53:45.0781 4040 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/07 15:53:45.0859 4040 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/07 15:53:45.0921 4040 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/07 15:53:46.0031 4040 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/07 15:53:46.0109 4040 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/07 15:53:46.0218 4040 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/07 15:53:46.0265 4040 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/07 15:53:46.0328 4040 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/07 15:53:46.0421 4040 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/07 15:53:46.0468 4040 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/07 15:53:46.0578 4040 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/07 15:53:46.0734 4040 VX3000 (42870675b4d84acd81a9da69b83f14c5) C:\WINDOWS\system32\DRIVERS\VX3000.sys
2011/08/07 15:53:46.0906 4040 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/07 15:53:47.0109 4040 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/07 15:53:47.0234 4040 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/07 15:53:47.0343 4040 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/07 15:53:47.0468 4040 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/08/07 15:53:47.0562 4040 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/08/07 15:53:47.0656 4040 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/08/07 15:53:47.0718 4040 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/08/07 15:53:47.0796 4040 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/07 15:53:47.0875 4040 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/07 15:53:47.0984 4040 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/07 15:53:48.0062 4040 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/07 15:53:48.0203 4040 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/08/07 15:53:48.0328 4040 yukonwxp (96f714b7431c297373038f5df8b53685) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/08/07 15:53:48.0406 4040 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
2011/08/07 15:53:48.0437 4040 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/08/07 15:53:48.0453 4040 Boot (0x1200) (e8d18aca915ef0d346f000679f0c5e09) \Device\Harddisk0\DR0\Partition0
2011/08/07 15:53:48.0468 4040 Boot (0x1200) (6e702aac126816fd611d6db2d1b364e0) \Device\Harddisk0\DR0\Partition1
2011/08/07 15:53:48.0468 4040 Boot (0x1200) (a718a647776a9c6084535e18a0eada66) \Device\Harddisk1\DR1\Partition0
2011/08/07 15:53:48.0484 4040 ================================================================================
2011/08/07 15:53:48.0484 4040 Scan finished
2011/08/07 15:53:48.0484 4040 ================================================================================
2011/08/07 15:53:48.0484 4968 Detected object count: 2
2011/08/07 15:53:48.0484 4968 Actual detected object count: 2
2011/08/07 15:54:34.0828 4968 LockedFile.Multi.Generic(dtscsi) - User select action: Skip
2011/08/07 15:54:34.0828 4968 LockedFile.Multi.Generic(sptd) - User select action: Skip

#10
TheFrommClub

Posted 07 August 2011 - 05:21 PM

New Member

Topic Starter
Member
8 posts

I just reran IoBit and it no longer finds the Backdoor Trojan. Right after first posting this thread I disabled the ctfmon.exe file using a New Hash Rule using gpedit.msc. The second OFT log I posted was after running this rule. Could this have cured the problem? The ctfmon.exe is known for being used by backdoor trojans.

#11
Homburg

Posted 08 August 2011 - 11:36 AM

Trusted Helper

Malware Removal
665 posts

Hi,

I'd like to do a further check on your MBR, can you please do the following:

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Homburg

#12
TheFrommClub

Posted 08 August 2011 - 08:12 PM

New Member

Topic Starter
Member
8 posts

Hi,

FYI, I ran IoBit scan earlier today and it still does not detect any malware including the Backdoor.Trojan. However the computer now just shuts down and reboots unexpectedly - twice today when working on Word dcouments, a side effect of the absense of ctfmon.exe?

I ran aswMBR.exe and this is the log file:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000dfcc

Kernel Drivers (total 221):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF74E3000 splx.sys
0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF74CB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF749D000 ACPI.sys
0xF748C000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 aliide.sys
0xF798D000 cmdide.sys
0xF798F000 toside.sys
0xF7991000 viaide.sys
0xF7993000 intelide.sys
0xF7607000 MountMgr.sys
0xF7858000 ftdisk.sys
0xF7995000 dmload.sys
0xF7832000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF789B000 cpqarray.sys
0xF796F000 atapi.sys
0xF789F000 aha154x.sys
0xF7717000 sparrow.sys
0xF78A3000 symc810.sys
0xF7627000 aic78xx.sys
0xF78A7000 dac960nt.sys
0xF7637000 ql10wnt.sys
0xF78AB000 amsint.sys
0xF771F000 asc.sys
0xF78AF000 asc3550.sys
0xF7727000 mraid35x.sys
0xF772F000 i2omp.sys
0xF78B3000 ini910u.sys
0xF7647000 ql1240.sys
0xF7657000 aic78u2.sys
0xF7737000 symc8xx.sys
0xF773F000 sym_hi.sys
0xF7747000 sym_u3.sys
0xF774F000 ABP480N5.SYS
0xF7757000 asc3350p.sys
0xF7997000 cd20xrnt.sys
0xF7667000 ultra.sys
0xBA7E7000 adpu160m.sys
0xF775F000 dpti2o.sys
0xF7677000 ql1080.sys
0xF7687000 ql1280.sys
0xF7697000 ql12160.sys
0xF7767000 perc2.sys
0xF7999000 perc2hib.sys
0xF776F000 hpn.sys
0xF78B7000 cbidf2k.sys
0xBA71B000 dac2w2k.sys
0xF76A7000 disk.sys
0xF76B7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA6FB000 fltmgr.sys
0xBA6E9000 sr.sys
0xBA6D2000 KSecDD.sys
0xF78BB000 eufs.sys
0xBA645000 Ntfs.sys
0xBA618000 NDIS.sys
0xF76C7000 viaagp.sys
0xF7777000 speedfan.sys
0xF799B000 SmartDefragDriver.sys
0xF76D7000 sisagp.sys
0xF777F000 sfhlp02.sys
0xBA606000 sfdrv01.sys
0xF76E7000 sbp2port.sys
0xF76F7000 ohci1394.sys
0xF747C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA54C000 Mup.sys
0xF7A50000 giveio.sys
0xF7787000 EUBKMON.sys
0xF778F000 eubakup.sys
0xF7797000 avgrkx86.sys
0xF78BF000 AVGIDSEH.Sys
0xF746C000 agp440.sys
0xF745C000 alim1541.sys
0xF744C000 amdagp.sys
0xF743C000 agpCPQ.sys
0xF740C000 \SystemRoot\system32\DRIVERS\SMBios.sys
0xF7877000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB948E000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB947A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9452000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB940A000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB93E6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77FF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB93A9000 \SystemRoot\system32\drivers\A88VidBB.sys
0xBA7D7000 \SystemRoot\system32\drivers\STREAM.SYS
0xB9386000 \SystemRoot\system32\drivers\ks.sys
0xBA41C000 \SystemRoot\system32\drivers\A88AudBB.sys
0xB933D000 \SystemRoot\system32\drivers\A88EncBB.sys
0xB9329000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA7C7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA418000 \SystemRoot\system32\DRIVERS\pelps2m.sys
0xB9C0B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA7B7000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9C03000 \SystemRoot\system32\DRIVERS\intelsmb.sys
0xB92DF000 \SystemRoot\System32\Drivers\ais3unit.SYS
0xB9295000 \SystemRoot\System32\Drivers\dtscsi.sys
0xB9B18000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA777000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0xBA767000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9AA4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB927E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA757000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA747000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF781F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB926D000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA5E6000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA544000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA53C000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA534000 \SystemRoot\system32\DRIVERS\taphss.sys
0xB923D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA5F6000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA52C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79E7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB91DF000 \SystemRoot\system32\DRIVERS\update.sys
0xB9A8C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA470000 \SystemRoot\system32\drivers\WmBEnum.sys
0xBA5D6000 \SystemRoot\system32\drivers\WmXlCore.sys
0xB91B2000 \??\C:\WINDOWS\system32\drivers\eudisk.sys
0xBA5C6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA5B6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA51C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA5A6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB0E9C000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB0E78000 \SystemRoot\system32\drivers\portcls.sys
0xBA576000 \SystemRoot\system32\drivers\drmk.sys
0xBA566000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A03000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF742C000 \SystemRoot\system32\drivers\A88TunBB.sys
0xBA420000 \SystemRoot\system32\drivers\A88BarBB.sys
0xBA504000 \SystemRoot\system32\DRIVERS\pelmouse.sys
0xB91AA000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB9D77000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xADE01000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF79ED000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB99D5000 \SystemRoot\System32\Drivers\Null.SYS
0xF79EF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79F1000 \SystemRoot\system32\DRIVERS\Amfilter.sys
0xF77EF000 \SystemRoot\System32\drivers\vga.sys
0xF79F3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xADD79000 \SystemRoot\system32\DRIVERS\vnet558x.sys
0xF79F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB9BFB000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB9BF3000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA3B4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xADD66000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xADD0D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xADCC6000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xADCA0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9D37000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xADC78000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9BEB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB9D27000 \SystemRoot\system32\DRIVERS\dc3d.sys
0xB9D17000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xADC07000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xADE38000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xADBBD000 \SystemRoot\System32\drivers\afd.sys
0xB9D07000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF741C000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xADAA2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xADA32000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xADA1E000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0xB915A000 \SystemRoot\System32\Drivers\Fips.SYS
0xB0E50000 \??\C:\WINDOWS\system32\drivers\eudskacs.sys
0xB99BA000 \SystemRoot\System32\Drivers\BANTExt.sys
0xAD9E2000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xB9BDB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xADBF3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB914A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xADBE3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xADBDF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAD920000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB90FA000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAD908000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB9A40000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xADADD000 \SystemRoot\System32\drivers\Dxapi.sys
0xADDD9000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A7F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF182000 \SystemRoot\System32\atiok3x2.dll
0xBF1CD000 \SystemRoot\System32\ati3duag.dll
0xBF572000 \SystemRoot\System32\ativvaxx.dll
0xBF9C6000 \SystemRoot\System32\ATMFD.DLL
0xAB5C8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF79BB000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xADDF1000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xAAF1F000 \SystemRoot\System32\Drivers\HTTP.sys
0xAADCF000 \SystemRoot\system32\drivers\wdmaud.sys
0xAB208000 \SystemRoot\system32\drivers\sysaudio.sys
0xAAEFB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAABE4000 \SystemRoot\system32\DRIVERS\srv.sys
0xF79E1000 \SystemRoot\system32\drivers\MSPQM.sys
0xAAB8C000 \??\C:\WINDOWS\system32\drivers\osaio.sys
0xAAB4C000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xBA4FC000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xAA610000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xADDC1000 \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
0xA96DB000 \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
0xAB3E4000 \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
0xAD9D6000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB9BCB000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xADDE9000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xA9A5C000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xAB5F4000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF79CD000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0xA91B3000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 82):
0 System Idle Process
4 System
1728 C:\WINDOWS\system32\smss.exe
1840 csrss.exe
1872 C:\WINDOWS\system32\winlogon.exe
1916 C:\WINDOWS\system32\services.exe
1928 C:\WINDOWS\system32\lsass.exe
312 C:\WINDOWS\system32\ati2evxx.exe
324 C:\WINDOWS\system32\svchost.exe
396 svchost.exe
436 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
504 C:\WINDOWS\system32\svchost.exe
768 svchost.exe
808 C:\WINDOWS\system32\ati2evxx.exe
1456 C:\WINDOWS\system32\svchost.exe
1512 C:\WINDOWS\system32\spoolsv.exe
1592 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
1616 C:\PROGRA~1\SpeedFan\speedfan.exe
1384 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1692 C:\Program Files\Bonjour\mDNSResponder.exe
1748 C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
220 C:\WINDOWS\ehome\ehrecvr.exe
460 C:\WINDOWS\ehome\ehSched.exe
720 C:\WINDOWS\system32\svchost.exe
1020 C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe
2064 C:\WINDOWS\system32\inetsrv\inetinfo.exe
2136 C:\Program Files\Java\jre6\bin\jqs.exe
2212 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
2356 C:\Program Files\AVG\AVG10\avgnsx.exe
2728 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
2744 C:\WINDOWS\ehome\RMSvc.exe
3060 svchost.exe
3076 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
3196 C:\Program Files\AVG\AVG10\avgchsvx.exe
3200 C:\Program Files\AVG\AVG10\avgrsx.exe
3212 C:\WINDOWS\system32\svchost.exe
3400 svchost.exe
3752 C:\Program Files\AVG\AVG10\avgcsrvx.exe
3808 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2772 McrdSvc.exe
3116 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
2656 C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
1964 C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
3948 C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
2396 C:\WINDOWS\explorer.exe
2840 C:\WINDOWS\system32\dllhost.exe
976 alg.exe
1080 C:\Program Files\AVG\AVG10\avgtray.exe
4652 C:\Program Files\Microsoft IntelliType Pro\itype.exe
4780 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
4852 C:\Program Files\Intel\Intel Desktop Utilities\iptray.exe
5084 C:\Program Files\Logitech\G-series Software\LGDCore.exe
5120 C:\Program Files\Logitech\G-series Software\LCDMon.exe
5184 C:\Program Files\iTunes\iTunesHelper.exe
5220 C:\WINDOWS\ehome\ehtray.exe
5244 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
5320 C:\WINDOWS\zHotkey.exe
5392 C:\Program Files\Microsoft Security Client\msseces.exe
5496 C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
5492 C:\Program Files\Real\realplayer\Update\realsched.exe
5576 C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
5732 C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
5768 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
5804 C:\WINDOWS\ehome\ehmsas.exe
5864 C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
5004 C:\Program Files\iPod\bin\iPodService.exe
2044 C:\PROGRA~1\SpeedFan\speedfan.exe
4776 C:\Program Files\Internet Explorer\iexplore.exe
5844 C:\Program Files\Internet Explorer\iexplore.exe
5256 C:\Program Files\Internet Explorer\iexplore.exe
6028 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
5052 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
864 C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
6848 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
7036 wmiprvse.exe
7756 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
7220 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
9748 C:\Program Files\Real\realplayer\realplay.exe
9216 C:\Program Files\Real\realplayer\realplay.exe
6256 C:\Program Files\Real\realplayer\realplay.exe
8844 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
6940 C:\Program Files\Real\RealUpgrade\realupgrade.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`1fc91600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
\\.\P: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JD-22HBB0, Rev: 08.02D08
PhysicalDrive1 Model Number: Maxtor3H500F0, Rev: HA431DD0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Gateway MBR code detected
SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD
465 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

End of log file.

Good luck and thanks again for the help.
Derek

#13
Homburg

Posted 09 August 2011 - 12:03 PM

Trusted Helper

Malware Removal
665 posts

Hi,

Your MBR is ok, the problem you're having with office is most likely to do with the ctfmon.exe file, can you please return it to its previous state. You can read about what it does here.

Please do the following:

Step 1:

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.

Step 2:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Step 3:

Please remember to post both the MalwareBytes and E-Set scan logs.

Homburg

#14
TheFrommClub

Posted 09 August 2011 - 04:38 PM

New Member

Topic Starter
Member
8 posts

Do you want me to restore the cftmon.exe before running MalWarebytes and ESET. ? If so should I inactivate like the link you suggest says? I ran both Malwarebytes and ESET before and they did not find the Trojan.