Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

search engine redirects and virus scans won't run


  • This topic is locked This topic is locked

#1
dmills

dmills

    Member

  • Member
  • PipPip
  • 28 posts
All google and bing searches are redirected to malware sites. My already installed virus scan stopped working. None of the online virus scans I've found have run successfully. I went through the 'how to fix google redirects' guide on this site and it didn't fix the problem. Also, my Firewall has been asking me whether to block or unblock lots of seemingly benign processes.


OTL logfile created on: 9/19/2011 11:55:10 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\David Mills\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.11% Memory free
3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.34 Gb Total Space | 52.42 Gb Free Space | 60.72% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: D82M1C4 | User Name: David Mills | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\614960880:259086555.exe
PRC - [2011/09/19 11:46:22 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\David Mills\Local Settings\Temp\clclean.0001
PRC - [2011/09/19 11:06:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTL.exe
PRC - [2011/09/14 18:14:34 | 000,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe
PRC - [2011/09/14 10:57:57 | 000,345,696 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe
PRC - [2011/09/14 09:28:25 | 000,385,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2011/09/14 09:28:12 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2011/09/14 09:28:11 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2011/09/14 09:28:10 | 000,053,248 | ---- | M] () -- C:\Program Files\InFocus\LiteShow II\TLA\ifclsmrsvc.exe
PRC - [2011/09/14 09:28:08 | 000,071,680 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2011/09/08 11:27:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010/10/29 15:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/08/14 18:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 18:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 18:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/14 13:18:05 | 000,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/11/09 16:03:42 | 000,923,216 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe
PRC - [2006/11/01 11:08:24 | 000,321,040 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
PRC - [2006/05/24 19:28:28 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/03/25 00:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/10/31 11:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/19 11:46:22 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\David Mills\Local Settings\Temp\clclean.0001.dir.0001\~df394b.tmp
MOD - [2011/09/14 09:28:10 | 000,053,248 | ---- | M] () -- C:\Program Files\InFocus\LiteShow II\TLA\ifclsmrsvc.exe
MOD - [2011/09/08 11:27:42 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/02 12:39:06 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/10/02 03:14:47 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3fd2f1db\mscorlib.dll
MOD - [2010/10/02 03:14:39 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_279a3f38\system.drawing.dll
MOD - [2010/10/02 03:14:16 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_912edabb\system.xml.dll
MOD - [2010/10/02 03:14:02 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_17935942\system.windows.forms.dll
MOD - [2010/10/02 03:13:31 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b3df9e91\system.dll
MOD - [2010/10/02 03:13:12 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/10/02 03:13:09 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/12/20 20:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/08/14 18:22:36 | 000,112,912 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2008/08/14 18:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/08/14 18:13:30 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2008/08/14 18:13:08 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
MOD - [2008/08/14 18:13:08 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
MOD - [2008/08/14 18:12:10 | 000,167,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\EFVal.dll
MOD - [2008/08/14 18:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2008/08/14 18:11:48 | 000,345,872 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
MOD - [2008/07/26 09:24:04 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/11/21 14:17:56 | 000,198,232 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security 14\tmdbg.dll
MOD - [2006/11/14 13:18:05 | 000,574,976 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
MOD - [2006/11/14 13:18:05 | 000,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
MOD - [2006/11/14 13:18:05 | 000,111,616 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
MOD - [2006/11/09 16:03:42 | 000,923,216 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe
MOD - [2006/11/01 11:08:20 | 000,083,472 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEHook.dll
MOD - [2006/09/13 02:21:26 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/06/29 07:12:00 | 001,355,042 | ---- | M] () -- C:\WINDOWS\system32\CTMBHA.DLL
MOD - [2006/05/24 19:29:44 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2005/08/16 22:02:54 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2005/08/16 22:02:54 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005/08/16 22:02:54 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2005/08/16 22:02:54 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2005/08/16 22:02:54 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/14 18:14:34 | 000,566,872 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy)
SRV - [2011/09/14 10:57:57 | 000,345,696 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv)
SRV - [2011/09/14 09:28:27 | 001,475,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2011/09/14 09:28:25 | 000,385,024 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2011/09/14 09:28:12 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2011/09/14 09:28:11 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2011/09/14 09:28:10 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\InFocus\LiteShow II\TLA\ifclsmrsvc.exe -- (InFocus Mirror Driver Service)
SRV - [2011/09/14 09:28:08 | 000,071,680 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2011/09/14 09:28:05 | 000,352,768 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2006/11/09 16:03:42 | 000,923,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2008/11/26 18:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/11/26 18:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/11/26 18:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/07/26 10:26:56 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 10:26:44 | 004,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2008/07/26 10:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 10:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 09:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/05/21 15:21:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/12 12:52:54 | 000,025,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PC2TV.sys -- (PC2TV)
DRV - [2007/04/12 12:48:00 | 000,025,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PC2TVMirror.sys -- (PC2TVMirror)
DRV - [2007/04/04 19:24:32 | 000,038,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PC2TVAudio.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2007/01/15 14:48:26 | 000,006,784 | ---- | M] (DataWizard Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Extegrity\Exam4\Sockblkd.sys -- (Sockblkd)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/09 16:04:20 | 000,280,392 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2006/11/09 16:04:20 | 000,073,288 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2006/09/13 02:21:32 | 000,563,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/05/24 19:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 19:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 19:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 19:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 19:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 19:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 18:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 18:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/05/23 15:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/25 00:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/04 03:25:22 | 000,386,560 | ---- | M] (Lumanate, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AngelUsb.sys -- (AngelUsb)
DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/10/14 16:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 16:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 16:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 04:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 04:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 04:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/25 10:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 11:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 11:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/10/19 10:07:22 | 000,009,728 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 13:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=4061114
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...us&ibd=4061114"
FF - prefs.js..extensions.enabledItems: {D8E79D24-70A0-4A88-9D1B-48C1CA7C4041}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\David Mills\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\David Mills\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\David Mills\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\David Mills\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\David Mills\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\David Mills\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 11:27:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/01 22:17:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011/08/29 22:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\David Mills\Application Data\Move Networks [2011/05/03 13:11:33 | 000,000,000 | ---D | M]

[2010/12/13 16:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Extensions
[2011/09/01 22:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\extensions
[2011/01/03 00:42:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/01 22:08:09 | 000,000,000 | ---D | M] (Test Pilot) -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\extensions\[email protected]
[2011/09/09 05:26:12 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\searchplugins\amazon-search-suggestions.xml
[2010/12/14 12:16:51 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\searchplugins\webster.xml
[2011/09/01 22:02:24 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\searchplugins\youtube.xml
[2011/09/01 22:17:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/24 08:33:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/26 23:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 14:44:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DAVID MILLS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3NQIHZ1A.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/01/24 08:32:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/08 11:27:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/30 14:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/19 11:31:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe (Dell Inc)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKCU..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Uwoyul] rundll32.exe "C:\WINDOWS\conscar.dll",Startup File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.70 192.168.1.200 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C20278-9A94-46A0-B095-1E77756D1615}: DhcpNameServer = 192.168.0.70 192.168.1.200 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\David Mills\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Mills\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{8000f9ea-63fd-11dd-9e07-0016cfd89605}\Shell\AutoRun\command - "" = G:\WD_Windows_Tools\Setup.exe
O33 - MountPoints2\{8ec53fa5-702a-11e0-9f6e-0016cfd89605}\Shell - "" = AutoRun
O33 - MountPoints2\{8ec53fa5-702a-11e0-9f6e-0016cfd89605}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ec53fa5-702a-11e0-9f6e-0016cfd89605}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{a86691e4-1cbe-11df-9eb6-0016cfd89605}\Shell - "" = AutoRun
O33 - MountPoints2\{a86691e4-1cbe-11df-9eb6-0016cfd89605}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a86691e4-1cbe-11df-9eb6-0016cfd89605}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a86691e6-1cbe-11df-9eb6-0016cfd89605}\Shell - "" = AutoRun
O33 - MountPoints2\{a86691e6-1cbe-11df-9eb6-0016cfd89605}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a86691e6-1cbe-11df-9eb6-0016cfd89605}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/09/19 11:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Desktop\GooredFix Backups
[2011/09/19 11:39:46 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\David Mills\Desktop\GooredFix.exe
[2011/09/19 11:31:16 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/19 11:28:34 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTM.exe
[2011/09/19 11:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/09/19 11:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/19 11:27:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\David Mills\Desktop\erunt-setup.exe
[2011/09/19 11:06:12 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTL.exe
[2011/09/19 09:07:09 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/09/16 14:41:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\audiences
[2011/09/16 14:41:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\plugins
[2011/09/16 14:41:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\common
[2011/09/16 14:41:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\codecs
[2011/09/16 14:41:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\tools
[2011/09/16 14:41:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin
[2011/09/16 14:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\mycodec
[2011/09/16 14:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\MyVideoConverter
[2011/09/15 10:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Desktop\System Cleaner
[2011/09/15 10:19:45 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/15 10:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Application Data\Malwarebytes
[2011/09/15 10:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/15 10:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/15 10:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/09/15 10:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/09/14 16:18:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/13 15:56:28 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\David Mills\Desktop\TDSSKiller.exe
[2011/09/08 12:15:43 | 000,000,000 | ---D | C] -- C:\CFdownloads
[2011/09/08 12:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\CinemaForge
[2011/09/08 12:13:57 | 001,577,792 | ---- | C] (XMLAuthor Inc.) -- C:\WINDOWS\screengenie.scr
[2011/09/05 19:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter
[2011/09/01 04:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Desktop\Perspectives

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/09/19 11:46:20 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/19 11:46:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\614960880
[2011/09/19 11:46:19 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_51360.nl_
[2011/09/19 11:46:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/19 11:46:14 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/19 11:39:46 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\David Mills\Desktop\GooredFix.exe
[2011/09/19 11:31:20 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/19 11:28:34 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTM.exe
[2011/09/19 11:27:51 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\David Mills\Desktop\ERUNT.lnk
[2011/09/19 11:27:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\David Mills\Desktop\erunt-setup.exe
[2011/09/19 11:27:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1140566235-3509994432-3968527538-1006UA.job
[2011/09/19 11:09:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/19 11:06:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTL.exe
[2011/09/19 09:35:52 | 000,616,032 | ---- | M] () -- C:\WINDOWS\umcat_01.db
[2011/09/19 09:06:14 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\housecall.guid.cache
[2011/09/16 14:45:46 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/15 21:27:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1140566235-3509994432-3968527538-1006Core.job
[2011/09/15 15:52:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/09/15 15:52:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/09/15 10:19:56 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/15 10:02:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/15 08:22:38 | 046,249,416 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/09/14 09:25:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/13 15:56:28 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\David Mills\Desktop\TDSSKiller.exe
[2011/09/12 16:01:26 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/04 09:40:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/01 22:17:10 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/01 22:17:10 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/01 14:41:42 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\winscp.rnd
[2011/08/26 15:32:55 | 000,699,603 | ---- | M] () -- C:\Documents and Settings\David Mills\My Documents\Perspectives Coordinator Training Manual.pdf
[2011/08/25 03:01:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/24 23:09:49 | 000,001,590 | ---- | M] () -- C:\Documents and Settings\David Mills\Desktop\leaders 2011.csv

========== Files Created - No Company Name ==========

[2011/09/19 11:46:19 | 000,048,016 | -HS- | C] () -- C:\WINDOWS\System32\c_51360.nl_
[2011/09/19 11:27:51 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\David Mills\Desktop\ERUNT.lnk
[2011/09/19 09:35:35 | 000,616,032 | ---- | C] () -- C:\WINDOWS\umcat_01.db
[2011/09/19 09:06:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\housecall.guid.cache
[2011/09/15 11:53:56 | 2145,845,248 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/15 10:33:58 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\David Mills\sysclean.bat
[2011/09/15 10:02:00 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/12 16:01:26 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/12 15:59:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\614960880
[2011/09/01 22:17:10 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/26 15:32:55 | 000,699,603 | ---- | C] () -- C:\Documents and Settings\David Mills\My Documents\Perspectives Coordinator Training Manual.pdf
[2011/06/21 13:23:04 | 000,228,998 | ---- | C] () -- C:\WINDOWS\hpwins23.dat
[2011/06/21 13:23:04 | 000,002,075 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat
[2010/10/28 13:23:13 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/10/02 22:37:28 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ovahesufiyasomiz.dat
[2010/10/02 22:37:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pyumazozahuy.bin
[2010/09/20 11:47:42 | 000,186,843 | ---- | C] () -- C:\WINDOWS\hpwins23.dat.temp
[2010/09/20 11:47:42 | 000,001,501 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat.temp
[2010/08/19 14:38:28 | 000,062,537 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2010/08/19 14:25:30 | 000,061,374 | ---- | C] () -- C:\WINDOWS\hpqins18.dat
[2010/08/19 14:06:47 | 000,060,732 | ---- | C] () -- C:\WINDOWS\hpqins11.dat
[2010/05/17 10:33:00 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat.temp
[2010/05/06 19:39:54 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/07 16:26:05 | 000,037,925 | ---- | C] () -- C:\Documents and Settings\David Mills\Application Data\Comma Separated Values (Windows).ADR
[2010/02/05 11:32:04 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\David Mills\Application Data\winscp.rnd
[2009/12/20 20:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/09/10 09:10:56 | 000,061,172 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/25 16:43:33 | 000,002,984 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/25 16:43:33 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A930A33F8C.sys
[2009/05/16 14:49:07 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2009/02/12 23:42:20 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/12/26 11:41:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/26 09:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/08/15 21:20:14 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\David Mills\Application Data\$_hpcst$.hpc
[2007/05/29 08:01:43 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/22 11:27:52 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/04/26 06:01:59 | 046,249,416 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2007/04/22 04:59:40 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/12 12:52:54 | 000,128,000 | ---- | C] () -- C:\WINDOWS\System32\PC2TV.dll
[2007/04/12 12:52:54 | 000,025,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\PC2TV.sys
[2007/04/12 12:48:00 | 000,128,000 | ---- | C] () -- C:\WINDOWS\System32\PC2TVMirror.dll
[2007/04/12 12:48:00 | 000,025,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\PC2TVMirror.sys
[2007/04/04 19:24:32 | 000,038,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\PC2TVAudio.sys
[2006/11/22 08:45:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/22 02:20:22 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\fusioncache.dat
[2006/11/14 13:32:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/14 13:23:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/14 13:15:30 | 000,000,360 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/14 13:14:24 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/14 13:08:58 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/11/14 13:08:35 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2006/11/14 13:08:18 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/11/14 13:06:32 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/11/14 13:03:07 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/14 13:03:06 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/11/14 13:03:05 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/14 12:39:04 | 000,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2006/11/14 12:39:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2006/11/14 12:38:50 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/11/14 12:38:30 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/11/14 12:38:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/11/14 12:38:14 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/11/14 12:37:46 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 19:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 05:27:59 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 05:18:33 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/16 05:18:33 | 000,471,528 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 05:18:33 | 000,084,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 05:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/04 20:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/09/23 07:14:42 | 001,099,264 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2003/08/10 09:59:20 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2003/08/08 19:28:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/20 14:09:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/05/24 07:46:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/02/23 16:34:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[1996/02/22 14:09:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll

========== LOP Check ==========

[2010/07/27 17:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/07/11 09:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/14 13:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/11/15 13:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 08:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/12 09:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\BitZipper
[2011/04/02 07:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\FreeFLVConverter
[2009/08/18 12:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\InfraRecorder
[2011/05/30 09:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\IObit
[2007/05/29 08:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\Leadertech
[2011/09/01 12:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\PrimoPDF
[2011/05/30 09:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\Systweak
[2007/07/11 09:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\Viewpoint
[2011/09/15 10:02:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\David Mills\My Documents\Gershwin Prelude no. 2.pdf:DocumentSummaryInformation
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\David Mills\My Documents\Gershwin Prelude no. 2.pdf:SummaryInformation
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\David Mills\My Documents\Gershwin Prelude no. 1.pdf:SummaryInformation

< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Please perform the following steps below so I can have a look at the current condition of your machine.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

  • 0

#3
dmills

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
This version of Windows came installed on my machine and, I'm fairly certain, without an installation disc but I have my original drivers disk and the original system restore disc.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-19 13:31:42
-----------------------------
13:31:42.156 OS Version: Windows 5.1.2600 Service Pack 3
13:31:42.156 Number of processors: 2 586 0xF06
13:31:42.156 ComputerName: D82M1C4 UserName:
13:31:44.390 Initialize success
13:34:45.765 AVAST engine defs: 11091900
13:35:09.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:35:09.796 Disk 0 Vendor: Hitachi_HTS721010G9SA00 MCZOC10H Size: 95396MB BusType: 3
13:35:11.828 Disk 0 MBR read successfully
13:35:11.828 Disk 0 MBR scan
13:35:11.906 Disk 0 unknown MBR code
13:35:11.906 Disk 0 scanning sectors +195366465
13:35:12.000 Disk 0 scanning C:\WINDOWS\system32\drivers
13:35:36.953 File: C:\WINDOWS\system32\drivers\tmtdi.sys **INFECTED** Win32:Alureon-AJI [Rtk]
13:35:40.484 Service scanning
13:35:41.578 Service f08ea724 C:\WINDOWS\614960880:259086555.exe **LOCKED** 5
13:35:42.343 Modules scanning
13:35:45.593 Module: C:\WINDOWS\system32\DRIVERS\tmtdi.sys **SUSPICIOUS**
13:36:18.156 Disk 0 trace - called modules:
13:36:18.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x871384a0]<<
13:36:18.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a889ab8]
13:36:18.203 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a456f08]
13:36:18.218 \Driver\00002173[0x8a4ef4e0] -> IRP_MJ_CREATE -> 0x871384a0
13:36:18.718 AVAST engine scan C:\WINDOWS
13:36:30.734 AVAST engine scan C:\WINDOWS\system32
13:39:54.546 AVAST engine scan C:\WINDOWS\system32\drivers
13:40:20.750 File: C:\WINDOWS\system32\drivers\tmtdi.sys **INFECTED** Win32:Alureon-AJI [Rtk]
13:40:25.609 AVAST engine scan C:\Documents and Settings\David Mills
13:45:58.906 AVAST engine scan C:\Documents and Settings\All Users
13:48:33.843 Scan finished successfully
13:49:06.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David Mills\Desktop\MBR.dat"
13:49:06.515 The log file has been saved successfully to "C:\Documents and Settings\David Mills\Desktop\aswMBR.txt"
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please proceed with these steps:

Step 1

  • Please re-run aswMBR.exe.
  • Click Scan.
  • On completion of the scan click the Fix button.

    Posted Image
  • Save the log as before and post in your next reply.

Step 2

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

When completed the above, please post back the following in the order asked for:
  • aswMBR log
  • TDSSKiller log

  • 0

#5
dmills

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I reran ansMBR.exe but when the scan completed, the Fix button was grayed out.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-19 13:31:42
-----------------------------
13:31:42.156 OS Version: Windows 5.1.2600 Service Pack 3
13:31:42.156 Number of processors: 2 586 0xF06
13:31:42.156 ComputerName: D82M1C4 UserName:
13:31:44.390 Initialize success
13:34:45.765 AVAST engine defs: 11091900
13:35:09.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:35:09.796 Disk 0 Vendor: Hitachi_HTS721010G9SA00 MCZOC10H Size: 95396MB BusType: 3
13:35:11.828 Disk 0 MBR read successfully
13:35:11.828 Disk 0 MBR scan
13:35:11.906 Disk 0 unknown MBR code
13:35:11.906 Disk 0 scanning sectors +195366465
13:35:12.000 Disk 0 scanning C:\WINDOWS\system32\drivers
13:35:36.953 File: C:\WINDOWS\system32\drivers\tmtdi.sys **INFECTED** Win32:Alureon-AJI [Rtk]
13:35:40.484 Service scanning
13:35:41.578 Service f08ea724 C:\WINDOWS\614960880:259086555.exe **LOCKED** 5
13:35:42.343 Modules scanning
13:35:45.593 Module: C:\WINDOWS\system32\DRIVERS\tmtdi.sys **SUSPICIOUS**
13:36:18.156 Disk 0 trace - called modules:
13:36:18.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x871384a0]<<
13:36:18.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a889ab8]
13:36:18.203 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a456f08]
13:36:18.218 \Driver\00002173[0x8a4ef4e0] -> IRP_MJ_CREATE -> 0x871384a0
13:36:18.718 AVAST engine scan C:\WINDOWS
13:36:30.734 AVAST engine scan C:\WINDOWS\system32
13:39:54.546 AVAST engine scan C:\WINDOWS\system32\drivers
13:40:20.750 File: C:\WINDOWS\system32\drivers\tmtdi.sys **INFECTED** Win32:Alureon-AJI [Rtk]
13:40:25.609 AVAST engine scan C:\Documents and Settings\David Mills
13:45:58.906 AVAST engine scan C:\Documents and Settings\All Users
13:48:33.843 Scan finished successfully
13:49:06.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David Mills\Desktop\MBR.dat"
13:49:06.515 The log file has been saved successfully to "C:\Documents and Settings\David Mills\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-19 14:13:00
-----------------------------
14:13:00.546 OS Version: Windows 5.1.2600 Service Pack 3
14:13:00.546 Number of processors: 2 586 0xF06
14:13:00.546 ComputerName: D82M1C4 UserName:
14:13:02.390 Initialze error C000010E - driver not loaded
14:13:02.578 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
14:13:03.093 AVAST engine defs: 11091900
14:13:30.109 Service scanning
14:13:33.578 Service f08ea724 C:\WINDOWS\614960880:259086555.exe **LOCKED** 5
14:13:40.796 Modules scanning
14:13:40.796 Disk 0 trace - called modules:
14:13:40.796
14:13:41.468 AVAST engine scan C:\WINDOWS
14:13:57.046 AVAST engine scan C:\WINDOWS\system32
14:17:15.250 AVAST engine scan C:\WINDOWS\system32\drivers
14:17:39.593 File: C:\WINDOWS\system32\drivers\tmtdi.sys **INFECTED** Win32:Alureon-AJI [Rtk]
14:17:43.421 AVAST engine scan C:\Documents and Settings\David Mills
14:22:25.343 AVAST engine scan C:\Documents and Settings\All Users
14:24:00.718 Scan finished successfully
14:42:04.453 The log file has been saved successfully to "C:\Documents and Settings\David Mills\Desktop\aswMBR.txt"
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please do this:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please right click on Posted Image on your desktop and click on Run as administrator.
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
    PRC - File not found -- C:\WINDOWS\614960880:259086555.exe
      	
    :Files
    C:\WINDOWS\614960880:259086555.exe
    ipconfig /flushdns /c
    
    :Reg
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
dmills

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
When I right click and OTL and Run As... it asks the Administrator for a password. The program won't accept a blank password box, which is all I've ever used. My full name is the only other option in the drop-down box. When I go to user accounts in the Windows Control Panel, that name is listed as the Computer Administrator. May I use that name in the Run As administrator step? Otherwise, I have no idea how to get past the password screen as I've never created a specific Administrator password on this computer.
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please just run it by double-click on it.
  • 0

#9
dmills

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Now, every time I try to run the OTL.exe it freezes up in the middle of the process for hours. Every time after a few hours I've had to manually end the process and then restart my computer.
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Please skip OTL fix step and do the following:

Posted Image Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  • CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  • If you are using personal certificates I recommend you to export them before running ComboFix and save them to external media.
Please carefully follow all steps below:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes. ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofix. Use copy/paste.

Also please describe how your computer behaves at the moment.
  • 0

Advertisements


#11
dmills

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I downloaded ComboFix.exe and double-clicked the .exe file and it simply stopped mid extraction without warning. There were no messages or errors or anything. It just stopped. Then when I click on the ComboFix.exe icon on my Desktop it says, "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." I tried to delete ComboFix.exe from the Desktop to re-download and try again, but I'm not allowed to delete it. It says Access is denied. So then I tried downloading it again from the second site to my downloads folder, not the desktop and the very same thing happened. It began to extract, then simply stopped.
  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Try this:

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#13
dmills

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I followed the instructions exactly. I closed anti-virus and all browsers were closed. I renamed the file. This time when the file started extracting this error appeared: "Error opening file for writing: C:\32788R22FWJFW\iexplorer.exe" Click Abort to stop installation, Retry to try again, or Ignore to skip this file.
At first I clicked 'Retry' several times for a few minutes and the prompt kept popping up. Then I clicked 'Ignore' and the program began extracting files for a few more moments, then it stopped once again, just like before with no warnings or promptings or anything else. My computer didn't slow down or skip or anything. It just stopped. This time I didn't double click on the Combo-Fix.exe icon again. I just came directly back here to report.
  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Did you already tried with TDSSKiller? If not try it now. Please download new version of TDSSKiller if you already have it.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#15
dmills

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I ran TDSSKiller.

2011/09/20 15:15:45.0937 2820 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/20 15:15:46.0421 2820 ================================================================================
2011/09/20 15:15:46.0421 2820 SystemInfo:
2011/09/20 15:15:46.0421 2820
2011/09/20 15:15:46.0421 2820 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/20 15:15:46.0421 2820 Product type: Workstation
2011/09/20 15:15:46.0421 2820 ComputerName: D82M1C4
2011/09/20 15:15:46.0421 2820 UserName: David Mills
2011/09/20 15:15:46.0421 2820 Windows directory: C:\WINDOWS
2011/09/20 15:15:46.0421 2820 System windows directory: C:\WINDOWS
2011/09/20 15:15:46.0421 2820 Processor architecture: Intel x86
2011/09/20 15:15:46.0421 2820 Number of processors: 2
2011/09/20 15:15:46.0421 2820 Page size: 0x1000
2011/09/20 15:15:46.0421 2820 Boot type: Normal boot
2011/09/20 15:15:46.0421 2820 ================================================================================
2011/09/20 15:15:48.0515 2820 Initialize success
2011/09/20 15:16:06.0187 3204 ================================================================================
2011/09/20 15:16:06.0187 3204 Scan started
2011/09/20 15:16:06.0187 3204 Mode: Manual;
2011/09/20 15:16:06.0187 3204 ================================================================================
2011/09/20 15:16:07.0078 3204 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/20 15:16:07.0140 3204 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/20 15:16:07.0187 3204 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/20 15:16:07.0234 3204 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
2011/09/20 15:16:07.0312 3204 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/20 15:16:07.0453 3204 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/20 15:16:07.0562 3204 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/20 15:16:07.0593 3204 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/20 15:16:07.0687 3204 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/20 15:16:07.0750 3204 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/20 15:16:07.0859 3204 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/20 15:16:07.0921 3204 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/20 15:16:07.0984 3204 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/20 15:16:08.0046 3204 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/20 15:16:08.0093 3204 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/20 15:16:08.0187 3204 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/20 15:16:08.0281 3204 AngelUsb (b001ead648a3e8fa06af7c221a5c1a4e) C:\WINDOWS\system32\DRIVERS\AngelUsb.sys
2011/09/20 15:16:08.0421 3204 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/09/20 15:16:08.0500 3204 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/20 15:16:08.0562 3204 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/20 15:16:08.0625 3204 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/20 15:16:08.0703 3204 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/20 15:16:08.0781 3204 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/20 15:16:08.0906 3204 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/20 15:16:09.0015 3204 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/20 15:16:09.0218 3204 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/20 15:16:09.0312 3204 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/20 15:16:09.0406 3204 BCM43XX (48a376e100ba257cb9d761e38577904f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/09/20 15:16:09.0515 3204 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/09/20 15:16:09.0546 3204 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/20 15:16:09.0625 3204 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/09/20 15:16:09.0671 3204 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/09/20 15:16:09.0750 3204 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys
2011/09/20 15:16:09.0921 3204 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/09/20 15:16:10.0062 3204 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/09/20 15:16:10.0250 3204 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
2011/09/20 15:16:10.0343 3204 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/09/20 15:16:10.0421 3204 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/09/20 15:16:10.0500 3204 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/09/20 15:16:10.0578 3204 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/09/20 15:16:10.0750 3204 BVRPMPR5 (51b327292408b5f3a42e295bce055859) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/09/20 15:16:10.0843 3204 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/20 15:16:10.0890 3204 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/20 15:16:10.0953 3204 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/20 15:16:11.0000 3204 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/20 15:16:11.0062 3204 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/20 15:16:11.0140 3204 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/20 15:16:11.0234 3204 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/20 15:16:11.0343 3204 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/20 15:16:11.0421 3204 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/20 15:16:11.0453 3204 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/20 15:16:11.0546 3204 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/20 15:16:11.0640 3204 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/09/20 15:16:11.0750 3204 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
2011/09/20 15:16:11.0921 3204 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/20 15:16:12.0031 3204 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/20 15:16:12.0109 3204 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/20 15:16:12.0203 3204 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/20 15:16:12.0437 3204 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/20 15:16:12.0500 3204 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/20 15:16:12.0562 3204 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/20 15:16:12.0656 3204 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/20 15:16:12.0718 3204 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/20 15:16:12.0781 3204 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/09/20 15:16:12.0859 3204 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/09/20 15:16:13.0015 3204 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2011/09/20 15:16:13.0203 3204 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/20 15:16:13.0312 3204 EuMusDesignVirtualAudioCableWdm (0531fc85e96822d60d3e41f30f075fc2) C:\WINDOWS\system32\DRIVERS\PC2TVAudio.sys
2011/09/20 15:16:13.0390 3204 f08ea724 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\614960880:259086555.exe
2011/09/20 15:16:13.0718 3204 Suspicious file (Hidden): C:\WINDOWS\614960880:259086555.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/09/20 15:16:13.0718 3204 f08ea724 - detected HiddenFile.Multi.Generic (1)
2011/09/20 15:16:13.0859 3204 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/20 15:16:13.0937 3204 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/20 15:16:14.0015 3204 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/09/20 15:16:14.0078 3204 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/20 15:16:14.0140 3204 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/20 15:16:14.0187 3204 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/20 15:16:14.0265 3204 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/20 15:16:14.0437 3204 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/20 15:16:14.0531 3204 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/20 15:16:14.0609 3204 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/20 15:16:14.0687 3204 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/20 15:16:14.0734 3204 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/20 15:16:14.0906 3204 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/20 15:16:15.0015 3204 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/20 15:16:15.0109 3204 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/20 15:16:15.0187 3204 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/20 15:16:15.0265 3204 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/09/20 15:16:15.0343 3204 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/09/20 15:16:15.0625 3204 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/20 15:16:15.0671 3204 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/20 15:16:15.0734 3204 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/20 15:16:15.0781 3204 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/20 15:16:15.0859 3204 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/20 15:16:15.0953 3204 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/20 15:16:16.0015 3204 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/20 15:16:16.0156 3204 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/20 15:16:16.0187 3204 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/20 15:16:16.0250 3204 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/20 15:16:16.0312 3204 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/20 15:16:16.0390 3204 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/20 15:16:16.0421 3204 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/20 15:16:16.0484 3204 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/20 15:16:16.0671 3204 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/20 15:16:16.0843 3204 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/20 15:16:16.0875 3204 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/20 15:16:16.0921 3204 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/20 15:16:16.0953 3204 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/20 15:16:17.0015 3204 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/09/20 15:16:17.0171 3204 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/09/20 15:16:17.0250 3204 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/09/20 15:16:17.0406 3204 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/09/20 15:16:17.0859 3204 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/20 15:16:17.0937 3204 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/09/20 15:16:17.0984 3204 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/20 15:16:18.0062 3204 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/20 15:16:18.0156 3204 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
2011/09/20 15:16:18.0421 3204 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/20 15:16:18.0500 3204 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/20 15:16:18.0562 3204 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/20 15:16:18.0640 3204 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/20 15:16:18.0703 3204 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/20 15:16:18.0796 3204 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/20 15:16:18.0953 3204 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/20 15:16:19.0015 3204 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/20 15:16:19.0046 3204 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/20 15:16:19.0093 3204 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/20 15:16:19.0156 3204 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/20 15:16:19.0218 3204 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/20 15:16:19.0359 3204 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/20 15:16:19.0406 3204 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/20 15:16:19.0500 3204 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/20 15:16:19.0578 3204 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/20 15:16:19.0656 3204 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/20 15:16:19.0671 3204 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/20 15:16:19.0828 3204 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/20 15:16:19.0921 3204 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/20 15:16:19.0937 3204 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/20 15:16:20.0015 3204 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/20 15:16:20.0093 3204 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/20 15:16:20.0140 3204 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/20 15:16:20.0203 3204 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/20 15:16:20.0390 3204 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/20 15:16:20.0500 3204 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/20 15:16:20.0718 3204 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/20 15:16:20.0781 3204 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/20 15:16:20.0859 3204 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/20 15:16:20.0921 3204 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/09/20 15:16:20.0968 3204 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/09/20 15:16:21.0109 3204 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/20 15:16:21.0296 3204 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/20 15:16:21.0359 3204 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/20 15:16:21.0453 3204 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/20 15:16:21.0531 3204 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/20 15:16:21.0578 3204 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/20 15:16:21.0718 3204 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/20 15:16:21.0796 3204 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/20 15:16:21.0890 3204 PfModNT (ede8241b75dadef090aadb6c81c8e1d7) C:\WINDOWS\system32\drivers\PfModNT.sys
2011/09/20 15:16:22.0093 3204 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/20 15:16:22.0140 3204 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/20 15:16:22.0187 3204 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/20 15:16:22.0265 3204 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/20 15:16:22.0375 3204 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/20 15:16:22.0437 3204 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/20 15:16:22.0500 3204 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/20 15:16:22.0656 3204 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/20 15:16:22.0718 3204 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/20 15:16:22.0812 3204 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/20 15:16:22.0875 3204 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/20 15:16:22.0937 3204 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/20 15:16:22.0984 3204 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/20 15:16:23.0046 3204 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/20 15:16:23.0109 3204 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/20 15:16:23.0156 3204 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/20 15:16:23.0250 3204 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/20 15:16:23.0421 3204 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/20 15:16:23.0515 3204 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/09/20 15:16:23.0562 3204 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/09/20 15:16:23.0609 3204 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/09/20 15:16:23.0750 3204 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/09/20 15:16:23.0828 3204 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/20 15:16:23.0890 3204 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/20 15:16:24.0031 3204 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/20 15:16:24.0093 3204 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/09/20 15:16:24.0156 3204 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/09/20 15:16:24.0187 3204 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/20 15:16:24.0250 3204 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/20 15:16:24.0328 3204 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/20 15:16:24.0406 3204 Sockblkd (02ab5ac03a1e66c8e8ed764ff8effc68) C:\Program Files\Extegrity\Exam4\Sockblkd.sys
2011/09/20 15:16:24.0593 3204 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/20 15:16:24.0671 3204 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/20 15:16:24.0718 3204 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/20 15:16:24.0890 3204 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/20 15:16:24.0937 3204 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/09/20 15:16:24.0984 3204 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/09/20 15:16:25.0109 3204 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/20 15:16:25.0312 3204 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/09/20 15:16:25.0375 3204 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/20 15:16:25.0437 3204 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/20 15:16:25.0484 3204 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/20 15:16:25.0562 3204 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/20 15:16:25.0625 3204 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/20 15:16:25.0656 3204 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/20 15:16:25.0750 3204 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/20 15:16:25.0859 3204 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/09/20 15:16:25.0937 3204 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/20 15:16:26.0015 3204 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/20 15:16:26.0078 3204 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/20 15:16:26.0125 3204 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/20 15:16:26.0218 3204 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/20 15:16:26.0312 3204 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/09/20 15:16:26.0375 3204 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/09/20 15:16:26.0421 3204 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/09/20 15:16:26.0468 3204 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
2011/09/20 15:16:26.0515 3204 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/09/20 15:16:26.0671 3204 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/09/20 15:16:26.0718 3204 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/09/20 15:16:26.0750 3204 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/09/20 15:16:26.0812 3204 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/09/20 15:16:26.0890 3204 tmcfw (3929c6784db38788d76a88d9c4043dee) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
2011/09/20 15:16:27.0000 3204 tmpreflt (0c89809f1df614bd42093a446b222a32) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
2011/09/20 15:16:27.0078 3204 tmtdi (1203db51234ddaed6b13dd64d54e33c2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2011/09/20 15:16:27.0093 3204 tmtdi - detected Rootkit.Win32.ZAccess.e (0)
2011/09/20 15:16:27.0156 3204 tmxpflt (3d473e97ff805dab903aa66f08286c90) C:\WINDOWS\system32\drivers\TmXPFlt.sys
2011/09/20 15:16:27.0234 3204 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/20 15:16:27.0296 3204 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/20 15:16:27.0343 3204 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/20 15:16:27.0421 3204 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/20 15:16:27.0578 3204 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/20 15:16:27.0640 3204 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/20 15:16:27.0703 3204 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/20 15:16:27.0750 3204 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/20 15:16:27.0859 3204 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/20 15:16:28.0000 3204 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/20 15:16:28.0062 3204 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/20 15:16:28.0125 3204 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/20 15:16:28.0171 3204 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/20 15:16:28.0250 3204 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/20 15:16:28.0312 3204 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/09/20 15:16:28.0453 3204 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/20 15:16:28.0515 3204 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/20 15:16:28.0578 3204 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/20 15:16:28.0625 3204 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/20 15:16:28.0750 3204 vsapint (50e1ea1dd3ea74919d7a1c5d6c9c0b56) C:\WINDOWS\system32\DRIVERS\vsapint.sys
2011/09/20 15:16:28.0984 3204 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/20 15:16:29.0078 3204 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/09/20 15:16:29.0156 3204 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/20 15:16:29.0281 3204 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/20 15:16:29.0578 3204 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/20 15:16:29.0625 3204 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/09/20 15:16:29.0703 3204 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/20 15:16:29.0750 3204 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
2011/09/20 15:16:29.0781 3204 Boot (0x1200) (01b2009c09ccf404384a3b6b2db466a9) \Device\Harddisk0\DR0\Partition0
2011/09/20 15:16:29.0796 3204 ================================================================================
2011/09/20 15:16:29.0796 3204 Scan finished
2011/09/20 15:16:29.0796 3204 ================================================================================
2011/09/20 15:16:29.0796 5208 Detected object count: 2
2011/09/20 15:16:29.0796 5208 Actual detected object count: 2
2011/09/20 15:17:41.0593 5208 HiddenFile.Multi.Generic(f08ea724) - User select action: Skip
2011/09/20 15:17:41.0718 5208 tmtdi (1203db51234ddaed6b13dd64d54e33c2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2011/09/20 15:17:41.0734 5208 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\tmtdi.sys) error 1813
2011/09/20 15:17:42.0125 5208 Backup copy not found, trying to cure infected file..
2011/09/20 15:17:42.0125 5208 C:\WINDOWS\system32\DRIVERS\tmtdi.sys - Cure failed (FFFFFFFF)
2011/09/20 15:17:42.0125 5208 C:\WINDOWS\system32\DRIVERS\tmtdi.sys - processing error
2011/09/20 15:17:42.0125 5208 Rootkit.Win32.ZAccess.e(tmtdi) - User select action: Cure
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP