Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

search engine redirects and virus scans won't run

Started by dmills , Sep 19 2011 11:05 AM

  • This topic is locked This topic is locked

#31
Render
Posted 21 September 2011 - 10:09 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Try now with this:

Download Combofix from any of the links below but rename it to explorer.com before and save it to your Desktop.

Link 1
Link 2
Link 3

Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\explorer.com" /killall

When finished, it shall produce a log for you. Post that log in your next reply.
  • 0

Advertisements

#32
dmills
Posted 21 September 2011 - 12:05 PM

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
The file automatically saved as "explorer.com.exe" is that okay? I haven't attempted to run it yet.
  • 0

#33
Render
Posted 21 September 2011 - 12:08 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please rename it to explorer.com before you will run it.
  • 0

#34
dmills
Posted 21 September 2011 - 04:34 PM

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I renamed the file on the Desktop to explorer.com. I went to Start> Run and pasted the copied code. Once again, the installer started extracting like normal until this error appeared: "Error opening file for writing: C:\32788R22FWJFW\iexplorer.exe" Click Abort to stop installation, Retry to try again, or Ignore to skip this file.
At first I clicked 'Retry' repeatedly for a for a few minutes but the prompt kept popping up. Then I clicked 'Ignore' and the program began extracting files for a few more moments, then it stopped once again, just like before with no warnings or promptings or anything else.
  • 0

#35
Render
Posted 21 September 2011 - 04:54 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please open Windows Explorer and delete this file here: C:\WINDOWS\614960880

NEXT...

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Cure, click on Continue.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT...

Then try to run Combofix once again as described here.
  • 0

#36
dmills
Posted 21 September 2011 - 09:00 PM

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I deleted the file and ran TDSSKiller. The Log is below. I attempted to download and run the ComboFix via Start > Run with the script you gave me, but I had to change the file name from "explorer.com" to "explore.com" because I already had a file with the name explorer.com. I changed the name in both the file and the script I pasted into the Run box. Once again the behavior was the same. It started to extract and then stopped mid-extraction.

2011/09/21 21:40:26.0626 5328 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/21 21:40:27.0142 5328 ================================================================================
2011/09/21 21:40:27.0142 5328 SystemInfo:
2011/09/21 21:40:27.0142 5328
2011/09/21 21:40:27.0142 5328 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/21 21:40:27.0142 5328 Product type: Workstation
2011/09/21 21:40:27.0142 5328 ComputerName: D82M1C4
2011/09/21 21:40:27.0142 5328 UserName: David Mills
2011/09/21 21:40:27.0142 5328 Windows directory: C:\WINDOWS
2011/09/21 21:40:27.0142 5328 System windows directory: C:\WINDOWS
2011/09/21 21:40:27.0142 5328 Processor architecture: Intel x86
2011/09/21 21:40:27.0142 5328 Number of processors: 2
2011/09/21 21:40:27.0142 5328 Page size: 0x1000
2011/09/21 21:40:27.0142 5328 Boot type: Normal boot
2011/09/21 21:40:27.0142 5328 ================================================================================
2011/09/21 21:40:29.0189 5328 Initialize success
2011/09/21 21:40:34.0142 6380 ================================================================================
2011/09/21 21:40:34.0142 6380 Scan started
2011/09/21 21:40:34.0142 6380 Mode: Manual;
2011/09/21 21:40:34.0142 6380 ================================================================================
2011/09/21 21:40:36.0064 6380 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/21 21:40:36.0142 6380 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/21 21:40:36.0189 6380 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/21 21:40:36.0251 6380 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
2011/09/21 21:40:36.0298 6380 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/21 21:40:36.0407 6380 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/21 21:40:36.0517 6380 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/21 21:40:36.0595 6380 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/21 21:40:36.0657 6380 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/21 21:40:36.0720 6380 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/21 21:40:36.0845 6380 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/21 21:40:36.0907 6380 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/21 21:40:36.0986 6380 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/21 21:40:37.0048 6380 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/21 21:40:37.0111 6380 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/21 21:40:37.0157 6380 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/21 21:40:37.0236 6380 AngelUsb (b001ead648a3e8fa06af7c221a5c1a4e) C:\WINDOWS\system32\DRIVERS\AngelUsb.sys
2011/09/21 21:40:37.0361 6380 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/09/21 21:40:37.0439 6380 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/21 21:40:37.0486 6380 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/21 21:40:37.0548 6380 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/21 21:40:37.0579 6380 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/21 21:40:37.0626 6380 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/21 21:40:37.0720 6380 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/21 21:40:37.0845 6380 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/21 21:40:38.0001 6380 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/21 21:40:38.0064 6380 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/21 21:40:38.0142 6380 BCM43XX (48a376e100ba257cb9d761e38577904f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/09/21 21:40:38.0220 6380 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/09/21 21:40:38.0298 6380 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/21 21:40:38.0361 6380 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/09/21 21:40:38.0392 6380 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/09/21 21:40:38.0454 6380 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys
2011/09/21 21:40:38.0532 6380 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/09/21 21:40:38.0657 6380 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/09/21 21:40:38.0767 6380 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
2011/09/21 21:40:38.0861 6380 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/09/21 21:40:38.0923 6380 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/09/21 21:40:38.0986 6380 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/09/21 21:40:39.0064 6380 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/09/21 21:40:39.0157 6380 BVRPMPR5 (51b327292408b5f3a42e295bce055859) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/09/21 21:40:39.0220 6380 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/21 21:40:39.0282 6380 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/21 21:40:39.0329 6380 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/21 21:40:39.0376 6380 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/21 21:40:39.0407 6380 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/21 21:40:39.0486 6380 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/21 21:40:39.0517 6380 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/21 21:40:39.0595 6380 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/21 21:40:39.0642 6380 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/21 21:40:39.0673 6380 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/21 21:40:39.0704 6380 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/21 21:40:39.0782 6380 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/09/21 21:40:39.0814 6380 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
2011/09/21 21:40:39.0939 6380 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/21 21:40:40.0001 6380 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/21 21:40:40.0064 6380 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/21 21:40:40.0142 6380 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/21 21:40:40.0329 6380 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/21 21:40:40.0361 6380 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/21 21:40:40.0407 6380 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/21 21:40:40.0470 6380 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/21 21:40:40.0517 6380 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/21 21:40:40.0548 6380 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/09/21 21:40:40.0564 6380 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/09/21 21:40:40.0689 6380 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2011/09/21 21:40:40.0845 6380 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/21 21:40:40.0923 6380 EuMusDesignVirtualAudioCableWdm (0531fc85e96822d60d3e41f30f075fc2) C:\WINDOWS\system32\DRIVERS\PC2TVAudio.sys
2011/09/21 21:40:41.0001 6380 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/21 21:40:41.0064 6380 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/21 21:40:41.0126 6380 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/09/21 21:40:41.0220 6380 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/21 21:40:41.0267 6380 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/21 21:40:41.0298 6380 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/21 21:40:41.0329 6380 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/21 21:40:41.0376 6380 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/21 21:40:41.0423 6380 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/21 21:40:41.0470 6380 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/21 21:40:41.0532 6380 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/21 21:40:41.0704 6380 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/21 21:40:41.0751 6380 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/21 21:40:41.0829 6380 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/21 21:40:41.0892 6380 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/21 21:40:41.0954 6380 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/21 21:40:42.0001 6380 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/09/21 21:40:42.0173 6380 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/09/21 21:40:42.0298 6380 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/21 21:40:42.0439 6380 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/21 21:40:42.0486 6380 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/21 21:40:42.0517 6380 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/21 21:40:42.0564 6380 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/21 21:40:42.0611 6380 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/21 21:40:42.0642 6380 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/21 21:40:42.0689 6380 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/21 21:40:42.0736 6380 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/21 21:40:42.0767 6380 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/21 21:40:42.0939 6380 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/21 21:40:42.0986 6380 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/21 21:40:43.0048 6380 IPSec (c3b55c9f04b8b9214b26659c56ec3e04) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/21 21:40:43.0064 6380 IPSec - detected Rootkit.Win32.ZAccess.e (0)
2011/09/21 21:40:43.0095 6380 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/21 21:40:43.0142 6380 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/21 21:40:43.0173 6380 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/21 21:40:43.0204 6380 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/21 21:40:43.0267 6380 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/21 21:40:43.0392 6380 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/21 21:40:43.0454 6380 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/09/21 21:40:43.0532 6380 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/09/21 21:40:43.0595 6380 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/09/21 21:40:43.0751 6380 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/09/21 21:40:43.0939 6380 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/21 21:40:44.0001 6380 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/09/21 21:40:44.0032 6380 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/21 21:40:44.0095 6380 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/21 21:40:44.0204 6380 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
2011/09/21 21:40:44.0423 6380 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/21 21:40:44.0470 6380 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/21 21:40:44.0517 6380 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/21 21:40:44.0564 6380 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/21 21:40:44.0611 6380 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/21 21:40:44.0673 6380 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/21 21:40:44.0892 6380 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/21 21:40:44.0939 6380 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/21 21:40:44.0970 6380 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/21 21:40:44.0986 6380 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/21 21:40:45.0032 6380 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/21 21:40:45.0095 6380 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/21 21:40:45.0251 6380 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/21 21:40:45.0298 6380 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/21 21:40:45.0361 6380 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/21 21:40:45.0392 6380 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/21 21:40:45.0454 6380 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/21 21:40:45.0501 6380 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/21 21:40:45.0611 6380 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/21 21:40:45.0673 6380 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/21 21:40:45.0782 6380 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/21 21:40:45.0829 6380 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/21 21:40:45.0892 6380 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/21 21:40:45.0923 6380 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/21 21:40:45.0954 6380 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/21 21:40:46.0032 6380 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/21 21:40:46.0126 6380 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/21 21:40:46.0329 6380 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/21 21:40:46.0376 6380 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/21 21:40:46.0439 6380 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/21 21:40:46.0501 6380 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/09/21 21:40:46.0579 6380 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/09/21 21:40:46.0751 6380 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/21 21:40:46.0782 6380 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/21 21:40:46.0814 6380 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/21 21:40:46.0892 6380 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/21 21:40:46.0939 6380 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/21 21:40:46.0970 6380 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/21 21:40:47.0064 6380 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/21 21:40:47.0111 6380 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/21 21:40:47.0251 6380 PfModNT (ede8241b75dadef090aadb6c81c8e1d7) C:\WINDOWS\system32\drivers\PfModNT.sys
2011/09/21 21:40:47.0329 6380 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/21 21:40:47.0361 6380 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/21 21:40:47.0392 6380 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/21 21:40:47.0423 6380 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/21 21:40:47.0454 6380 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/21 21:40:47.0501 6380 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/21 21:40:47.0548 6380 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/21 21:40:47.0595 6380 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/21 21:40:47.0736 6380 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/21 21:40:47.0782 6380 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/21 21:40:47.0845 6380 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/21 21:40:47.0876 6380 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/21 21:40:47.0907 6380 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/21 21:40:47.0939 6380 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/21 21:40:47.0954 6380 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/21 21:40:48.0001 6380 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/21 21:40:48.0064 6380 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/21 21:40:48.0220 6380 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/21 21:40:48.0298 6380 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/09/21 21:40:48.0329 6380 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/09/21 21:40:48.0361 6380 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/09/21 21:40:48.0439 6380 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/09/21 21:40:48.0501 6380 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/21 21:40:48.0548 6380 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/21 21:40:48.0595 6380 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/21 21:40:48.0720 6380 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/09/21 21:40:48.0782 6380 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/09/21 21:40:48.0829 6380 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/21 21:40:48.0876 6380 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/21 21:40:48.0939 6380 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/21 21:40:49.0032 6380 Sockblkd (02ab5ac03a1e66c8e8ed764ff8effc68) C:\Program Files\Extegrity\Exam4\Sockblkd.sys
2011/09/21 21:40:49.0189 6380 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/21 21:40:49.0236 6380 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/21 21:40:49.0267 6380 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/21 21:40:49.0314 6380 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/21 21:40:49.0329 6380 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/09/21 21:40:49.0345 6380 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/09/21 21:40:49.0439 6380 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/21 21:40:49.0642 6380 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/09/21 21:40:49.0736 6380 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/21 21:40:49.0798 6380 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/21 21:40:49.0829 6380 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/21 21:40:49.0892 6380 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/21 21:40:49.0923 6380 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/21 21:40:50.0017 6380 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/21 21:40:50.0064 6380 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/21 21:40:50.0142 6380 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/09/21 21:40:50.0220 6380 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/21 21:40:50.0298 6380 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/21 21:40:50.0454 6380 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/21 21:40:50.0486 6380 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/21 21:40:50.0532 6380 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/21 21:40:50.0611 6380 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/09/21 21:40:50.0657 6380 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/09/21 21:40:50.0689 6380 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/09/21 21:40:50.0736 6380 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
2011/09/21 21:40:50.0782 6380 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/09/21 21:40:50.0892 6380 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/09/21 21:40:50.0923 6380 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/09/21 21:40:50.0954 6380 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/09/21 21:40:50.0986 6380 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/09/21 21:40:51.0064 6380 tmcfw (3929c6784db38788d76a88d9c4043dee) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
2011/09/21 21:40:51.0173 6380 tmpreflt (0c89809f1df614bd42093a446b222a32) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
2011/09/21 21:40:51.0329 6380 tmtdi (264ea39fdebd0b5e9d49d79923ed91ad) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2011/09/21 21:40:51.0407 6380 tmxpflt (3d473e97ff805dab903aa66f08286c90) C:\WINDOWS\system32\drivers\TmXPFlt.sys
2011/09/21 21:40:51.0501 6380 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/21 21:40:51.0548 6380 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/21 21:40:51.0579 6380 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/21 21:40:51.0751 6380 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/21 21:40:51.0845 6380 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/21 21:40:51.0907 6380 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/21 21:40:51.0954 6380 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/21 21:40:51.0986 6380 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/21 21:40:52.0142 6380 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/21 21:40:52.0204 6380 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/21 21:40:52.0267 6380 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/21 21:40:52.0314 6380 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/21 21:40:52.0329 6380 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/21 21:40:52.0392 6380 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/21 21:40:52.0548 6380 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/09/21 21:40:52.0611 6380 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/21 21:40:52.0657 6380 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/21 21:40:52.0736 6380 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/21 21:40:52.0798 6380 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/21 21:40:52.0892 6380 vsapint (50e1ea1dd3ea74919d7a1c5d6c9c0b56) C:\WINDOWS\system32\DRIVERS\vsapint.sys
2011/09/21 21:40:53.0032 6380 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/21 21:40:53.0126 6380 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/09/21 21:40:53.0157 6380 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/21 21:40:53.0267 6380 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/21 21:40:53.0517 6380 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/21 21:40:53.0564 6380 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/09/21 21:40:53.0626 6380 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/21 21:40:53.0689 6380 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
2011/09/21 21:40:53.0704 6380 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR7
2011/09/21 21:40:53.0736 6380 Boot (0x1200) (01b2009c09ccf404384a3b6b2db466a9) \Device\Harddisk0\DR0\Partition0
2011/09/21 21:40:53.0751 6380 Boot (0x1200) (4a40ea518c7320400832be752e44629b) \Device\Harddisk1\DR7\Partition0
2011/09/21 21:40:53.0751 6380 ================================================================================
2011/09/21 21:40:53.0751 6380 Scan finished
2011/09/21 21:40:53.0751 6380 ================================================================================
2011/09/21 21:40:53.0751 6340 Detected object count: 1
2011/09/21 21:40:53.0751 6340 Actual detected object count: 1
2011/09/21 21:41:23.0751 6340 IPSec (c3b55c9f04b8b9214b26659c56ec3e04) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/21 21:41:23.0751 6340 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813
2011/09/21 21:41:24.0751 6340 Backup copy found, using it..
2011/09/21 21:41:24.0798 6340 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured after reboot
2011/09/21 21:41:24.0798 6340 Rootkit.Win32.ZAccess.e(IPSec) - User select action: Cure
2011/09/21 21:42:12.0079 5876 Deinitialize success
  • 0

#37
Render
Posted 22 September 2011 - 04:37 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We are still in the dark since we could not find a source of infection. Let's try to find it with GMER.

Posted Image GMER Rootkit Scanner

  • Download GMER from HERE.
  • Extract the contents of zipped file to your desktop.
  • Double click GMER.exe.

    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

Posted Image

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
  • Please copy and paste the report into your Post.

Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If GMER should crash then proceed to the OTL scan!
  • 0

#38
dmills
Posted 22 September 2011 - 02:52 PM

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I ran GMER Rootkit Scanner.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-22 15:49:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS721010G9SA00 rev.MCZOC10H
Running: gmer.exe; Driver: C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\pwtdapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IoReuseIrp + 8B 804EF90D 7 Bytes CALL 89AEDE85
? lclaltf.sys The system cannot find the file specified. !
.text atapi.sys B9F1184D 7 Bytes CALL 89AEA980
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB0B6A280]
? C:\WINDOWS\system32\DRIVERS\tmtdi.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\Fastfat \Fat AC604D20
Device \FileSystem\Fastfat \Fat AC5FD60A

AttachedDevice \FileSystem\Fastfat \Fat tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \Driver\00001475 \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0 89AE8140
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) B9540000-B954B000 (45056 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:1240] B95449B5
Thread System [4:1244] B95449B5
Thread System [4:1248] 89AEDE95
Thread System [4:1252] 89AEDE95
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\614960880:259086555.exe (*** hidden *** ) @ C:\WINDOWS\614960880:259086555.exe [1728] 0x00400000

---- Files - GMER 1.0.15 ----

ADS C:\RECYCLER\S-1-5-21-1140566235-3509994432-3968527538-1006\Dc4:259086555.exe 816 bytes executable
ADS C:\RECYCLER\S-1-5-21-1140566235-3509994432-3968527538-1006\Dc5:259086555.exe 816 bytes executable
ADS C:\RECYCLER\S-1-5-21-1140566235-3509994432-3968527538-1006\Dc6:259086555.exe 816 bytes executable
ADS C:\WINDOWS\614960880:259086555.exe 816 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\$NtUninstallKB43093$\2497276203 0 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740 0 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740\click.tlb 2144 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740\L 0 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740\L\pdmzmplg 73288 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740\loader.tlb 2540 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740\U 0 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740\U\@00000001 45968 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740\U\@000000c0 3584 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740\U\@000000cb 2048 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740\U\@000000cf 1536 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740\U\@80000000 26112 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740\U\@800000c0 35840 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740\U\@800000cb 27648 bytes
File C:\WINDOWS\$NtUninstallKB43093$\4035880740\U\@800000cf 27648 bytes

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\614960880:259086555.exe [MANUAL] f08ea724 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
  • 0

#39
Render
Posted 22 September 2011 - 04:41 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please carefully follow these steps:

Step 1

Please download ComboFix from Here or Here to your desktop.

If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Don't run it yet!

Step 2

We have to install Recovery Console. (If you already have installed Recovery Console please proceed with step 3)

If you use Windows XP and do not have the Windows CD, ComboFix includes a method of installing the Windows Recovery console by downloading a file from Microsoft. To install the Windows Recovery Console when you do not have the Windows XP CD, please follow these instructions:

  • Click on the following link to go to Microsoft's Web site:

    http://support.micro....com/kb/310994
  • At that page, scroll down and click on the appropriate download for your version of Windows XP (Home or Professional) and the service pack level that you have installed. When you click on the link to download the file, make sure you save it directly to your desktop. If you are using Windows XP Service Pack 3 (SP3), then select the Service Pack 2 download. If you are using Windows XP Media Center, then you should select the Windows XP Pro Service Pack 2 download.
  • Once the Microsoft file has finished downloading, you should drag it on top of the ComboFix icon and let your mouse button go. This is shown in the following image.

    Posted Image
  • ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer.
  • Once the Windows Recovery Console has finished installed, ComboFix will open a prompt stating that it was installed and asking if you would like to proceed with scanning your computer. Press No button.

Step 3

  • Reboot your computer and as Windows starts it will present you with your startup options as shown in the figure below.
    Posted Image
  • With the arrows keys on your keyboard select the option listed as Microsoft Windows Recovery Console and press the enter key on your keyboard.
  • The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.
  • It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter. If you do not know your password then see this.
  • If you entered the correct password you will now be presented with a C:\Windows> prompt and you can start using the Recovery Console.
  • Type in the following commands:

    del 614960880

    remdir $NtUninstallKB43093$
  • Once finished type Exit boot into Windows and proceed with Step 4

Step 4

Please do this quickly after you are in Windows to avoid ZeroAcces reactivation!

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combofix.txt" for further review

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • 0

#40
dmills
Posted 22 September 2011 - 08:00 PM

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I dropped the Windows Icon on the ComboFix icon and a warning came up saying antivirus: PC -cillin Internet Security - Virus Protection has real time virus scanners which are running that might interfere with Combo Fix, but I can't tell that the virus program is in fact running. The Trend Micro Icon does not appear in the system tray at the bottom. I tried to open the Virus Program console in order to close it again manually and I was not allowed to. The only thing I can think of to insure that it's not running is to uninstall the entire antivirus program. Should I? Or should I proceed despite the warning and hope that the antivirus program is not actually running? What should I do?
  • 0

Advertisements

#41
dmills
Posted 22 September 2011 - 10:46 PM

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I decided to go ahead and uninstall My entire Trend Micro antivirus program as to not disrupt the process from happening properly. After I did uninstall, Windows Recovery Console was installed and when I rebooted, I entered the first command with no problem "del 614960880." The second command: "remdir $NtUnnstallKB43093$" didn't work and when I tried "rmdir $NtUninstallKB43093$" it said, "This directory could not be removed." I exited anyway, loaded Windows and I FINALLY successfully ran ComboFix. I think I'm inordinately excited about that. The log is posted below.



ComboFix 11-09-22.04 - David Mills 09/22/2011 23:15:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1601 [GMT -5:00]
Running from: c:\documents and settings\David Mills\Desktop\ComboFix2.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MSI7D.tmp.b87116c7.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
c:\documents and settings\David Mills\Application Data\OpenCloud Security
c:\documents and settings\David Mills\Application Data\OpenCloud Security\csrss.exe
c:\documents and settings\David Mills\Application Data\OpenCloud Security\ldr.ini
c:\documents and settings\David Mills\Application Data\OpenCloud Security\OpenCloud Security.ico
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\ehExtHost.exe.fa7bea74.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini.inuse
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\Launcher.exe.33c15faa.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\Launcher.exe.b7231ca1.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\Launcher.exe.b72c2a1d.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\MSI7D.tmp.b87116c7.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\OUTLOOK.EXE.5105b61b.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\OUTLOOK.EXE.c1b4c359.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\OUTLOOK.EXE.f52ca658.ini.inuse
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
C:\svchost.exe
c:\windows\$NtUninstallKB43093$
c:\windows\$NtUninstallKB43093$\4035880740\@
c:\windows\$NtUninstallKB43093$\4035880740\L\pdmzmplg
c:\windows\$NtUninstallKB43093$\4035880740\loader.tlb
c:\windows\$NtUninstallKB43093$\4035880740\U\@00000001
c:\windows\$NtUninstallKB43093$\4035880740\U\@000000c0
c:\windows\$NtUninstallKB43093$\4035880740\U\@000000cb
c:\windows\$NtUninstallKB43093$\4035880740\U\@000000cf
c:\windows\$NtUninstallKB43093$\4035880740\U\@80000000
c:\windows\$NtUninstallKB43093$\4035880740\U\@800000c0
c:\windows\$NtUninstallKB43093$\4035880740\U\@800000cb
c:\windows\$NtUninstallKB43093$\4035880740\U\@800000cf
c:\windows\$NtUninstallKB43093$\93943111
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\kb913800.exe
c:\windows\system32\
c:\windows\system32\d3d9caps.dat
c:\windows\system32\linkinfo(2).dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys
.
c:\windows\System32\WLTRYSVC.EXE . . . is infected!!
c:\windows\System32\WLTRYSVC.EXE . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_f08ea724
.
.
((((((((((((((((((((((((( Files Created from 2011-08-23 to 2011-09-23 )))))))))))))))))))))))))))))))
.
.
2011-09-23 04:26 . 2011-09-23 04:26 -------- d-----w- c:\documents and settings\David Mills\Local Settings\Application Data\ApplicationHistory
2011-09-23 03:52 . 2011-09-23 03:55 -------- d-----w- C:\ComboFix2
2011-09-22 16:51 . 2011-09-22 17:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-09-22 16:49 . 2011-09-22 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-09-22 12:07 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-21 01:29 . 2011-09-21 01:29 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-09-19 20:36 . 2011-09-19 20:36 -------- d-----w- C:\_OTL
2011-09-19 16:46 . 2011-09-23 03:57 48016 --sha-w- c:\windows\system32\c_51360.nl_
2011-09-19 16:31 . 2011-09-19 16:31 -------- d-----w- C:\_OTM
2011-09-19 16:27 . 2011-09-19 16:28 -------- d-----w- c:\program files\ERUNT
2011-09-19 14:07 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-09-16 19:41 . 2011-09-16 19:41 -------- d-----w- c:\windows\system32\drivers\myrmbin
2011-09-16 19:41 . 2011-09-16 19:41 -------- d-----w- c:\windows\system32\drivers\mycodec
2011-09-16 19:40 . 2011-09-16 19:44 -------- d-----w- c:\program files\MyVideoConverter
2011-09-15 15:37 . 2011-09-15 15:37 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-09-15 15:33 . 2008-09-24 00:29 531 ----a-w- c:\documents and settings\David Mills\sysclean.bat
2011-09-15 15:19 . 2011-09-15 15:19 -------- d-----w- c:\documents and settings\David Mills\Application Data\Malwarebytes
2011-09-15 15:19 . 2011-09-15 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-15 15:19 . 2011-09-22 17:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-15 15:01 . 2011-09-15 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-09-15 15:01 . 2011-09-15 15:01 -------- d-----w- c:\program files\Lavasoft
2011-09-14 21:18 . 2011-09-14 21:18 -------- d--h--w- c:\windows\PIF
2011-09-14 14:21 . 2011-09-14 14:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-08 17:15 . 2011-09-08 17:15 -------- d-----w- C:\CFdownloads
2011-09-08 17:14 . 2011-09-08 17:14 -------- d-----w- c:\program files\CinemaForge
2011-09-08 17:13 . 2009-08-28 07:27 1577792 ----a-w- c:\windows\screengenie.scr
2011-09-06 00:44 . 2011-09-08 17:05 -------- d-----w- c:\program files\Free FLV Converter
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-09-02 03:17 . 2011-09-08 16:27 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-09-02 03:17 . 2011-09-08 16:27 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-09-02 03:17 . 2011-09-08 16:27 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-09-02 03:17 . 2011-09-08 16:27 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-09-02 03:17 . 2011-09-08 16:27 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-09-02 03:17 . 2011-09-08 16:27 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-09-02 03:17 . 2011-08-30 19:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-02 03:17 . 2011-08-30 19:41 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-22 05:04 . 2005-08-16 10:18 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-09-20 22:43 . 2006-11-14 17:36 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-15 02:00 . 2006-11-14 18:09 46080 ------w- c:\windows\system32\CTSVCCDA.EXE
2011-09-14 23:14 . 2006-11-14 18:03 1236992 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2011-09-14 14:27 . 2006-11-14 17:38 409600 ----a-w- c:\windows\system32\ati2evxx.exe
2011-09-09 09:12 . 2005-08-16 10:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-02 17:39 . 2011-07-29 21:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-05 20:59 . 2010-07-28 15:19 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2011-07-08 14:02 . 2005-08-16 10:18 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-09-08 16:27 . 2011-09-02 03:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-09-13 1384448]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-11-14 169984]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"DellHelp"="c:\dell\DellHelp\DellHelp.exe" [2004-04-01 1589248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-14 24576]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\David Mills\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\David Mills\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Updater6\\Adobe_Updater.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 10:22 AM 135664]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2/3/2007 11:51 AM 20160]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [11/14/2006 12:39 PM 386560]
S3 EuMusDesignVirtualAudioCableWdm;PC2TV Audio;c:\windows\system32\drivers\PC2TVAudio.sys [4/4/2007 7:24 PM 38528]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 10:22 AM 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PC2TV;PC2TV_Display_Driver;c:\windows\system32\DRIVERS\PC2TV.sys --> c:\windows\system32\DRIVERS\PC2TV.sys [?]
S3 PC2TVMirror;PC2TVMirror_Display_Driver;c:\windows\system32\DRIVERS\PC2TVMirror.sys --> c:\windows\system32\DRIVERS\PC2TVMirror.sys [?]
S3 Sockblkd;Sockblkd;c:\program files\Extegrity\Exam4\Sockblkd.sys [1/15/2007 2:48 PM 6784]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/16/2005 5:18 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 13:09]
.
2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 13:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.0.70 192.168.1.200 192.168.1.1
FF - ProfilePath - c:\documents and settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-WgaLogon - (no file)
SafeBoot-20710031.sys
SafeBoot-39060764.sys
SafeBoot-44037515.sys
SafeBoot-44278577.sys
SafeBoot-67339487.sys
SafeBoot-86784846.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-22 23:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(7584)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\stsystra.exe
c:\windows\system32\Rundll32.exe
c:\docume~1\DAVIDM~1\LOCALS~1\Temp\clclean.0001
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-09-22 23:32:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-23 04:32
.
Pre-Run: 55,855,632,384 bytes free
Post-Run: 55,922,159,616 bytes free
.
- - End Of File - - 3C97E7CE6976ACABFD65A32C0071013A
  • 0

#42
Render
Posted 23 September 2011 - 03:17 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Excellent work. I think we are on a good way to clean that nasty thing. That was my mistake: "remdir $NtUnnstallKB43093$. It should be "rmdir $NtUnnstallKB43093$.

Do the following now:

Step 1

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:
  • TDSSKiller log
  • OTL scan log

  • 0

#43
dmills
Posted 23 September 2011 - 06:20 AM

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I downloaded and ran TDSSKiller. The log is below. I ran the custom OTL scan. The log is below.


06:55:20.0546 0376 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
06:55:20.0953 0376 ============================================================
06:55:20.0953 0376 Current date / time: 2011/09/23 06:55:20.0953
06:55:20.0953 0376 SystemInfo:
06:55:20.0953 0376
06:55:20.0953 0376 OS Version: 5.1.2600 ServicePack: 3.0
06:55:20.0953 0376 Product type: Workstation
06:55:20.0953 0376 ComputerName: D82M1C4
06:55:20.0953 0376 UserName: David Mills
06:55:20.0953 0376 Windows directory: C:\WINDOWS
06:55:20.0953 0376 System windows directory: C:\WINDOWS
06:55:20.0953 0376 Processor architecture: Intel x86
06:55:20.0953 0376 Number of processors: 2
06:55:20.0953 0376 Page size: 0x1000
06:55:20.0953 0376 Boot type: Normal boot
06:55:20.0953 0376 ============================================================
06:55:22.0781 0376 Initialize success
06:55:56.0687 0788 ============================================================
06:55:56.0687 0788 Scan started
06:55:56.0687 0788 Mode: Manual;
06:55:56.0687 0788 ============================================================
06:55:57.0781 0788 Abiosdsk - ok
06:55:57.0828 0788 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
06:55:57.0843 0788 abp480n5 - ok
06:55:57.0890 0788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:55:57.0921 0788 ACPI - ok
06:55:57.0953 0788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:55:57.0953 0788 ACPIEC - ok
06:55:58.0000 0788 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
06:55:58.0015 0788 ADM8511 - ok
06:55:58.0046 0788 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
06:55:58.0078 0788 adpu160m - ok
06:55:58.0171 0788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:55:58.0203 0788 aec - ok
06:55:58.0265 0788 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
06:55:58.0265 0788 AFD - ok
06:55:58.0312 0788 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
06:55:58.0343 0788 agp440 - ok
06:55:58.0375 0788 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
06:55:58.0390 0788 agpCPQ - ok
06:55:58.0421 0788 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
06:55:58.0453 0788 Aha154x - ok
06:55:58.0578 0788 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
06:55:58.0609 0788 aic78u2 - ok
06:55:58.0625 0788 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
06:55:58.0656 0788 aic78xx - ok
06:55:58.0671 0788 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:55:58.0703 0788 AliIde - ok
06:55:58.0750 0788 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
06:55:58.0781 0788 alim1541 - ok
06:55:58.0796 0788 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
06:55:58.0828 0788 amdagp - ok
06:55:58.0828 0788 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
06:55:58.0859 0788 amsint - ok
06:55:58.0921 0788 AngelUsb (b001ead648a3e8fa06af7c221a5c1a4e) C:\WINDOWS\system32\DRIVERS\AngelUsb.sys
06:55:58.0984 0788 AngelUsb - ok
06:55:59.0140 0788 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
06:55:59.0171 0788 APPDRV - ok
06:55:59.0218 0788 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:55:59.0250 0788 Arp1394 - ok
06:55:59.0296 0788 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
06:55:59.0328 0788 asc - ok
06:55:59.0343 0788 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
06:55:59.0375 0788 asc3350p - ok
06:55:59.0406 0788 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
06:55:59.0421 0788 asc3550 - ok
06:55:59.0468 0788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:55:59.0484 0788 AsyncMac - ok
06:55:59.0625 0788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:55:59.0625 0788 atapi - ok
06:55:59.0640 0788 Atdisk - ok
06:55:59.0718 0788 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
06:55:59.0859 0788 ati2mtag - ok
06:56:00.0015 0788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:56:00.0046 0788 Atmarpc - ok
06:56:00.0093 0788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:56:00.0109 0788 audstub - ok
06:56:00.0187 0788 BCM43XX (48a376e100ba257cb9d761e38577904f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
06:56:00.0359 0788 BCM43XX - ok
06:56:00.0515 0788 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
06:56:00.0531 0788 bcm4sbxp - ok
06:56:00.0562 0788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:56:00.0562 0788 Beep - ok
06:56:00.0609 0788 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
06:56:00.0640 0788 Bridge - ok
06:56:00.0640 0788 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
06:56:00.0640 0788 BridgeMP - ok
06:56:00.0703 0788 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys
06:56:00.0734 0788 btaudio - ok
06:56:00.0859 0788 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys
06:56:00.0875 0788 BTDriver - ok
06:56:00.0953 0788 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
06:56:01.0046 0788 BTKRNL - ok
06:56:01.0171 0788 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
06:56:01.0203 0788 BTSERIAL - ok
06:56:01.0234 0788 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
06:56:01.0281 0788 BTWDNDIS - ok
06:56:01.0312 0788 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys
06:56:01.0359 0788 btwhid - ok
06:56:01.0375 0788 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
06:56:01.0406 0788 btwmodem - ok
06:56:01.0453 0788 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
06:56:01.0531 0788 BTWUSB - ok
06:56:01.0593 0788 BVRPMPR5 (51b327292408b5f3a42e295bce055859) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
06:56:01.0640 0788 BVRPMPR5 - ok
06:56:01.0765 0788 catchme - ok
06:56:01.0921 0788 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
06:56:01.0953 0788 cbidf - ok
06:56:01.0953 0788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:56:01.0953 0788 cbidf2k - ok
06:56:02.0015 0788 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:56:02.0031 0788 CCDECODE - ok
06:56:02.0046 0788 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
06:56:02.0078 0788 cd20xrnt - ok
06:56:02.0109 0788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:56:02.0125 0788 Cdaudio - ok
06:56:02.0171 0788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:56:02.0203 0788 Cdfs - ok
06:56:02.0234 0788 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:56:02.0265 0788 Cdrom - ok
06:56:02.0406 0788 Changer - ok
06:56:02.0437 0788 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:56:02.0453 0788 CmBatt - ok
06:56:02.0500 0788 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
06:56:02.0515 0788 CmdIde - ok
06:56:02.0531 0788 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:56:02.0546 0788 Compbatt - ok
06:56:02.0609 0788 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
06:56:02.0640 0788 Cpqarray - ok
06:56:02.0703 0788 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
06:56:02.0734 0788 ctsfm2k - ok
06:56:02.0750 0788 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
06:56:02.0843 0788 CTUSFSYN - ok
06:56:02.0906 0788 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
06:56:02.0953 0788 dac2w2k - ok
06:56:02.0984 0788 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
06:56:03.0000 0788 dac960nt - ok
06:56:03.0046 0788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:56:03.0062 0788 Disk - ok
06:56:03.0109 0788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:56:03.0171 0788 dmboot - ok
06:56:03.0312 0788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:56:03.0328 0788 dmio - ok
06:56:03.0359 0788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:56:03.0375 0788 dmload - ok
06:56:03.0406 0788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:56:03.0421 0788 DMusic - ok
06:56:03.0453 0788 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
06:56:03.0468 0788 dpti2o - ok
06:56:03.0500 0788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:56:03.0515 0788 drmkaud - ok
06:56:03.0546 0788 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
06:56:03.0562 0788 drvmcdb - ok
06:56:03.0578 0788 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
06:56:03.0609 0788 drvnddm - ok
06:56:03.0734 0788 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
06:56:03.0750 0788 DSproct - ok
06:56:03.0890 0788 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
06:56:03.0921 0788 E100B - ok
06:56:03.0953 0788 EuMusDesignVirtualAudioCableWdm (0531fc85e96822d60d3e41f30f075fc2) C:\WINDOWS\system32\DRIVERS\PC2TVAudio.sys
06:56:03.0984 0788 EuMusDesignVirtualAudioCableWdm - ok
06:56:04.0015 0788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:56:04.0046 0788 Fastfat - ok
06:56:04.0078 0788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:56:04.0093 0788 Fdc - ok
06:56:04.0140 0788 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
06:56:04.0156 0788 FilterService - ok
06:56:04.0281 0788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:56:04.0296 0788 Fips - ok
06:56:04.0328 0788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:56:04.0328 0788 Flpydisk - ok
06:56:04.0375 0788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:56:04.0390 0788 FltMgr - ok
06:56:04.0406 0788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:56:04.0421 0788 Fs_Rec - ok
06:56:04.0453 0788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:56:04.0468 0788 Ftdisk - ok
06:56:04.0500 0788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
06:56:04.0515 0788 GEARAspiWDM - ok
06:56:04.0562 0788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:56:04.0578 0788 Gpc - ok
06:56:04.0671 0788 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:56:04.0687 0788 HDAudBus - ok
06:56:04.0734 0788 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:56:04.0750 0788 HidUsb - ok
06:56:04.0796 0788 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
06:56:04.0812 0788 hpn - ok
06:56:04.0859 0788 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
06:56:04.0890 0788 HPZid412 - ok
06:56:04.0937 0788 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
06:56:04.0937 0788 HPZipr12 - ok
06:56:05.0031 0788 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
06:56:05.0046 0788 HPZius12 - ok
06:56:05.0109 0788 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
06:56:05.0125 0788 HSFHWAZL - ok
06:56:05.0171 0788 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
06:56:05.0250 0788 HSF_DPV - ok
06:56:05.0390 0788 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:56:05.0390 0788 HTTP - ok
06:56:05.0421 0788 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
06:56:05.0437 0788 i2omgmt - ok
06:56:05.0468 0788 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
06:56:05.0468 0788 i2omp - ok
06:56:05.0500 0788 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:56:05.0515 0788 i8042prt - ok
06:56:05.0531 0788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:56:05.0546 0788 Imapi - ok
06:56:05.0593 0788 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
06:56:05.0609 0788 ini910u - ok
06:56:05.0625 0788 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:56:05.0640 0788 IntelIde - ok
06:56:05.0781 0788 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:56:05.0796 0788 intelppm - ok
06:56:05.0812 0788 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:56:05.0828 0788 Ip6Fw - ok
06:56:05.0859 0788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:56:05.0875 0788 IpFilterDriver - ok
06:56:05.0890 0788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:56:05.0906 0788 IpInIp - ok
06:56:05.0937 0788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:56:05.0968 0788 IpNat - ok
06:56:05.0984 0788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:56:06.0000 0788 IPSec - ok
06:56:06.0109 0788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:56:06.0125 0788 IRENUM - ok
06:56:06.0156 0788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:56:06.0187 0788 isapnp - ok
06:56:06.0234 0788 ivusb - ok
06:56:06.0265 0788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:56:06.0281 0788 Kbdclass - ok
06:56:06.0296 0788 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:56:06.0312 0788 kbdhid - ok
06:56:06.0343 0788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:56:06.0343 0788 kmixer - ok
06:56:06.0375 0788 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:56:06.0375 0788 KSecDD - ok
06:56:06.0468 0788 lbrtfdc - ok
06:56:06.0515 0788 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
06:56:06.0531 0788 LVPr2Mon - ok
06:56:06.0593 0788 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
06:56:06.0625 0788 LVRS - ok
06:56:06.0703 0788 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
06:56:06.0703 0788 LVUSBSta - ok
06:56:06.0968 0788 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
06:56:07.0250 0788 LVUVC - ok
06:56:07.0375 0788 MBAMSwissArmy - ok
06:56:07.0437 0788 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
06:56:07.0453 0788 mdmxsdk - ok
06:56:07.0484 0788 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
06:56:07.0500 0788 MHNDRV - ok
06:56:07.0531 0788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:56:07.0531 0788 mnmdd - ok
06:56:07.0578 0788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:56:07.0593 0788 Modem - ok
06:56:07.0687 0788 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
06:56:07.0750 0788 monfilt - ok
06:56:07.0921 0788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:56:07.0937 0788 Mouclass - ok
06:56:07.0968 0788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:56:07.0984 0788 mouhid - ok
06:56:08.0015 0788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:56:08.0031 0788 MountMgr - ok
06:56:08.0078 0788 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
06:56:08.0093 0788 mraid35x - ok
06:56:08.0109 0788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:56:08.0140 0788 MRxDAV - ok
06:56:08.0187 0788 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:56:08.0203 0788 MRxSmb - ok
06:56:08.0406 0788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:56:08.0421 0788 Msfs - ok
06:56:08.0453 0788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:56:08.0468 0788 MSKSSRV - ok
06:56:08.0484 0788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:56:08.0484 0788 MSPCLOCK - ok
06:56:08.0515 0788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:56:08.0515 0788 MSPQM - ok
06:56:08.0562 0788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:56:08.0578 0788 mssmbios - ok
06:56:08.0625 0788 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:56:08.0625 0788 MSTEE - ok
06:56:08.0765 0788 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:56:08.0765 0788 Mup - ok
06:56:08.0796 0788 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:56:08.0828 0788 NABTSFEC - ok
06:56:08.0859 0788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:56:08.0875 0788 NDIS - ok
06:56:08.0906 0788 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:56:08.0921 0788 NdisIP - ok
06:56:08.0968 0788 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:56:08.0968 0788 NdisTapi - ok
06:56:09.0031 0788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:56:09.0031 0788 Ndisuio - ok
06:56:09.0125 0788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:56:09.0140 0788 NdisWan - ok
06:56:09.0187 0788 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:56:09.0187 0788 NDProxy - ok
06:56:09.0203 0788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:56:09.0218 0788 NetBIOS - ok
06:56:09.0265 0788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:56:09.0281 0788 NetBT - ok
06:56:09.0328 0788 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:56:09.0343 0788 NIC1394 - ok
06:56:09.0359 0788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:56:09.0375 0788 Npfs - ok
06:56:09.0406 0788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:56:09.0437 0788 Ntfs - ok
06:56:09.0562 0788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:56:09.0562 0788 Null - ok
06:56:09.0640 0788 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:56:09.0703 0788 nv - ok
06:56:09.0843 0788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:56:09.0859 0788 NwlnkFlt - ok
06:56:09.0875 0788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:56:09.0890 0788 NwlnkFwd - ok
06:56:09.0937 0788 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:56:09.0953 0788 ohci1394 - ok
06:56:10.0000 0788 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
06:56:10.0015 0788 omci - ok
06:56:10.0031 0788 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
06:56:10.0078 0788 ossrv - ok
06:56:10.0125 0788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
06:56:10.0140 0788 Parport - ok
06:56:10.0250 0788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:56:10.0265 0788 PartMgr - ok
06:56:10.0296 0788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:56:10.0296 0788 ParVdm - ok
06:56:10.0312 0788 PC2TV - ok
06:56:10.0328 0788 PC2TVMirror - ok
06:56:10.0343 0788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:56:10.0359 0788 PCI - ok
06:56:10.0375 0788 PCIDump - ok
06:56:10.0390 0788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:56:10.0406 0788 PCIIde - ok
06:56:10.0421 0788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:56:10.0437 0788 Pcmcia - ok
06:56:10.0453 0788 PDCOMP - ok
06:56:10.0468 0788 PDFRAME - ok
06:56:10.0468 0788 PDRELI - ok
06:56:10.0484 0788 PDRFRAME - ok
06:56:10.0500 0788 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
06:56:10.0531 0788 perc2 - ok
06:56:10.0546 0788 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
06:56:10.0562 0788 perc2hib - ok
06:56:10.0609 0788 PfModNT (ede8241b75dadef090aadb6c81c8e1d7) C:\WINDOWS\system32\drivers\PfModNT.sys
06:56:10.0625 0788 PfModNT - ok
06:56:10.0656 0788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:56:10.0671 0788 PptpMiniport - ok
06:56:10.0812 0788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:56:10.0828 0788 PSched - ok
06:56:10.0843 0788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:56:10.0859 0788 Ptilink - ok
06:56:10.0890 0788 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:56:10.0921 0788 PxHelp20 - ok
06:56:10.0953 0788 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
06:56:10.0968 0788 ql1080 - ok
06:56:11.0000 0788 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
06:56:11.0015 0788 Ql10wnt - ok
06:56:11.0031 0788 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
06:56:11.0062 0788 ql12160 - ok
06:56:11.0078 0788 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
06:56:11.0093 0788 ql1240 - ok
06:56:11.0109 0788 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
06:56:11.0140 0788 ql1280 - ok
06:56:11.0171 0788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:56:11.0187 0788 RasAcd - ok
06:56:11.0328 0788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:56:11.0343 0788 Rasl2tp - ok
06:56:11.0359 0788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:56:11.0375 0788 RasPppoe - ok
06:56:11.0390 0788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:56:11.0390 0788 Raspti - ok
06:56:11.0437 0788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:56:11.0453 0788 Rdbss - ok
06:56:11.0468 0788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:56:11.0484 0788 RDPCDD - ok
06:56:11.0515 0788 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:56:11.0531 0788 rdpdr - ok
06:56:11.0578 0788 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
06:56:11.0578 0788 RDPWD - ok
06:56:11.0609 0788 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:56:11.0625 0788 redbook - ok
06:56:11.0687 0788 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
06:56:11.0703 0788 rimmptsk - ok
06:56:11.0781 0788 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
06:56:11.0796 0788 rimsptsk - ok
06:56:11.0812 0788 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
06:56:11.0843 0788 rismxdp - ok
06:56:11.0890 0788 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
06:56:11.0906 0788 sdbus - ok
06:56:11.0937 0788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:56:11.0953 0788 Secdrv - ok
06:56:11.0984 0788 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:56:11.0984 0788 serenum - ok
06:56:12.0015 0788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:56:12.0046 0788 Serial - ok
06:56:12.0078 0788 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
06:56:12.0078 0788 sffdisk - ok
06:56:12.0093 0788 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
06:56:12.0109 0788 sffp_sd - ok
06:56:12.0250 0788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:56:12.0250 0788 Sfloppy - ok
06:56:12.0265 0788 Simbad - ok
06:56:12.0312 0788 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
06:56:12.0328 0788 sisagp - ok
06:56:12.0375 0788 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:56:12.0390 0788 SLIP - ok
06:56:12.0468 0788 Sockblkd (02ab5ac03a1e66c8e8ed764ff8effc68) C:\Program Files\Extegrity\Exam4\Sockblkd.sys
06:56:12.0484 0788 Sockblkd - ok
06:56:12.0515 0788 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
06:56:12.0531 0788 Sparrow - ok
06:56:12.0656 0788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:56:12.0671 0788 splitter - ok
06:56:12.0687 0788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:56:12.0703 0788 sr - ok
06:56:12.0734 0788 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:56:12.0750 0788 Srv - ok
06:56:12.0765 0788 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
06:56:12.0781 0788 sscdbhk5 - ok
06:56:12.0781 0788 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
06:56:12.0812 0788 ssrtln - ok
06:56:12.0890 0788 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
06:56:12.0953 0788 STHDA - ok
06:56:13.0109 0788 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
06:56:13.0125 0788 StillCam - ok
06:56:13.0187 0788 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:56:13.0203 0788 streamip - ok
06:56:13.0218 0788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:56:13.0234 0788 swenum - ok
06:56:13.0296 0788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:56:13.0312 0788 swmidi - ok
06:56:13.0343 0788 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
06:56:13.0359 0788 symc810 - ok
06:56:13.0390 0788 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
06:56:13.0406 0788 symc8xx - ok
06:56:13.0546 0788 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
06:56:13.0562 0788 sym_hi - ok
06:56:13.0593 0788 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
06:56:13.0609 0788 sym_u3 - ok
06:56:13.0656 0788 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
06:56:13.0687 0788 SynTP - ok
06:56:13.0734 0788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:56:13.0750 0788 sysaudio - ok
06:56:13.0812 0788 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:56:13.0812 0788 Tcpip - ok
06:56:13.0921 0788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:56:13.0937 0788 TDPIPE - ok
06:56:13.0968 0788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:56:13.0968 0788 TDTCP - ok
06:56:14.0000 0788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:56:14.0015 0788 TermDD - ok
06:56:14.0078 0788 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
06:56:14.0093 0788 tfsnboio - ok
06:56:14.0125 0788 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
06:56:14.0140 0788 tfsncofs - ok
06:56:14.0156 0788 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
06:56:14.0156 0788 tfsndrct - ok
06:56:14.0171 0788 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
06:56:14.0187 0788 tfsndres - ok
06:56:14.0187 0788 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
06:56:14.0250 0788 tfsnifs - ok
06:56:14.0265 0788 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
06:56:14.0281 0788 tfsnopio - ok
06:56:14.0281 0788 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
06:56:14.0296 0788 tfsnpool - ok
06:56:14.0312 0788 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
06:56:14.0328 0788 tfsnudf - ok
06:56:14.0343 0788 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
06:56:14.0375 0788 tfsnudfa - ok
06:56:14.0406 0788 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys
06:56:14.0437 0788 tmactmon - ok
06:56:14.0562 0788 tmcfw (e5aa5bcb134d3ab03a8b56ddd728c37f) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
06:56:14.0625 0788 tmcfw - ok
06:56:14.0656 0788 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys
06:56:14.0671 0788 tmcomm - ok
06:56:14.0703 0788 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys
06:56:14.0718 0788 tmevtmgr - ok
06:56:14.0750 0788 tmpreflt (379c4f99994a56b66e11d1e32bb22a1c) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
06:56:14.0765 0788 tmpreflt - ok
06:56:14.0796 0788 tmtdi (1cf2f398e08592985a5bd1bbef59d043) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
06:56:14.0812 0788 tmtdi - ok
06:56:14.0937 0788 tmxpflt (717e406972bbc07f8fb2a989416cab73) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
06:56:14.0984 0788 tmxpflt - ok
06:56:15.0015 0788 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
06:56:15.0031 0788 TosIde - ok
06:56:15.0078 0788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:56:15.0093 0788 Udfs - ok
06:56:15.0125 0788 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
06:56:15.0140 0788 ultra - ok
06:56:15.0265 0788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:56:15.0296 0788 Update - ok
06:56:15.0390 0788 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
06:56:15.0406 0788 USBAAPL - ok
06:56:15.0453 0788 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:56:15.0468 0788 usbaudio - ok
06:56:15.0531 0788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:56:15.0546 0788 usbccgp - ok
06:56:15.0562 0788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:56:15.0578 0788 usbehci - ok
06:56:15.0625 0788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:56:15.0640 0788 usbhub - ok
06:56:15.0703 0788 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:56:15.0718 0788 usbprint - ok
06:56:15.0812 0788 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:56:15.0812 0788 usbscan - ok
06:56:15.0843 0788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:56:15.0859 0788 USBSTOR - ok
06:56:15.0875 0788 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:56:15.0890 0788 usbuhci - ok
06:56:15.0921 0788 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
06:56:15.0937 0788 usbvideo - ok
06:56:15.0953 0788 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
06:56:15.0953 0788 usb_rndisx - ok
06:56:15.0984 0788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:56:16.0000 0788 VgaSave - ok
06:56:16.0031 0788 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
06:56:16.0046 0788 viaagp - ok
06:56:16.0046 0788 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
06:56:16.0062 0788 ViaIde - ok
06:56:16.0093 0788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:56:16.0109 0788 VolSnap - ok
06:56:16.0250 0788 vsapint (642eb152cb980ad9181b2161066be629) C:\WINDOWS\system32\DRIVERS\vsapint.sys
06:56:16.0296 0788 vsapint - ok
06:56:16.0453 0788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:56:16.0468 0788 Wanarp - ok
06:56:16.0562 0788 wanatw - ok
06:56:16.0609 0788 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
06:56:16.0625 0788 WDC_SAM - ok
06:56:16.0625 0788 WDICA - ok
06:56:16.0656 0788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:56:16.0671 0788 wdmaud - ok
06:56:16.0750 0788 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
06:56:16.0828 0788 winachsf - ok
06:56:17.0000 0788 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
06:56:17.0015 0788 WmiAcpi - ok
06:56:17.0046 0788 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
06:56:17.0062 0788 WpdUsb - ok
06:56:17.0078 0788 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:56:17.0093 0788 WS2IFSL - ok
06:56:17.0125 0788 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:56:17.0140 0788 WSTCODEC - ok
06:56:17.0171 0788 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
06:56:17.0187 0788 \Device\Harddisk0\DR0 - ok
06:56:17.0203 0788 Boot (0x1200) (01b2009c09ccf404384a3b6b2db466a9) \Device\Harddisk0\DR0\Partition0
06:56:17.0203 0788 \Device\Harddisk0\DR0\Partition0 - ok
06:56:17.0203 0788 ============================================================
06:56:17.0203 0788 Scan finished
06:56:17.0203 0788 ============================================================
06:56:17.0203 5340 Detected object count: 0
06:56:17.0203 5340 Actual detected object count: 0












OTL logfile created on: 9/23/2011 7:00:50 AM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\David Mills\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.51% Memory free
3.85 Gb Paging File | 3.29 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.34 Gb Total Space | 50.64 Gb Free Space | 58.65% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: D82M1C4 | User Name: David Mills | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/23 00:22:49 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\David Mills\Local Settings\temp\clclean.0001
PRC - [2011/09/23 00:05:11 | 001,398,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2011/09/23 00:05:10 | 000,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2011/09/23 00:05:10 | 000,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2011/09/23 00:05:10 | 000,337,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2011/09/23 00:05:09 | 000,703,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2011/09/19 11:06:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTL.exe
PRC - [2011/09/14 09:28:25 | 000,385,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2011/09/14 09:28:12 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2011/09/14 09:28:11 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2011/09/14 09:28:08 | 000,071,680 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/08/14 18:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 18:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 18:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/14 13:18:05 | 000,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/05/24 19:28:28 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/03/25 00:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/10/31 11:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/23 00:22:49 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\David Mills\Local Settings\temp\clclean.0001.dir.0001\~df394b.tmp
MOD - [2011/09/23 00:05:20 | 000,161,032 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfPack.dll
MOD - [2011/09/23 00:05:17 | 000,509,192 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfwCtl.dll
MOD - [2011/09/23 00:05:12 | 000,017,672 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\NetBSrvr.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/10/02 03:14:47 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3fd2f1db\mscorlib.dll
MOD - [2010/10/02 03:14:39 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_279a3f38\system.drawing.dll
MOD - [2010/10/02 03:14:16 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_912edabb\system.xml.dll
MOD - [2010/10/02 03:14:02 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_17935942\system.windows.forms.dll
MOD - [2010/10/02 03:13:31 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b3df9e91\system.dll
MOD - [2010/10/02 03:13:12 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/10/02 03:13:09 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/12/20 20:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/08/14 18:22:36 | 000,112,912 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2008/08/14 18:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/08/14 18:13:30 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2008/08/14 18:13:08 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
MOD - [2008/08/14 18:13:08 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
MOD - [2008/08/14 18:12:10 | 000,167,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\EFVal.dll
MOD - [2008/08/14 18:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2008/08/14 18:11:48 | 000,345,872 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
MOD - [2008/07/26 09:24:04 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/11/14 13:18:05 | 000,574,976 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
MOD - [2006/11/14 13:18:05 | 000,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
MOD - [2006/06/29 07:12:00 | 001,355,042 | ---- | M] () -- C:\WINDOWS\system32\CTMBHA.DLL
MOD - [2006/05/24 19:29:44 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2005/08/16 22:02:54 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2005/08/16 22:02:54 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005/08/16 22:02:54 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2005/08/16 22:02:54 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2005/08/16 22:02:54 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wltrysvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/23 00:05:10 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2011/09/23 00:05:10 | 000,488,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2011/09/23 00:05:10 | 000,337,160 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2011/09/23 00:05:09 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2011/09/14 09:28:27 | 001,475,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2011/09/14 09:28:25 | 000,385,024 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2011/09/14 09:28:12 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2011/09/14 09:28:11 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2011/09/14 09:28:08 | 000,071,680 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2011/09/23 00:05:20 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2011/09/23 00:05:20 | 000,066,320 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/19 18:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 18:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 18:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/07/26 10:26:56 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 10:26:44 | 004,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2008/07/26 10:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 10:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 09:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/05/21 15:21:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/04 19:24:32 | 000,038,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PC2TVAudio.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2007/01/15 14:48:26 | 000,006,784 | ---- | M] (DataWizard Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Extegrity\Exam4\Sockblkd.sys -- (Sockblkd)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/09/13 02:21:32 | 000,563,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/05/24 19:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 19:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 19:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 19:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 19:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 19:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 18:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 18:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/05/23 15:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/25 00:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/04 03:25:22 | 000,386,560 | ---- | M] (Lumanate, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AngelUsb.sys -- (AngelUsb)
DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/10/14 16:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 16:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 16:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 04:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 04:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 04:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/25 10:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 11:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 11:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/10/19 10:07:22 | 000,009,728 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 13:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1140566235-3509994432-3968527538-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=4061114
IE - HKU\S-1-5-21-1140566235-3509994432-3968527538-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1140566235-3509994432-3968527538-1006\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-1140566235-3509994432-3968527538-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1140566235-3509994432-3968527538-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...us&ibd=4061114"
FF - prefs.js..extensions.enabledItems: {D8E79D24-70A0-4A88-9D1B-48C1CA7C4041}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\David Mills\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\David Mills\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\David Mills\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\David Mills\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\David Mills\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\David Mills\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 11:27:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/01 22:17:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011/08/29 22:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\David Mills\Application Data\Move Networks [2011/05/03 13:11:33 | 000,000,000 | ---D | M]

[2010/12/13 16:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Extensions
[2011/09/01 22:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\extensions
[2011/01/03 00:42:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/01 22:08:09 | 000,000,000 | ---D | M] (Test Pilot) -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\extensions\[email protected]
[2011/09/09 05:26:12 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\searchplugins\amazon-search-suggestions.xml
[2010/12/14 12:16:51 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\searchplugins\webster.xml
[2011/09/01 22:02:24 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\searchplugins\youtube.xml
[2011/09/01 22:17:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/24 08:33:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/26 23:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 14:44:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DAVID MILLS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3NQIHZ1A.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/01/24 08:32:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/08 11:27:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/30 14:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/22 23:26:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe (Dell Inc)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1140566235-3509994432-3968527538-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1140566235-3509994432-3968527538-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1140566235-3509994432-3968527538-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1140566235-3509994432-3968527538-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C20278-9A94-46A0-B095-1E77756D1615}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\David Mills\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Mills\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/23 07:43:34 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\David Mills\Desktop\TDSSKiller.exe
[2011/09/23 01:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Application Data\ElevatedDiagnostics
[2011/09/23 00:10:02 | 000,059,472 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2011/09/23 00:10:02 | 000,051,792 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2011/09/23 00:10:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2011/09/23 00:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro Internet Security
[2011/09/23 00:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2011/09/23 00:05:25 | 000,656,648 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\UfWSC.cpl
[2011/09/23 00:05:20 | 001,405,720 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys
[2011/09/23 00:05:20 | 000,335,376 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2011/09/23 00:05:20 | 000,262,416 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys
[2011/09/23 00:05:20 | 000,066,320 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2011/09/23 00:05:20 | 000,036,624 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys
[2011/09/22 23:52:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/22 23:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Local Settings\Application Data\ApplicationHistory
[2011/09/22 23:08:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/22 22:54:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/22 22:52:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/22 22:52:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/22 22:52:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/22 22:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/22 22:52:39 | 000,000,000 | ---D | C] -- C:\ComboFix2
[2011/09/22 20:24:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/22 20:22:43 | 004,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\David Mills\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2011/09/22 19:13:08 | 004,237,365 | R--- | C] (Swearware) -- C:\Documents and Settings\David Mills\Desktop\ComboFix2.exe
[2011/09/22 11:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/22 11:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/09/22 07:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/22 07:07:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/22 07:03:43 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\David Mills\Desktop\iexplore.exe
[2011/09/20 16:02:55 | 000,167,864 | ---- | C] (Webroot) -- C:\Documents and Settings\David Mills\Desktop\antizeroaccess.exe
[2011/09/19 15:36:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/19 11:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Desktop\GooredFix Backups
[2011/09/19 11:39:46 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\David Mills\Desktop\GooredFix.exe
[2011/09/19 11:31:16 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/19 11:28:34 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTM.exe
[2011/09/19 11:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/09/19 11:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/19 11:27:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\David Mills\Desktop\erunt-setup.exe
[2011/09/19 11:06:12 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTL.exe
[2011/09/19 09:07:09 | 000,163,408 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/09/16 14:41:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\audiences
[2011/09/16 14:41:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\plugins
[2011/09/16 14:41:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\common
[2011/09/16 14:41:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\codecs
[2011/09/16 14:41:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\tools
[2011/09/16 14:41:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin
[2011/09/16 14:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\mycodec
[2011/09/16 14:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\MyVideoConverter
[2011/09/15 10:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Desktop\System Cleaner
[2011/09/15 10:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Application Data\Malwarebytes
[2011/09/15 10:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/15 10:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/15 10:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/09/15 10:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/09/14 16:18:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/08 12:15:43 | 000,000,000 | ---D | C] -- C:\CFdownloads
[2011/09/08 12:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\CinemaForge
[2011/09/08 12:13:57 | 001,577,792 | ---- | C] (XMLAuthor Inc.) -- C:\WINDOWS\screengenie.scr
[2011/09/05 19:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter
[2011/09/03 05:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/01 04:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Desktop\Perspectives

========== Files - Modified Within 30 Days ==========

[2011/09/23 06:54:48 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\David Mills\Desktop\TDSSKiller.exe
[2011/09/23 06:17:32 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/23 01:20:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/23 00:22:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/23 00:22:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/23 00:22:39 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/23 00:09:33 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2011/09/23 00:05:25 | 000,656,648 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\UfWSC.cpl
[2011/09/23 00:05:20 | 000,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2011/09/23 00:05:20 | 000,066,320 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2011/09/22 23:26:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/22 22:57:18 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_51360.nl_
[2011/09/22 22:54:30 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/09/22 20:22:43 | 004,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\David Mills\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2011/09/22 19:13:08 | 004,237,365 | R--- | M] (Swearware) -- C:\Documents and Settings\David Mills\Desktop\ComboFix2.exe
[2011/09/22 16:16:11 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/22 11:49:27 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\David Mills\Desktop\sdsetup_revwire207.exe
[2011/09/22 07:07:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/22 07:03:43 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\David Mills\Desktop\iexplore.exe
[2011/09/22 06:58:56 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\David Mills\Desktop\rkill.com
[2011/09/21 21:51:22 | 004,223,304 | R--- | M] () -- C:\Documents and Settings\David Mills\Desktop\explore.com
[2011/09/21 21:43:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/09/21 21:43:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/09/21 13:02:44 | 004,222,691 | R--- | M] () -- C:\Documents and Settings\David Mills\Desktop\explorer.com
[2011/09/20 21:13:31 | 004,221,174 | R--- | M] () -- C:\Documents and Settings\David Mills\Desktop\Combo_Fix.exe
[2011/09/20 20:02:34 | 004,221,174 | R--- | M] () -- C:\Documents and Settings\David Mills\Desktop\render.exe
[2011/09/20 18:21:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\David Mills\Desktop\MBR.dat
[2011/09/20 17:43:34 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/09/20 16:02:55 | 000,167,864 | ---- | M] (Webroot) -- C:\Documents and Settings\David Mills\Desktop\antizeroaccess.exe
[2011/09/20 11:19:25 | 004,210,959 | R--- | M] () -- C:\Documents and Settings\David Mills\Desktop\Combo-Fix.exe
[2011/09/20 09:19:48 | 004,210,959 | R--- | M] () -- C:\Documents and Settings\David Mills\Desktop\ComboFix.exe
[2011/09/19 11:39:46 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\David Mills\Desktop\GooredFix.exe
[2011/09/19 11:28:34 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTM.exe
[2011/09/19 11:27:51 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\David Mills\Desktop\ERUNT.lnk
[2011/09/19 11:27:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\David Mills\Desktop\erunt-setup.exe
[2011/09/19 11:06:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTL.exe
[2011/09/19 09:35:52 | 000,616,032 | ---- | M] () -- C:\WINDOWS\umcat_01.db
[2011/09/19 09:06:14 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\housecall.guid.cache
[2011/09/15 08:22:38 | 046,249,416 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/09/09 04:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/02 12:39:06 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/01 22:17:10 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/01 22:17:10 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/01 14:41:42 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\winscp.rnd
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/26 15:32:55 | 000,699,603 | ---- | M] () -- C:\Documents and Settings\David Mills\My Documents\Perspectives Coordinator Training Manual.pdf
[2011/08/25 03:01:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/24 23:09:49 | 000,001,590 | ---- | M] () -- C:\Documents and Settings\David Mills\Desktop\leaders 2011.csv

========== Files Created - No Company Name ==========

[2011/09/23 00:09:32 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2011/09/22 22:54:30 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/09/22 22:54:27 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/22 22:52:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/22 22:52:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/22 22:52:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/22 22:52:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/22 22:52:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/22 12:51:23 | 2145,845,248 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/22 11:49:46 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\David Mills\Desktop\sdsetup_revwire207.exe
[2011/09/22 07:07:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/22 06:58:56 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\David Mills\Desktop\rkill.com
[2011/09/21 21:51:22 | 004,223,304 | R--- | C] () -- C:\Documents and Settings\David Mills\Desktop\explore.com
[2011/09/21 13:02:44 | 004,222,691 | R--- | C] () -- C:\Documents and Settings\David Mills\Desktop\explorer.com
[2011/09/20 21:13:31 | 004,221,174 | R--- | C] () -- C:\Documents and Settings\David Mills\Desktop\Combo_Fix.exe
[2011/09/20 20:02:34 | 004,221,174 | R--- | C] () -- C:\Documents and Settings\David Mills\Desktop\render.exe
[2011/09/20 11:19:25 | 004,210,959 | R--- | C] () -- C:\Documents and Settings\David Mills\Desktop\Combo-Fix.exe
[2011/09/20 09:18:59 | 004,210,959 | R--- | C] () -- C:\Documents and Settings\David Mills\Desktop\ComboFix.exe
[2011/09/19 13:49:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\David Mills\Desktop\MBR.dat
[2011/09/19 11:46:19 | 000,048,016 | -HS- | C] () -- C:\WINDOWS\System32\c_51360.nl_
[2011/09/19 11:27:51 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\David Mills\Desktop\ERUNT.lnk
[2011/09/19 09:35:35 | 000,616,032 | ---- | C] () -- C:\WINDOWS\umcat_01.db
[2011/09/19 09:06:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\housecall.guid.cache
[2011/09/15 10:33:58 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\David Mills\sysclean.bat
[2011/09/01 22:17:10 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/26 15:32:55 | 000,699,603 | ---- | C] () -- C:\Documents and Settings\David Mills\My Documents\Perspectives Coordinator Training Manual.pdf
[2011/06/21 13:23:04 | 000,228,998 | ---- | C] () -- C:\WINDOWS\hpwins23.dat
[2011/06/21 13:23:04 | 000,002,075 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat
[2010/10/28 13:23:13 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/10/02 22:37:28 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ovahesufiyasomiz.dat
[2010/10/02 22:37:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pyumazozahuy.bin
[2010/09/20 11:47:42 | 000,186,843 | ---- | C] () -- C:\WINDOWS\hpwins23.dat.temp
[2010/09/20 11:47:42 | 000,001,501 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat.temp
[2010/08/19 14:38:28 | 000,062,537 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2010/08/19 14:25:30 | 000,061,374 | ---- | C] () -- C:\WINDOWS\hpqins18.dat
[2010/08/19 14:06:47 | 000,060,732 | ---- | C] () -- C:\WINDOWS\hpqins11.dat
[2010/05/17 10:33:00 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat.temp
[2010/05/06 19:39:54 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/07 16:26:05 | 000,037,925 | ---- | C] () -- C:\Documents and Settings\David Mills\Application Data\Comma Separated Values (Windows).ADR
[2010/02/05 11:32:04 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\David Mills\Application Data\winscp.rnd
[2009/12/20 20:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/09/10 09:10:56 | 000,061,172 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/25 16:43:33 | 000,002,984 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/25 16:43:33 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A930A33F8C.sys
[2009/05/16 14:49:07 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2009/02/12 23:42:20 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/12/26 11:41:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/26 09:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/08/15 21:20:14 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\David Mills\Application Data\$_hpcst$.hpc
[2007/05/29 08:01:43 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/26 06:01:59 | 046,249,416 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2007/04/22 04:59:40 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/04 19:24:32 | 000,038,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\PC2TVAudio.sys
[2006/11/22 08:45:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/22 02:20:22 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\fusioncache.dat
[2006/11/14 13:32:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/14 13:23:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/14 13:15:30 | 000,000,360 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/14 13:14:24 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/14 13:08:58 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/11/14 13:08:35 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2006/11/14 13:08:18 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/11/14 13:06:32 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/11/14 13:03:07 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/14 13:03:05 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/14 12:39:04 | 000,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2006/11/14 12:39:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2006/11/14 12:38:50 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/11/14 12:38:30 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/11/14 12:38:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/11/14 12:38:14 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/11/14 12:37:46 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 19:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 05:27:59 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 05:18:33 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/16 05:18:33 | 000,471,528 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 05:18:33 | 000,084,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 05:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/04 20:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/09/23 07:14:42 | 001,099,264 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2003/08/10 09:59:20 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2003/08/08 19:28:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/20 14:09:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/05/24 07:46:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/02/23 16:34:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[1996/02/22 14:09:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll

========== LOP Check ==========

[2010/07/27 17:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/09/22 12:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/07/11 09:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/14 13:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/11/15 13:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 08:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/12 09:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\BitZipper
[2011/09/23 01:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\ElevatedDiagnostics
[2011/04/02 07:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\FreeFLVConverter
[2009/08/18 12:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\InfraRecorder
[2011/05/30 09:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\IObit
[2007/05/29 08:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\Leadertech
[2011/09/01 12:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\PrimoPDF
[2011/05/30 09:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\Systweak
[2007/07/11 09:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\Viewpoint
[2011/06/14 04:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IObit

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/08 11:27:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/08 11:27:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/08 11:27:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/08 11:27:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/08 11:27:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/08 11:27:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/08 11:27:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/08 11:27:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/08 11:27:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/08 11:27:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/08 11:27:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/08 11:27:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\David Mills\My Documents\Gershwin Prelude no. 2.pdf:DocumentSummaryInformation
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\David Mills\My Documents\Gershwin Prelude no. 2.pdf:SummaryInformation
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\David Mills\My Documents\Gershwin Prelude no. 1.pdf:SummaryInformation
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#44
Render
Posted 23 September 2011 - 07:23 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We killed main infection. I see that you already reinstalled your AV (Trend MIcro) and that's OK.

CF deleted also one infected file which belongs to your wireless drivers. Is your Wi-Fi working properly?

Please proceed with following steps now:

Step 1

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
[2011/09/22 22:57:18 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_51360.nl_
  	
:Files
C:\WINDOWS\System32\c_51360.nl_
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • OTL scan log
  • MBAM log

  • 0

#45
dmills
Posted 23 September 2011 - 09:06 AM

dmills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I ran the OTL Fix, The OTL Quick Scan and Malwarebytes' Anti-Malware Quick Scan.


All processes killed
========== OTL ==========
C:\WINDOWS\system32\c_51360.nl_ moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\c_51360.nl_ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\David Mills\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\David Mills\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: David Mills
->Temp folder emptied: 6950999 bytes
->Temporary Internet Files folder emptied: 127472981 bytes
->Java cache emptied: 6669 bytes
->FireFox cache emptied: 38693630 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9612355 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 174.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: David Mills
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.29.1 log created on 09232011_090344

Files\Folders moved on Reboot...
C:\Documents and Settings\David Mills\Local Settings\Temp\clclean.0001.dir.0001\~df394b.tmp moved successfully.
C:\Documents and Settings\David Mills\Local Settings\Temp\clclean.0001.dir.0001\~efe2.tmp moved successfully.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_d88.dat not found!

Registry entries deleted on Reboot...







OTL logfile created on: 9/23/2011 9:29:33 AM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\David Mills\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.61% Memory free
3.85 Gb Paging File | 3.21 Gb Available in Paging File | 83.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.34 Gb Total Space | 50.87 Gb Free Space | 58.92% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: D82M1C4 | User Name: David Mills | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/23 09:27:57 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\David Mills\Local Settings\temp\clclean.0001
PRC - [2011/09/23 00:05:11 | 001,398,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2011/09/23 00:05:10 | 000,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2011/09/23 00:05:10 | 000,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2011/09/23 00:05:10 | 000,337,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2011/09/23 00:05:09 | 000,703,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2011/09/19 11:06:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTL.exe
PRC - [2011/09/14 09:28:25 | 000,385,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2011/09/14 09:28:12 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2011/09/14 09:28:11 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2011/09/14 09:28:08 | 000,071,680 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/08/14 18:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 18:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 18:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/14 13:18:05 | 000,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/05/24 19:28:28 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/03/25 00:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/10/31 11:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/23 09:27:57 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\David Mills\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
MOD - [2011/09/23 00:05:20 | 000,161,032 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfPack.dll
MOD - [2011/09/23 00:05:17 | 000,509,192 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfwCtl.dll
MOD - [2011/09/23 00:05:12 | 000,017,672 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\NetBSrvr.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/10/02 03:14:47 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3fd2f1db\mscorlib.dll
MOD - [2010/10/02 03:14:39 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_279a3f38\system.drawing.dll
MOD - [2010/10/02 03:14:16 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_912edabb\system.xml.dll
MOD - [2010/10/02 03:14:02 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_17935942\system.windows.forms.dll
MOD - [2010/10/02 03:13:31 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b3df9e91\system.dll
MOD - [2010/10/02 03:13:12 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/10/02 03:13:09 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/12/20 20:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/08/14 18:22:36 | 000,112,912 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2008/08/14 18:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/08/14 18:13:30 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2008/08/14 18:13:08 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
MOD - [2008/08/14 18:13:08 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
MOD - [2008/08/14 18:12:10 | 000,167,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\EFVal.dll
MOD - [2008/08/14 18:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2008/08/14 18:11:48 | 000,345,872 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
MOD - [2008/07/26 09:24:04 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/11/14 13:18:05 | 000,574,976 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
MOD - [2006/11/14 13:18:05 | 000,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
MOD - [2006/06/29 07:12:00 | 001,355,042 | ---- | M] () -- C:\WINDOWS\system32\CTMBHA.DLL
MOD - [2006/05/24 19:29:44 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2005/08/16 22:02:54 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2005/08/16 22:02:54 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005/08/16 22:02:54 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2005/08/16 22:02:54 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2005/08/16 22:02:54 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wltrysvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/23 00:05:10 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2011/09/23 00:05:10 | 000,488,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2011/09/23 00:05:10 | 000,337,160 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2011/09/23 00:05:09 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2011/09/14 09:28:27 | 001,475,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2011/09/14 09:28:25 | 000,385,024 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2011/09/14 09:28:12 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2011/09/14 09:28:11 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2011/09/14 09:28:08 | 000,071,680 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2011/09/23 00:05:20 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2011/09/23 00:05:20 | 000,066,320 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/19 18:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 18:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 18:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/07/26 10:26:56 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 10:26:44 | 004,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2008/07/26 10:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 10:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 09:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/05/21 15:21:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/04 19:24:32 | 000,038,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PC2TVAudio.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2007/01/15 14:48:26 | 000,006,784 | ---- | M] (DataWizard Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Extegrity\Exam4\Sockblkd.sys -- (Sockblkd)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/09/13 02:21:32 | 000,563,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/05/24 19:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 19:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 19:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 19:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 19:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 19:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 18:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 18:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/05/23 15:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/25 00:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/04 03:25:22 | 000,386,560 | ---- | M] (Lumanate, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AngelUsb.sys -- (AngelUsb)
DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/10/14 16:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 16:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 16:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 04:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 04:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 04:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/25 10:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 11:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 11:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/10/19 10:07:22 | 000,009,728 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 13:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=4061114
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...us&ibd=4061114"
FF - prefs.js..extensions.enabledItems: {D8E79D24-70A0-4A88-9D1B-48C1CA7C4041}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\David Mills\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\David Mills\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\David Mills\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\David Mills\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\David Mills\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\David Mills\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 11:27:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/01 22:17:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011/08/29 22:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\David Mills\Application Data\Move Networks [2011/05/03 13:11:33 | 000,000,000 | ---D | M]

[2010/12/13 16:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Extensions
[2011/09/01 22:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\extensions
[2011/01/03 00:42:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/01 22:08:09 | 000,000,000 | ---D | M] (Test Pilot) -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\extensions\[email protected]
[2011/09/09 05:26:12 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\searchplugins\amazon-search-suggestions.xml
[2010/12/14 12:16:51 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\searchplugins\webster.xml
[2011/09/01 22:02:24 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\Mozilla\Firefox\Profiles\3nqihz1a.default\searchplugins\youtube.xml
[2011/09/01 22:17:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/24 08:33:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/26 23:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 14:44:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DAVID MILLS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3NQIHZ1A.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/01/24 08:32:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/08 11:27:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/30 14:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/23 09:04:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe (Dell Inc)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C20278-9A94-46A0-B095-1E77756D1615}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\David Mills\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Mills\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/23 07:43:34 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\David Mills\Desktop\TDSSKiller.exe
[2011/09/23 01:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Application Data\ElevatedDiagnostics
[2011/09/23 00:10:02 | 000,059,472 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2011/09/23 00:10:02 | 000,051,792 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2011/09/23 00:10:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2011/09/23 00:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro Internet Security
[2011/09/23 00:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2011/09/23 00:05:25 | 000,656,648 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\UfWSC.cpl
[2011/09/23 00:05:20 | 001,405,720 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys
[2011/09/23 00:05:20 | 000,335,376 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2011/09/23 00:05:20 | 000,262,416 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys
[2011/09/23 00:05:20 | 000,066,320 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2011/09/23 00:05:20 | 000,036,624 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys
[2011/09/22 23:52:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/22 23:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Local Settings\Application Data\ApplicationHistory
[2011/09/22 23:08:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/22 22:54:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/22 22:52:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/22 22:52:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/22 22:52:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/22 22:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/22 22:52:39 | 000,000,000 | ---D | C] -- C:\ComboFix2
[2011/09/22 20:24:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/22 19:13:08 | 004,237,365 | R--- | C] (Swearware) -- C:\Documents and Settings\David Mills\Desktop\ComboFix2.exe
[2011/09/22 11:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/22 11:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/09/22 07:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/22 07:07:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/22 07:03:43 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\David Mills\Desktop\iexplore.exe
[2011/09/20 16:02:55 | 000,167,864 | ---- | C] (Webroot) -- C:\Documents and Settings\David Mills\Desktop\antizeroaccess.exe
[2011/09/19 15:36:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/19 11:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Desktop\GooredFix Backups
[2011/09/19 11:39:46 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\David Mills\Desktop\GooredFix.exe
[2011/09/19 11:31:16 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/19 11:28:34 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTM.exe
[2011/09/19 11:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/09/19 11:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/19 11:27:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\David Mills\Desktop\erunt-setup.exe
[2011/09/19 11:06:12 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTL.exe
[2011/09/19 09:07:09 | 000,163,408 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/09/16 14:41:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\audiences
[2011/09/16 14:41:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\plugins
[2011/09/16 14:41:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\common
[2011/09/16 14:41:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\codecs
[2011/09/16 14:41:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin\tools
[2011/09/16 14:41:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\myrmbin
[2011/09/16 14:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\mycodec
[2011/09/16 14:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\MyVideoConverter
[2011/09/15 10:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Desktop\System Cleaner
[2011/09/15 10:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Application Data\Malwarebytes
[2011/09/15 10:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/15 10:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/15 10:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/09/15 10:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/09/14 16:18:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/08 12:15:43 | 000,000,000 | ---D | C] -- C:\CFdownloads
[2011/09/08 12:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\CinemaForge
[2011/09/08 12:13:57 | 001,577,792 | ---- | C] (XMLAuthor Inc.) -- C:\WINDOWS\screengenie.scr
[2011/09/05 19:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter
[2011/09/01 04:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Mills\Desktop\Perspectives

========== Files - Modified Within 30 Days ==========

[2011/09/23 09:26:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/23 09:26:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/23 09:26:10 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/23 09:09:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/23 09:04:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/23 06:54:48 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\David Mills\Desktop\TDSSKiller.exe
[2011/09/23 01:20:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/23 00:09:33 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2011/09/23 00:05:25 | 000,656,648 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\UfWSC.cpl
[2011/09/23 00:05:20 | 000,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2011/09/23 00:05:20 | 000,066,320 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2011/09/22 22:54:30 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/09/22 19:13:08 | 004,237,365 | R--- | M] (Swearware) -- C:\Documents and Settings\David Mills\Desktop\ComboFix2.exe
[2011/09/22 16:16:11 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/22 11:49:27 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\David Mills\Desktop\sdsetup_revwire207.exe
[2011/09/22 07:07:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/22 07:03:43 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\David Mills\Desktop\iexplore.exe
[2011/09/22 06:58:56 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\David Mills\Desktop\rkill.com
[2011/09/21 21:51:22 | 004,223,304 | R--- | M] () -- C:\Documents and Settings\David Mills\Desktop\explore.com
[2011/09/21 21:43:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/09/21 21:43:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/09/21 13:02:44 | 004,222,691 | R--- | M] () -- C:\Documents and Settings\David Mills\Desktop\explorer.com
[2011/09/20 21:13:31 | 004,221,174 | R--- | M] () -- C:\Documents and Settings\David Mills\Desktop\Combo_Fix.exe
[2011/09/20 20:02:34 | 004,221,174 | R--- | M] () -- C:\Documents and Settings\David Mills\Desktop\render.exe
[2011/09/20 18:21:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\David Mills\Desktop\MBR.dat
[2011/09/20 16:02:55 | 000,167,864 | ---- | M] (Webroot) -- C:\Documents and Settings\David Mills\Desktop\antizeroaccess.exe
[2011/09/20 11:19:25 | 004,210,959 | R--- | M] () -- C:\Documents and Settings\David Mills\Desktop\Combo-Fix.exe
[2011/09/20 09:19:48 | 004,210,959 | R--- | M] () -- C:\Documents and Settings\David Mills\Desktop\ComboFix.exe
[2011/09/19 11:39:46 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\David Mills\Desktop\GooredFix.exe
[2011/09/19 11:28:34 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTM.exe
[2011/09/19 11:27:51 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\David Mills\Desktop\ERUNT.lnk
[2011/09/19 11:27:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\David Mills\Desktop\erunt-setup.exe
[2011/09/19 11:06:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Mills\Desktop\OTL.exe
[2011/09/19 09:35:52 | 000,616,032 | ---- | M] () -- C:\WINDOWS\umcat_01.db
[2011/09/19 09:06:14 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\housecall.guid.cache
[2011/09/15 08:22:38 | 046,249,416 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/09/01 22:17:10 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/01 22:17:10 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/01 14:41:42 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\David Mills\Application Data\winscp.rnd
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/26 15:32:55 | 000,699,603 | ---- | M] () -- C:\Documents and Settings\David Mills\My Documents\Perspectives Coordinator Training Manual.pdf
[2011/08/25 03:01:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/24 23:09:49 | 000,001,590 | ---- | M] () -- C:\Documents and Settings\David Mills\Desktop\leaders 2011.csv

========== Files Created - No Company Name ==========

[2011/09/23 00:09:32 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2011/09/22 22:54:30 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/09/22 22:54:27 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/22 22:52:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/22 22:52:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/22 22:52:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/22 22:52:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/22 22:52:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/22 12:51:23 | 2145,845,248 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/22 11:49:46 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\David Mills\Desktop\sdsetup_revwire207.exe
[2011/09/22 07:07:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/22 06:58:56 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\David Mills\Desktop\rkill.com
[2011/09/21 21:51:22 | 004,223,304 | R--- | C] () -- C:\Documents and Settings\David Mills\Desktop\explore.com
[2011/09/21 13:02:44 | 004,222,691 | R--- | C] () -- C:\Documents and Settings\David Mills\Desktop\explorer.com
[2011/09/20 21:13:31 | 004,221,174 | R--- | C] () -- C:\Documents and Settings\David Mills\Desktop\Combo_Fix.exe
[2011/09/20 20:02:34 | 004,221,174 | R--- | C] () -- C:\Documents and Settings\David Mills\Desktop\render.exe
[2011/09/20 11:19:25 | 004,210,959 | R--- | C] () -- C:\Documents and Settings\David Mills\Desktop\Combo-Fix.exe
[2011/09/20 09:18:59 | 004,210,959 | R--- | C] () -- C:\Documents and Settings\David Mills\Desktop\ComboFix.exe
[2011/09/19 13:49:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\David Mills\Desktop\MBR.dat
[2011/09/19 11:27:51 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\David Mills\Desktop\ERUNT.lnk
[2011/09/19 09:35:35 | 000,616,032 | ---- | C] () -- C:\WINDOWS\umcat_01.db
[2011/09/19 09:06:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\housecall.guid.cache
[2011/09/15 10:33:58 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\David Mills\sysclean.bat
[2011/09/01 22:17:10 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/26 15:32:55 | 000,699,603 | ---- | C] () -- C:\Documents and Settings\David Mills\My Documents\Perspectives Coordinator Training Manual.pdf
[2011/06/21 13:23:04 | 000,228,998 | ---- | C] () -- C:\WINDOWS\hpwins23.dat
[2011/06/21 13:23:04 | 000,002,075 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat
[2010/10/28 13:23:13 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/10/02 22:37:28 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ovahesufiyasomiz.dat
[2010/10/02 22:37:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pyumazozahuy.bin
[2010/09/20 11:47:42 | 000,186,843 | ---- | C] () -- C:\WINDOWS\hpwins23.dat.temp
[2010/09/20 11:47:42 | 000,001,501 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat.temp
[2010/08/19 14:38:28 | 000,062,537 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2010/08/19 14:25:30 | 000,061,374 | ---- | C] () -- C:\WINDOWS\hpqins18.dat
[2010/08/19 14:06:47 | 000,060,732 | ---- | C] () -- C:\WINDOWS\hpqins11.dat
[2010/05/17 10:33:00 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat.temp
[2010/05/06 19:39:54 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/07 16:26:05 | 000,037,925 | ---- | C] () -- C:\Documents and Settings\David Mills\Application Data\Comma Separated Values (Windows).ADR
[2010/02/05 11:32:04 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\David Mills\Application Data\winscp.rnd
[2009/12/20 20:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/09/10 09:10:56 | 000,061,172 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/25 16:43:33 | 000,002,984 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/25 16:43:33 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A930A33F8C.sys
[2009/05/16 14:49:07 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2009/02/12 23:42:20 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/12/26 11:41:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/26 09:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/08/15 21:20:14 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\David Mills\Application Data\$_hpcst$.hpc
[2007/05/29 08:01:43 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/26 06:01:59 | 046,249,416 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2007/04/22 04:59:40 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/04 19:24:32 | 000,038,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\PC2TVAudio.sys
[2006/11/22 08:45:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/22 02:20:22 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\David Mills\Local Settings\Application Data\fusioncache.dat
[2006/11/14 13:32:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/14 13:23:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/14 13:15:30 | 000,000,360 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/14 13:14:24 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/14 13:08:58 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/11/14 13:08:35 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2006/11/14 13:08:18 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/11/14 13:06:32 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/11/14 13:03:07 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/14 13:03:05 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/14 12:39:04 | 000,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2006/11/14 12:39:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2006/11/14 12:38:50 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/11/14 12:38:30 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/11/14 12:38:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/11/14 12:38:14 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/11/14 12:37:46 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 19:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 05:27:59 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 05:18:33 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/16 05:18:33 | 000,471,528 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 05:18:33 | 000,084,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 05:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/04 20:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/09/23 07:14:42 | 001,099,264 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2003/08/10 09:59:20 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2003/08/08 19:28:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/20 14:09:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/05/24 07:46:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/02/23 16:34:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[1996/02/22 14:09:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll

========== LOP Check ==========

[2010/07/27 17:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/09/22 12:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/07/11 09:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/14 13:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/11/15 13:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 08:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/12 09:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\BitZipper
[2011/09/23 01:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\ElevatedDiagnostics
[2011/04/02 07:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\FreeFLVConverter
[2009/08/18 12:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\InfraRecorder
[2011/05/30 09:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\IObit
[2007/05/29 08:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\Leadertech
[2011/09/01 12:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\PrimoPDF
[2011/05/30 09:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\Systweak
[2007/07/11 09:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Mills\Application Data\Viewpoint

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\David Mills\My Documents\Gershwin Prelude no. 2.pdf:DocumentSummaryInformation
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\David Mills\My Documents\Gershwin Prelude no. 2.pdf:SummaryInformation
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\David Mills\My Documents\Gershwin Prelude no. 1.pdf:SummaryInformation

< End of report >







Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7781

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/23/2011 10:00:03 AM
mbam-log-2011-09-23 (10-00-03).txt

Scan type: Quick scan
Objects scanned: 190236
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP