Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browers (both Firefox & IE)are EXTREMELY slow


  • Please log in to reply

#76
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

I was able to burn the CD and I rebooted the machine from the disc. It booted up in the Dr Web Live CD (Default) mode and then I got the green Dr. Web screen.

However, it hung up and I never got the scan window. The main screen said hit CTRL A (If I remember correctly) to get to the Verbose mode. I did so and got what looks like an old DOS screen with a long list of loadings.

At the bottom of the list was typed: Cannot find boot device.

At the very (absolute) bottom of the page was typed: /bin/sh can't access tty; job control turned off


js
  • 0

Advertisements


#77
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Once I have confirmed that there is no hidden malware that we have not already seen, we will fix the MBR from here.

Now we will work outside of your windows. Please print these instruction out so that you know what you are doing


  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Drag and drop this attached scan.txt into the Custom scans and fixes box
    Attached File  scan.txt   709bytes   25 downloads
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#78
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

Below is the OTL file. For several reasons, after the scan was complete and I saved the OTL file, I rebooted from the Hard Drive. When it rebooted I received a message and then the System Configuration Utility window popped up. It was set on the General Tab and had the Selective StartUp button pre-selected. All the options under this button were checked.

I did nothing about this - thinking it better to await your instructions. I then hooked up to GeekstoGo using Firefox to reply to you.

js


------------------------------------


OTL logfile created on: 10/29/2011 1:00:51 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 83.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 13.12 Gb Free Space | 17.60% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (wuauserv)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/10/05 10:24:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/05 10:24:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/05 10:24:15 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/10/05 10:24:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/06 09:39:58 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [Auto] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () [Auto] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) [Auto] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/29 19:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (ivusb)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/10/25 21:26:10 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) [Kernel | On_Demand] -- C:\WINDOW2\system32\drivers\uji3otqy.sys -- (uji3otqy)
DRV - [2011/10/25 21:26:09 | 000,007,168 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOW2\system32\drivers\uti3otqy.sys -- (uti3otqy)
DRV - [2011/10/25 21:25:57 | 000,011,264 | ---- | M] () [Kernel | System] -- C:\WINDOW2\system32\drivers\uzi3otqy.sys -- (uzi3otqy)
DRV - [2011/10/23 09:43:16 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- C:\WINDOW2\system32\drivers\90032672.sys -- (90032672)
DRV - [2011/10/20 16:46:46 | 000,111,872 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOW2\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOW2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOW2\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOW2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOW2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/13 23:57:18 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System] -- C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys -- (d8a4fef9-85c1-448f-a6f9-2570fb195020)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\WINDOW2\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOW2\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOW2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/11/18 11:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOW2\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Baba_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\Baba_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Luli_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\Luli_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\Luli_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
IE - HKU\Luli_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\Luli_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOW2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 18:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 23:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 23:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Baba\Application Data\Move Networks [2009/12/02 02:06:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Components: C:\Netscape 6\Components
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Plugins: C:\Netscape 6\Plugins

[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions
[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/07 23:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions
[2010/06/25 22:04:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/28 23:57:29 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\searchplugins\imdb.xml
[2011/03/23 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 12:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2010/06/24 12:46:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/02 18:35:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 19:36:22 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/06/24 12:46:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 07:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 09:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/20 19:28:09 | 000,000,027 | ---- | M]) - C:\WINDOW2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOW2\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOW2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOW2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOW2\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ US DOT VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = File not found
O4 - Startup: C:\Documents and Settings\Baba\Start Menu\Programs\Startup\PandaUSBVaccine.lnk = C:\PANDA\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Baba_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Baba_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Baba_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Baba_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService.NT_AUTHORITY.000_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService.NT_AUTHORITY.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Luli_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Luli_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY.000_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService.NT_AUTHORITY.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sra.dot.gov/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOW2\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOW2\drescher1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOW2\drescher1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 17:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/02 07:48:02 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32: msacm.iac2 - C:\WINDOW2\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOW2\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOW2\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOW2\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOW2\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOW2\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOW2\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOW2\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOW2\System32\ir50_32.dll (Intel Corporation)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOW2^Start Menu^Programs^Startup^WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe - (Western Digital Technologies, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOW2^Start Menu^Programs^Startup^WDSmartWare.lnk - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe - (Western Digital)
MsConfig - StartUpReg: NswUiTray - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOW2\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOW2\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOW2\system32\Rundll32.exe C:\WINDOW2\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOW2\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/29 00:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/10/29 00:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Uniblue
[2011/10/29 00:08:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\~0
[2011/10/29 00:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Local Settings\Application Data\PackageAware
[2011/10/28 00:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Intuit
[2011/10/27 23:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\ImgBurn
[2011/10/27 17:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luli\Local Settings\Application Data\Intuit
[2011/10/27 17:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\ImgBurn
[2011/10/27 17:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/10/27 17:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Local Settings\Application Data\Intuit
[2011/10/27 17:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\QuickBooks
[2011/10/27 16:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Nuance
[2011/10/27 16:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2011/10/27 16:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Intuit
[2011/10/27 16:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SQL Anywhere 11
[2011/10/27 16:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\COMMON FILES
[2011/10/27 16:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Documents\Intuit
[2011/10/27 15:17:01 | 000,000,000 | ---D | C] -- C:\WINDOW2\Intuit
[2011/10/27 14:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Download Manager
[2011/10/27 14:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Akamai
[2011/10/25 21:26:10 | 000,010,240 | ---- | C] (Zaitsev Oleg, 2006) -- C:\WINDOW2\System32\drivers\uji3otqy.sys
[2011/10/25 00:47:37 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOW2\System32\drivers\90032672.sys
[2011/10/23 01:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\Revo Uninstaller
[2011/10/23 01:38:00 | 000,000,000 | ---D | C] -- C:\UNINSTALLER-Revo
[2011/10/22 00:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/22 00:25:05 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOW2\System32\drivers\mbam.sys
[2011/10/20 01:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Panda Security
[2011/10/20 01:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Panda Security
[2011/10/20 01:47:56 | 000,000,000 | ---D | C] -- C:\PANDA
[2011/10/18 19:55:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Baba\Recent
[2011/10/18 17:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\System Restore
[2011/10/17 15:40:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/17 15:33:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWREG.exe
[2011/10/17 15:33:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWSC.exe
[2011/10/17 15:33:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWXCACLS.exe
[2011/10/17 15:33:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOW2\NIRCMD.exe
[2011/10/17 15:32:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/17 15:32:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\Administrative Tools
[2011/10/17 08:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Sun
[2011/10/16 09:54:23 | 000,000,000 | ---D | C] -- C:\Danae Saklas
[2011/10/16 09:54:06 | 000,000,000 | ---D | C] -- C:\Danae
[2011/10/15 11:13:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\UserData
[2011/10/15 11:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Macromedia
[2011/10/15 10:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\Sun
[2011/10/15 09:59:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\UserData
[2011/10/15 09:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\Macromedia
[2011/10/15 09:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\Adobe
[2011/10/13 22:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luli\Application Data\Avira
[2011/10/13 18:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Puran Defrag
[2011/10/13 18:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/10/12 23:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Avira
[2011/10/12 23:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Avira
[2011/10/12 23:01:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\ssmdrv.sys
[2011/10/12 23:01:08 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avipbb.sys
[2011/10/12 23:01:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avkmgr.sys
[2011/10/12 23:01:07 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avgntflt.sys
[2011/10/12 22:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/12 01:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/07 23:30:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/06 09:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Local Settings
[2011/10/01 23:48:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Luli\Start Menu\Programs\Administrative Tools
[2011/10/01 12:23:41 | 000,000,000 | ---D | C] -- C:\Computer
[1 C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/29 11:45:52 | 000,002,048 | --S- | M] () -- C:\WINDOW2\bootstat.dat
[2011/10/29 00:09:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/29 00:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup
[2011/10/28 23:39:45 | 000,186,097 | ---- | M] () -- C:\WINDOW2\System32\nvapps.xml
[2011/10/28 23:39:37 | 000,013,646 | ---- | M] () -- C:\WINDOW2\System32\wpa.dbl
[2011/10/28 21:01:13 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dushku1.bmp
[2011/10/28 20:49:07 | 001,045,526 | ---- | M] () -- C:\WINDOW2\dunst2.bmp
[2011/10/28 20:45:21 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dunst1.bmp
[2011/10/28 18:15:14 | 1610,145,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/28 00:11:17 | 000,943,608 | ---- | M] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2011/10/27 23:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\ImgBurn
[2011/10/27 23:35:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOW2\System32\FlashPlayerCPLApp.cpl
[2011/10/27 17:02:53 | 000,000,090 | ---- | M] () -- C:\WINDOW2\QBChanUtil_Trigger.ini
[2011/10/27 17:01:20 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/10/27 17:01:20 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2011/10/27 17:01:20 | 000,001,386 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\QuickBooks Pro 2011.lnk
[2011/10/27 17:01:20 | 000,001,357 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2011/10/27 17:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\QuickBooks
[2011/10/27 16:40:34 | 000,437,752 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/27 16:34:26 | 000,432,778 | ---- | M] () -- C:\WINDOW2\System32\perfh009.dat
[2011/10/27 16:34:25 | 000,067,734 | ---- | M] () -- C:\WINDOW2\System32\perfc009.dat
[2011/10/26 19:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Accessories
[2011/10/25 21:26:10 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) -- C:\WINDOW2\System32\drivers\uji3otqy.sys
[2011/10/25 21:26:09 | 000,007,168 | ---- | M] () -- C:\WINDOW2\System32\drivers\uti3otqy.sys
[2011/10/25 21:25:57 | 000,011,264 | ---- | M] () -- C:\WINDOW2\System32\drivers\uzi3otqy.sys
[2011/10/23 09:43:16 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOW2\System32\drivers\90032672.sys
[2011/10/23 01:58:20 | 000,000,376 | ---- | M] () -- C:\WINDOW2\ODBC.INI
[2011/10/23 01:38:20 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Baba\Desktop\Revo Uninstaller.lnk
[2011/10/22 12:07:48 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/22 12:02:51 | 000,000,223 | ---- | M] () -- C:\WINDOW2\Prestopm.INI
[2011/10/22 12:00:44 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2011/10/22 11:13:42 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dors2.bmp
[2011/10/22 11:10:38 | 001,045,394 | ---- | M] () -- C:\WINDOW2\dors1.bmp
[2011/10/22 11:03:41 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dunne2.bmp
[2011/10/22 10:55:52 | 001,045,230 | ---- | M] () -- C:\WINDOW2\dunne1.bmp
[2011/10/22 10:51:50 | 001,045,550 | ---- | M] () -- C:\WINDOW2\drescher2.bmp
[2011/10/22 10:49:54 | 001,045,514 | ---- | M] () -- C:\WINDOW2\drescher1.bmp
[2011/10/22 00:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/22 00:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Microsoft Office
[2011/10/21 19:08:07 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2011/10/20 19:28:09 | 000,000,027 | ---- | M] () -- C:\WINDOW2\System32\drivers\etc\hosts
[2011/10/20 16:46:46 | 000,111,872 | ---- | M] () -- C:\WINDOW2\System32\drivers\TrueSight.sys
[2011/10/20 01:48:54 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Baba\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2011/10/20 01:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Panda Security
[2011/10/18 17:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\WordPerfect Office 12
[2011/10/18 17:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\WD SmartWare
[2011/10/18 17:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\TurboCAD Deluxe v11
[2011/10/18 17:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\ScanSoft OmniPage SE 2.0
[2011/10/18 17:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\QuickTime
[2011/10/18 17:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Quicken Legal Products
[2011/10/18 17:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Puran Defrag
[2011/10/18 17:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Presto! PageManager 6
[2011/10/18 17:45:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\OpenOffice.org 3.2
[2011/10/18 17:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Netscape 6.2
[2011/10/18 17:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Microsoft Silverlight
[2011/10/18 17:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Games
[2011/10/18 17:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Free PDF to Word Doc Converter
[2011/10/18 17:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\FHWA
[2011/10/18 17:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\ERUNT
[2011/10/18 17:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\DeepBurner
[2011/10/18 17:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Coupons
[2011/10/18 17:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Compaq Visual Fortran 6
[2011/10/18 17:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Canon CAMERA Utilities
[2011/10/18 17:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Canon
[2011/10/18 17:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Avira
[2011/10/18 17:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Avery Dennison
[2011/10/18 17:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\ArcSoft PhotoStudio 5.5
[2011/10/18 17:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Administrative Tools
[2011/10/15 12:32:20 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/12 23:02:29 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/07 22:45:59 | 001,045,466 | ---- | M] () -- C:\WINDOW2\dietrich2.bmp
[2011/10/07 22:42:35 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:13 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:53 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody1.bmp
[2011/10/01 23:44:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Luli\defogger_reenable
[1 C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/27 17:01:20 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/10/27 17:01:20 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2011/10/27 17:01:20 | 000,001,386 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\QuickBooks Pro 2011.lnk
[2011/10/27 17:01:20 | 000,001,357 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2011/10/27 16:43:34 | 000,000,090 | ---- | C] () -- C:\WINDOW2\QBChanUtil_Trigger.ini
[2011/10/27 16:40:34 | 000,437,752 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/25 21:26:03 | 000,007,168 | ---- | C] () -- C:\WINDOW2\System32\drivers\uti3otqy.sys
[2011/10/25 21:25:57 | 000,011,264 | ---- | C] () -- C:\WINDOW2\System32\drivers\uzi3otqy.sys
[2011/10/23 01:38:20 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Baba\Desktop\Revo Uninstaller.lnk
[2011/10/22 11:13:40 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dors2.bmp
[2011/10/22 11:03:39 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dunne2.bmp
[2011/10/22 10:55:50 | 001,045,230 | ---- | C] () -- C:\WINDOW2\dunne1.bmp
[2011/10/22 10:51:43 | 001,045,550 | ---- | C] () -- C:\WINDOW2\drescher2.bmp
[2011/10/22 10:49:51 | 001,045,514 | ---- | C] () -- C:\WINDOW2\drescher1.bmp
[2011/10/21 19:08:07 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2011/10/20 01:48:54 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Baba\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2011/10/19 23:48:07 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/19 23:48:06 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/19 23:48:06 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyula's Commander.lnk
[2011/10/19 23:48:06 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/19 23:48:06 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Thunderbird.lnk
[2011/10/19 23:48:06 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/10/19 23:48:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/10/19 23:47:57 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/19 23:47:57 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\MSN.lnk
[2011/10/19 23:47:57 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Apple Software Update.lnk
[2011/10/19 23:47:57 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Photoshop Elements 2.0.lnk
[2011/10/19 23:47:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/19 23:47:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Windows Movie Maker.lnk
[2011/10/19 23:47:57 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Windows Messenger.lnk
[2011/10/18 21:57:08 | 000,111,872 | ---- | C] () -- C:\WINDOW2\System32\drivers\TrueSight.sys
[2011/10/17 15:41:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/17 15:40:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/17 15:33:15 | 000,256,000 | ---- | C] () -- C:\WINDOW2\PEV.exe
[2011/10/17 15:33:15 | 000,208,896 | ---- | C] () -- C:\WINDOW2\MBR.exe
[2011/10/17 15:33:15 | 000,098,816 | ---- | C] () -- C:\WINDOW2\sed.exe
[2011/10/17 15:33:15 | 000,080,412 | ---- | C] () -- C:\WINDOW2\grep.exe
[2011/10/17 15:33:15 | 000,068,096 | ---- | C] () -- C:\WINDOW2\zip.exe
[2011/10/07 22:48:57 | 001,045,394 | ---- | C] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:42:32 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:11 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:50 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody1.bmp
[2011/10/02 00:06:09 | 000,302,592 | ---- | C] () -- C:\gmer.exe
[2011/10/01 23:44:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Luli\defogger_reenable
[2010/10/05 19:15:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/05 19:10:17 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/13 19:01:29 | 000,000,066 | ---- | C] () -- C:\WINDOW2\GDINST.INI
[2009/10/01 23:33:34 | 000,000,223 | ---- | C] () -- C:\WINDOW2\Prestopm.INI
[2009/10/01 23:32:22 | 000,036,291 | ---- | C] () -- C:\WINDOW2\CSTBox.INI
[2009/08/20 00:28:34 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PrimoPDFSet.xml
[2009/08/20 00:28:26 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\PrimoPDFSet.xml
[2009/08/19 23:45:06 | 000,176,235 | ---- | C] () -- C:\WINDOW2\System32\Primomonnt.dll
[2009/08/13 18:23:41 | 000,075,776 | ---- | C] () -- C:\WINDOW2\cadkasdeinst01e.exe
[2009/07/14 04:35:33 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 03:17:34 | 000,000,235 | ---- | C] () -- C:\WINDOW2\EXCEL4.INI
[2009/07/11 15:13:24 | 000,022,480 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI16.DLL
[2009/07/11 15:13:24 | 000,020,992 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI32.DLL
[2009/07/10 21:26:01 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JPR.{PB
[2009/07/10 21:26:01 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JCM.{PB
[2009/07/10 20:38:52 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Luli\Application Data\PFP120JPR.{PB
[2009/07/10 20:38:52 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Luli\Application Data\PFP120JCM.{PB
[2009/07/09 21:54:40 | 000,000,532 | ---- | C] () -- C:\WINDOW2\MAXLINK.INI
[2009/07/09 21:52:13 | 000,000,105 | ---- | C] () -- C:\WINDOW2\UMXADDIN.INI
[2009/07/09 21:52:12 | 000,040,960 | ---- | C] () -- C:\WINDOW2\System32\IPPCPUID.DLL
[2009/07/09 21:51:55 | 000,011,776 | ---- | C] () -- C:\WINDOW2\System32\pmsbfn32.dll
[2009/07/09 21:50:49 | 000,000,074 | ---- | C] () -- C:\WINDOW2\PMINI.ini
[2009/07/08 02:40:39 | 000,005,105 | ---- | C] () -- C:\Documents and Settings\Baba\.plugin141_02.trace
[2009/07/08 01:14:23 | 000,024,501 | ---- | C] () -- C:\WINDOW2\mozver.dat
[2009/07/07 01:54:29 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Luli\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/06 21:13:13 | 000,000,376 | ---- | C] () -- C:\WINDOW2\ODBC.INI
[2009/07/06 19:05:29 | 000,000,335 | ---- | C] () -- C:\WINDOW2\nsreg.dat
[2009/07/06 19:03:10 | 000,000,025 | ---- | C] () -- C:\WINDOW2\mixerdef.ini
[2009/07/06 18:56:15 | 000,002,048 | --S- | C] () -- C:\WINDOW2\bootstat.dat
[2009/07/06 18:43:58 | 000,021,640 | ---- | C] () -- C:\WINDOW2\System32\emptyregdb.dat
[2009/07/06 11:30:20 | 000,004,161 | ---- | C] () -- C:\WINDOW2\ODBCINST.INI
[2009/07/06 11:27:26 | 000,943,608 | ---- | C] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2009/07/06 10:34:13 | 000,039,104 | ---- | C] () -- C:\WINDOW2\cmijack.dat
[2009/07/06 10:34:13 | 000,022,178 | ---- | C] () -- C:\WINDOW2\cmaudio.dat
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOW2\primopdf.ini
[2008/05/16 17:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOW2\System32\nvwdmcpl.dll
[2008/05/16 17:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOW2\System32\nwiz.exe
[2008/05/16 17:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOW2\System32\nview.dll
[2008/05/16 17:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOW2\System32\nvdspsch.exe
[2008/05/16 17:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOW2\System32\nvwimg.dll
[2008/05/16 17:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOW2\System32\nvshell.dll
[2008/05/16 17:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOW2\System32\nvappbar.exe
[2008/05/16 17:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOW2\System32\keystone.exe
[2008/05/16 17:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOW2\System32\nvnt4cpl.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOW2\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOW2\System32\mlang.dat
[2006/02/28 08:00:00 | 000,432,778 | ---- | C] () -- C:\WINDOW2\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOW2\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOW2\System32\dssec.dat
[2006/02/28 08:00:00 | 000,067,734 | ---- | C] () -- C:\WINDOW2\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOW2\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOW2\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOW2\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOW2\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOW2\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOW2\System32\noise.dat

========== LOP Check ==========

[2011/10/24 20:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Canon
[2009/07/09 22:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\DeepBurner
[2009/09/01 23:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\FileOpen
[2011/10/27 17:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\ImgBurn
[2009/09/20 13:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\IMSI
[2010/12/14 10:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Juniper Networks
[2009/07/06 20:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Netscape
[2009/07/09 21:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\NewSoft
[2011/03/24 22:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\NSBackup
[2010/06/24 13:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\OpenOffice.org
[2011/10/10 14:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Quyb
[2009/07/09 21:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\ScanSoft
[2009/12/31 20:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\TechWizard
[2010/09/03 18:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Thunderbird
[2011/10/29 00:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Uniblue
[2009/12/27 01:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Western Digital
[2011/07/26 21:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\Canon
[2009/09/04 16:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\FileOpen
[2010/08/09 20:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\NewSoft
[2011/10/12 00:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\Saleq
[2009/08/18 23:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\ScanSoft
[2010/09/03 19:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\Thunderbird
[2011/10/12 02:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\Viur
[2009/12/13 13:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Avery
[2011/10/27 16:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\COMMON FILES
[2009/09/01 23:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\FileOpen
[2009/09/20 13:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\IMSI
[2009/12/14 00:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\IProt
[2009/07/08 02:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Juniper Networks
[2011/10/27 16:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Nuance
[2011/10/20 01:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Panda Security
[2009/07/09 00:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\PCSettings
[2009/08/18 23:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\ScanSoft
[2011/10/27 16:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SQL Anywhere 11
[2009/08/18 23:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SSScanAppDataDir
[2009/08/18 23:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SSScanWizard
[2009/12/27 03:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\WD_SmartWareCommon
[2011/03/02 01:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Western Digital
[2011/10/29 00:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/10/29 00:36:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\~0

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %temp%\smtmp\*.*

< %SYSTEMDRIVE%\*.exe >
[2006/09/19 19:07:48 | 000,045,568 | ---- | M] (Atribune.org) -- C:\ATF-Cleaner.exe
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\gmer.exe


< MD5 for: AGP440.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOW2\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/27 17:23:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOW2\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/12/27 17:23:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOW2\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOW2\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOW2\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOW2\system32\drivers\agp440.sys
[2004/08/03 19:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOW2\$NtServicePackUninstall$\agp440.sys
[2004/08/03 19:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOW2\system32\ReinstallBackups\0008\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOW2\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/27 17:23:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOW2\Driver Cache\i386\sp3.cab:atapi.sys
[2009/12/27 17:23:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOW2\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOW2\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOW2\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOW2\system32\drivers\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOW2\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOW2\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOW2\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOW2\system32\eventlog.dll
[2006/02/28 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOW2\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\ServicePackFiles\i386\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOW2\$NtServicePackUninstall$\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOW2\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOW2\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOW2\system32\netlogon.dll
[2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOW2\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOW2\Driver Cache\i386\sp2.cab:ntoskrnl.exe
[2009/12/27 17:23:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOW2\Driver Cache\i386\sp3.cab:ntoskrnl.exe
[2009/12/27 17:23:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOW2\ServicePackFiles\i386\sp3.cab:ntoskrnl.exe
[2009/12/09 14:22:36 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=05BE3D9A71972223AFF6A3C823BA51B1 -- C:\WINDOW2\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe
[2008/04/13 15:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOW2\$NtUninstallKB956572$\ntoskrnl.exe
[2008/04/13 15:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOW2\ServicePackFiles\i386\ntoskrnl.exe
[2005/03/01 14:04:22 | 002,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- C:\Desktop\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[2010/04/27 22:25:02 | 002,189,952 | ---- | M] (Microsoft Corporation) MD5=472059774023F80EB7227EAF9A7ACDA1 -- C:\WINDOW2\$NtUninstallKB2393802$\ntoskrnl.exe
[2010/12/09 09:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=64C1ADF6DF629F340C5A439FE0EF8ED1 -- C:\WINDOW2\Driver Cache\i386\ntoskrnl.exe
[2010/12/09 09:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=64C1ADF6DF629F340C5A439FE0EF8ED1 -- C:\WINDOW2\ERDNT\cache\ntoskrnl.exe
[2010/12/09 09:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=64C1ADF6DF629F340C5A439FE0EF8ED1 -- C:\WINDOW2\system32\dllcache\ntoskrnl.exe
[2010/12/09 09:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=64C1ADF6DF629F340C5A439FE0EF8ED1 -- C:\WINDOW2\system32\ntoskrnl.exe
[2009/02/06 06:32:03 | 002,186,112 | ---- | M] (Microsoft Corporation) MD5=6A936E9D7BADAF3CAAEED1E1966EC1B0 -- C:\WINDOW2\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[2009/12/08 15:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOW2\$NtUninstallKB979683$\ntoskrnl.exe
[2009/02/06 07:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOW2\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[2009/02/06 07:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOW2\$NtUninstallKB971486$\ntoskrnl.exe
[2009/08/04 21:44:46 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=8415D9C7C050E7022AED8ABF281BE4A6 -- C:\WINDOW2\$NtUninstallKB977165-v2$\ntoskrnl.exe
[2010/04/27 09:50:44 | 002,190,080 | ---- | M] (Microsoft Corporation) MD5=A2ABBEC40CDB57454645D06B7EBD22F5 -- C:\WINDOW2\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[2010/12/09 09:43:18 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=A531BBD3DE13121C1380ED7DC99082DB -- C:\WINDOW2\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[2006/02/28 08:00:00 | 002,180,992 | ---- | M] (Microsoft Corporation) MD5=CE218BC7088681FAA06633E218596CA7 -- C:\WINDOW2\$NtUninstallKB956572_0$\ntoskrnl.exe
[2010/02/17 09:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) MD5=D41C3CBAD0E1C0728D1CDFD541F60CFA -- C:\WINDOW2\$NtUninstallKB981852$\ntoskrnl.exe
[2010/02/16 08:52:12 | 002,190,080 | ---- | M] (Microsoft Corporation) MD5=E1F653A542449D54FA2D27463D99B6B6 -- C:\WINDOW2\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[2009/02/07 22:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOW2\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2009/02/06 13:24:35 | 002,180,480 | ---- | M] (Microsoft Corporation) MD5=FACEBB0CA3154F77009CDFEE78A00BBB -- C:\WINDOW2\$NtServicePackUninstall$\ntoskrnl.exe
[2009/08/04 09:56:10 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- C:\WINDOW2\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

< MD5 for: SCECLI.DLL >
[2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOW2\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOW2\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOW2\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOW2\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOW2\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\system32\userinit.exe

< MD5 for: UXTHEME.DLL >
[2009/12/27 17:23:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOW2\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2006/02/28 08:00:00 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=2CDE496666A975A2CE8F969F3042C8DB -- C:\WINDOW2\$NtServicePackUninstall$\uxtheme.dll
[2008/04/13 20:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOW2\ServicePackFiles\i386\uxtheme.dll
[2008/04/13 20:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOW2\system32\uxtheme.dll

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOW2\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\system32\winlogon.exe

< C:\*.* >
[2008/01/21 18:44:34 | 001,902,726 | ---- | M] () -- C:\2000_Manual_3_Sedan.pdf
[2009/07/05 09:29:04 | 000,050,209 | ---- | M] () -- C:\aaw7boot.log
[2006/09/19 19:07:48 | 000,045,568 | ---- | M] (Atribune.org) -- C:\ATF-Cleaner.exe
[2005/08/30 17:16:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/08/02 07:48:02 | 000,001,688 | ---- | M] () -- C:\AUTOEXEC.NT
[2011/10/15 12:32:20 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/29 00:09:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2009/07/14 03:35:39 | 000,000,321 | ---- | M] () -- C:\boot.old.txt
[2007/05/16 18:19:24 | 000,009,006 | ---- | M] () -- C:\clean.bat
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/10/20 19:41:15 | 000,010,749 | ---- | M] () -- C:\ComboFix.txt
[2007/08/02 07:45:26 | 000,002,577 | ---- | M] () -- C:\CONFIG.NT
[2005/08/30 17:16:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/10/17 12:05:58 | 000,003,038 | ---- | M] () -- C:\fix_svchost.bat.txt
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\gmer.exe
[2011/10/28 18:15:14 | 1610,145,792 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/12 09:57:44 | 000,004,768 | ---- | M] () -- C:\himem.sys
[2008/01/21 18:46:28 | 000,000,219 | ---- | M] () -- C:\info.txt
[2009/09/01 23:15:30 | 000,017,590 | ---- | M] () -- C:\install.log
[2005/08/30 17:16:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/02 22:20:34 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2011/08/01 11:04:06 | 000,002,022 | ---- | M] () -- C:\mc.wpd
[2005/08/30 17:16:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/11/05 16:17:46 | 000,007,200 | ---- | M] () -- C:\nero1.txt
[2011/10/22 12:00:44 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2004/08/12 10:02:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/21 05:48:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2007/11/16 22:14:52 | 000,000,020 | -HS- | M] () -- C:\ntuser.ini
[2011/10/28 18:15:01 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2011/08/20 15:24:30 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011/04/13 12:52:28 | 000,019,968 | ---- | M] () -- C:\Professional Development Service Form 2011.doc
[2011/04/13 12:54:05 | 000,043,008 | ---- | M] () -- C:\Professional Service Form 2011.doc
[2011/10/19 18:32:17 | 000,046,010 | ---- | M] () -- C:\TDSSKiller.2.6.11.0_19.10.2011_18.26.17_log.txt
[2011/10/22 02:01:13 | 000,046,536 | ---- | M] () -- C:\TDSSKiller.2.6.12.0_22.10.2011_01.51.11_log.txt
[2011/10/26 20:59:25 | 000,047,578 | ---- | M] () -- C:\TDSSKiller.2.6.13.0_26.10.2011_20.28.39_log.txt
[2011/10/07 23:28:24 | 000,045,172 | ---- | M] () -- C:\TDSSKiller.2.6.6.0_07.10.2011_23.24.42_log.txt
[2007/12/06 06:54:44 | 000,013,312 | -HS- | M] () -- C:\Thumbs
[2009/09/01 23:15:13 | 000,000,438 | ---- | M] () -- C:\uninstall.log
[2011/08/01 10:15:20 | 023,386,624 | ---- | M] () -- C:\WD Software Upgrader.msi
[2010/11/28 16:09:49 | 000,017,007 | ---- | M] () -- C:\ZbThumbnail.info

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/02 18:35:18 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/02 18:35:18 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/02 18:35:18 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/02 18:35:18 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/02 18:35:18 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/02 18:35:18 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

< CREATERESTOREPOINT >


< End of report >
  • 0

#79
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
If you see that again click OK and if it asks to restart do not. Just close it!
  • 0

#80
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
MBRFix in OTLPE to fix MBR in Windows XP

Please read the following proviso:

If this computer has a special MBR (Dell, hp, etc.) This next series of steps will make the recovery partition inaccessable. But with an infected MBR this is the recommended step.


Step 1.

Start OTLPE as you did previously from CD

Copy the attached Fix.txt to a USB
Attached File  Fix.txt   2.58KB   33 downloads

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and Fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )



Step 2.


Double click MBRFix
A black command window will open.
You will see a Prompt like this:

X:\PROGRAMS\MBRFix>

Double-click on the MBRFix icon, a command window will open

Posted Image

In the box type the following and press enter

MBRFix /drive 0

Accept any warnings

Reboot to normal windows and let me know how the computer is behaving



Step 3.

Now restart your computer and boot into normal mode.

Once you are at your normal desktop please run TDSSKiller again.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3.

Please post:

TDSSKiller log


How is the computer performing, what issues are you having?
  • 0

#81
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

When I rebooted after completing Step 2 I received again the message titled: System Configuration Utility. The message (and I paraphrase):

You have used the System Configuration Utility to make changes in the way Windows starts. The SCU is currently in diagnostic or Selective Startup mode causing this message to be displayed. Choose NORMAL setup mode on the General Tab to start Windows normally....

When I hit OK the SCU window came up AND since you said to start "normally," I choose the Normal Startup. I hope this was the correct thing to do. WHen the computer rebooted two oddities occurred. First the clock in the tray was 3 hours ahead, showing 11:49 when the correct time was 8:49. I then changed the clock to the correct time. Secondly, the WD backup program began running. I stopped it.

Below are the logs.

-------------------------------


OTL logfile created on: 10/29/2011 9:42:51 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 84.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 13.15 Gb Free Space | 17.64% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (wuauserv)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/10/05 10:24:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/05 10:24:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/05 10:24:15 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/10/05 10:24:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/06 09:39:58 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [Auto] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () [Auto] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) [Auto] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/29 19:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (ivusb)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/10/25 21:26:10 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) [Kernel | On_Demand] -- C:\WINDOW2\system32\drivers\uji3otqy.sys -- (uji3otqy)
DRV - [2011/10/25 21:26:09 | 000,007,168 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOW2\system32\drivers\uti3otqy.sys -- (uti3otqy)
DRV - [2011/10/25 21:25:57 | 000,011,264 | ---- | M] () [Kernel | System] -- C:\WINDOW2\system32\drivers\uzi3otqy.sys -- (uzi3otqy)
DRV - [2011/10/23 09:43:16 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- C:\WINDOW2\system32\drivers\90032672.sys -- (90032672)
DRV - [2011/10/20 16:46:46 | 000,111,872 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOW2\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOW2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOW2\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOW2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOW2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/13 23:57:18 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System] -- C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys -- (d8a4fef9-85c1-448f-a6f9-2570fb195020)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\WINDOW2\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOW2\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOW2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/11/18 11:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOW2\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOW2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 18:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 23:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 23:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/03/23 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 12:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/10/02 18:35:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 19:36:22 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/06/24 12:46:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 07:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 09:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/20 19:28:09 | 000,000,027 | ---- | M]) - C:\WINDOW2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOW2\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOW2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOW2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOW2\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ US DOT VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = File not found
O4 - Startup: C:\Documents and Settings\Baba\Start Menu\Programs\Startup\PandaUSBVaccine.lnk = C:\PANDA\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sra.dot.gov/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOW2\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 17:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/02 07:48:02 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/29 00:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/10/28 00:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Intuit
[2011/10/27 23:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\ImgBurn
[2011/10/27 17:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/10/27 17:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\QuickBooks
[2011/10/27 16:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Nuance
[2011/10/27 16:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2011/10/27 16:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Intuit
[2011/10/27 16:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SQL Anywhere 11
[2011/10/27 16:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\COMMON FILES
[2011/10/27 16:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Documents\Intuit
[2011/10/27 15:17:01 | 000,000,000 | ---D | C] -- C:\WINDOW2\Intuit
[2011/10/27 14:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Akamai
[2011/10/25 21:26:10 | 000,010,240 | ---- | C] (Zaitsev Oleg, 2006) -- C:\WINDOW2\System32\drivers\uji3otqy.sys
[2011/10/25 00:47:37 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOW2\System32\drivers\90032672.sys
[2011/10/23 01:38:00 | 000,000,000 | ---D | C] -- C:\UNINSTALLER-Revo
[2011/10/22 00:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/22 00:25:05 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOW2\System32\drivers\mbam.sys
[2011/10/20 01:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Panda Security
[2011/10/20 01:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Panda Security
[2011/10/20 01:47:56 | 000,000,000 | ---D | C] -- C:\PANDA
[2011/10/17 15:40:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/17 15:33:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWREG.exe
[2011/10/17 15:33:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWSC.exe
[2011/10/17 15:33:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWXCACLS.exe
[2011/10/17 15:33:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOW2\NIRCMD.exe
[2011/10/17 15:32:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/17 08:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Sun
[2011/10/16 09:54:23 | 000,000,000 | ---D | C] -- C:\Danae Saklas
[2011/10/16 09:54:06 | 000,000,000 | ---D | C] -- C:\Danae
[2011/10/15 11:13:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\UserData
[2011/10/15 11:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Macromedia
[2011/10/13 18:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Puran Defrag
[2011/10/13 18:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/10/12 23:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Avira
[2011/10/12 23:01:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\ssmdrv.sys
[2011/10/12 23:01:08 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avipbb.sys
[2011/10/12 23:01:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avkmgr.sys
[2011/10/12 23:01:07 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avgntflt.sys
[2011/10/12 22:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/12 01:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/07 23:30:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/06 09:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Local Settings
[2011/10/01 12:23:41 | 000,000,000 | ---D | C] -- C:\Computer
[1 C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/29 20:31:31 | 000,002,048 | --S- | M] () -- C:\WINDOW2\bootstat.dat
[2011/10/29 15:52:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/29 14:58:19 | 000,186,097 | ---- | M] () -- C:\WINDOW2\System32\nvapps.xml
[2011/10/29 14:57:41 | 000,013,646 | ---- | M] () -- C:\WINDOW2\System32\wpa.dbl
[2011/10/29 14:47:02 | 1610,145,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/29 00:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup
[2011/10/28 21:01:13 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dushku1.bmp
[2011/10/28 20:49:07 | 001,045,526 | ---- | M] () -- C:\WINDOW2\dunst2.bmp
[2011/10/28 20:45:21 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dunst1.bmp
[2011/10/28 00:11:17 | 000,943,608 | ---- | M] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2011/10/27 23:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\ImgBurn
[2011/10/27 23:35:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOW2\System32\FlashPlayerCPLApp.cpl
[2011/10/27 17:02:53 | 000,000,090 | ---- | M] () -- C:\WINDOW2\QBChanUtil_Trigger.ini
[2011/10/27 17:01:20 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/10/27 17:01:20 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2011/10/27 17:01:20 | 000,001,386 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\QuickBooks Pro 2011.lnk
[2011/10/27 17:01:20 | 000,001,357 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2011/10/27 17:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\QuickBooks
[2011/10/27 16:40:34 | 000,437,752 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/27 16:34:26 | 000,432,778 | ---- | M] () -- C:\WINDOW2\System32\perfh009.dat
[2011/10/27 16:34:25 | 000,067,734 | ---- | M] () -- C:\WINDOW2\System32\perfc009.dat
[2011/10/26 19:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Accessories
[2011/10/25 21:26:10 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) -- C:\WINDOW2\System32\drivers\uji3otqy.sys
[2011/10/25 21:26:09 | 000,007,168 | ---- | M] () -- C:\WINDOW2\System32\drivers\uti3otqy.sys
[2011/10/25 21:25:57 | 000,011,264 | ---- | M] () -- C:\WINDOW2\System32\drivers\uzi3otqy.sys
[2011/10/23 09:43:16 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOW2\System32\drivers\90032672.sys
[2011/10/23 01:58:20 | 000,000,376 | ---- | M] () -- C:\WINDOW2\ODBC.INI
[2011/10/22 12:07:48 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/22 12:02:51 | 000,000,223 | ---- | M] () -- C:\WINDOW2\Prestopm.INI
[2011/10/22 12:00:44 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2011/10/22 11:13:42 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dors2.bmp
[2011/10/22 11:10:38 | 001,045,394 | ---- | M] () -- C:\WINDOW2\dors1.bmp
[2011/10/22 11:03:41 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dunne2.bmp
[2011/10/22 10:55:52 | 001,045,230 | ---- | M] () -- C:\WINDOW2\dunne1.bmp
[2011/10/22 10:51:50 | 001,045,550 | ---- | M] () -- C:\WINDOW2\drescher2.bmp
[2011/10/22 10:49:54 | 001,045,514 | ---- | M] () -- C:\WINDOW2\drescher1.bmp
[2011/10/22 00:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/22 00:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Microsoft Office
[2011/10/20 19:28:09 | 000,000,027 | ---- | M] () -- C:\WINDOW2\System32\drivers\etc\hosts
[2011/10/20 16:46:46 | 000,111,872 | ---- | M] () -- C:\WINDOW2\System32\drivers\TrueSight.sys
[2011/10/20 01:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Panda Security
[2011/10/18 17:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\WordPerfect Office 12
[2011/10/18 17:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\WD SmartWare
[2011/10/18 17:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\TurboCAD Deluxe v11
[2011/10/18 17:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\ScanSoft OmniPage SE 2.0
[2011/10/18 17:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\QuickTime
[2011/10/18 17:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Quicken Legal Products
[2011/10/18 17:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Puran Defrag
[2011/10/18 17:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Presto! PageManager 6
[2011/10/18 17:45:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\OpenOffice.org 3.2
[2011/10/18 17:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Netscape 6.2
[2011/10/18 17:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Microsoft Silverlight
[2011/10/18 17:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Games
[2011/10/18 17:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Free PDF to Word Doc Converter
[2011/10/18 17:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\FHWA
[2011/10/18 17:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\ERUNT
[2011/10/18 17:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\DeepBurner
[2011/10/18 17:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Coupons
[2011/10/18 17:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Compaq Visual Fortran 6
[2011/10/18 17:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Canon CAMERA Utilities
[2011/10/18 17:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Canon
[2011/10/18 17:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Avira
[2011/10/18 17:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Avery Dennison
[2011/10/18 17:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\ArcSoft PhotoStudio 5.5
[2011/10/18 17:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Administrative Tools
[2011/10/15 12:32:20 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/12 23:02:29 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/07 22:45:59 | 001,045,466 | ---- | M] () -- C:\WINDOW2\dietrich2.bmp
[2011/10/07 22:42:35 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:13 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:53 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody1.bmp
[1 C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/27 17:01:20 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/10/27 17:01:20 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2011/10/27 17:01:20 | 000,001,386 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\QuickBooks Pro 2011.lnk
[2011/10/27 17:01:20 | 000,001,357 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2011/10/27 16:43:34 | 000,000,090 | ---- | C] () -- C:\WINDOW2\QBChanUtil_Trigger.ini
[2011/10/27 16:40:34 | 000,437,752 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/25 21:26:03 | 000,007,168 | ---- | C] () -- C:\WINDOW2\System32\drivers\uti3otqy.sys
[2011/10/25 21:25:57 | 000,011,264 | ---- | C] () -- C:\WINDOW2\System32\drivers\uzi3otqy.sys
[2011/10/22 11:13:40 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dors2.bmp
[2011/10/22 11:03:39 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dunne2.bmp
[2011/10/22 10:55:50 | 001,045,230 | ---- | C] () -- C:\WINDOW2\dunne1.bmp
[2011/10/22 10:51:43 | 001,045,550 | ---- | C] () -- C:\WINDOW2\drescher2.bmp
[2011/10/22 10:49:51 | 001,045,514 | ---- | C] () -- C:\WINDOW2\drescher1.bmp
[2011/10/19 23:48:07 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/19 23:47:57 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/19 23:47:57 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\MSN.lnk
[2011/10/19 23:47:57 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Apple Software Update.lnk
[2011/10/19 23:47:57 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Photoshop Elements 2.0.lnk
[2011/10/19 23:47:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/19 23:47:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Windows Movie Maker.lnk
[2011/10/19 23:47:57 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Windows Messenger.lnk
[2011/10/18 21:57:08 | 000,111,872 | ---- | C] () -- C:\WINDOW2\System32\drivers\TrueSight.sys
[2011/10/17 15:41:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/17 15:40:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/17 15:33:15 | 000,256,000 | ---- | C] () -- C:\WINDOW2\PEV.exe
[2011/10/17 15:33:15 | 000,208,896 | ---- | C] () -- C:\WINDOW2\MBR.exe
[2011/10/17 15:33:15 | 000,098,816 | ---- | C] () -- C:\WINDOW2\sed.exe
[2011/10/17 15:33:15 | 000,080,412 | ---- | C] () -- C:\WINDOW2\grep.exe
[2011/10/17 15:33:15 | 000,068,096 | ---- | C] () -- C:\WINDOW2\zip.exe
[2011/10/07 22:48:57 | 001,045,394 | ---- | C] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:42:32 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:11 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:50 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody1.bmp
[2011/10/02 00:06:09 | 000,302,592 | ---- | C] () -- C:\gmer.exe
[2010/10/05 19:10:17 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/13 19:01:29 | 000,000,066 | ---- | C] () -- C:\WINDOW2\GDINST.INI
[2009/10/01 23:33:34 | 000,000,223 | ---- | C] () -- C:\WINDOW2\Prestopm.INI
[2009/10/01 23:32:22 | 000,036,291 | ---- | C] () -- C:\WINDOW2\CSTBox.INI
[2009/08/20 00:28:26 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\PrimoPDFSet.xml
[2009/08/19 23:45:06 | 000,176,235 | ---- | C] () -- C:\WINDOW2\System32\Primomonnt.dll
[2009/08/13 18:23:41 | 000,075,776 | ---- | C] () -- C:\WINDOW2\cadkasdeinst01e.exe
[2009/07/14 03:17:34 | 000,000,235 | ---- | C] () -- C:\WINDOW2\EXCEL4.INI
[2009/07/11 15:13:24 | 000,022,480 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI16.DLL
[2009/07/11 15:13:24 | 000,020,992 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI32.DLL
[2009/07/09 21:54:40 | 000,000,532 | ---- | C] () -- C:\WINDOW2\MAXLINK.INI
[2009/07/09 21:52:13 | 000,000,105 | ---- | C] () -- C:\WINDOW2\UMXADDIN.INI
[2009/07/09 21:52:12 | 000,040,960 | ---- | C] () -- C:\WINDOW2\System32\IPPCPUID.DLL
[2009/07/09 21:51:55 | 000,011,776 | ---- | C] () -- C:\WINDOW2\System32\pmsbfn32.dll
[2009/07/09 21:50:49 | 000,000,074 | ---- | C] () -- C:\WINDOW2\PMINI.ini
[2009/07/08 01:14:23 | 000,024,501 | ---- | C] () -- C:\WINDOW2\mozver.dat
[2009/07/06 21:13:13 | 000,000,376 | ---- | C] () -- C:\WINDOW2\ODBC.INI
[2009/07/06 19:05:29 | 000,000,335 | ---- | C] () -- C:\WINDOW2\nsreg.dat
[2009/07/06 19:03:10 | 000,000,025 | ---- | C] () -- C:\WINDOW2\mixerdef.ini
[2009/07/06 18:56:15 | 000,002,048 | --S- | C] () -- C:\WINDOW2\bootstat.dat
[2009/07/06 18:43:58 | 000,021,640 | ---- | C] () -- C:\WINDOW2\System32\emptyregdb.dat
[2009/07/06 11:30:20 | 000,004,161 | ---- | C] () -- C:\WINDOW2\ODBCINST.INI
[2009/07/06 11:27:26 | 000,943,608 | ---- | C] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2009/07/06 10:34:13 | 000,039,104 | ---- | C] () -- C:\WINDOW2\cmijack.dat
[2009/07/06 10:34:13 | 000,022,178 | ---- | C] () -- C:\WINDOW2\cmaudio.dat
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOW2\primopdf.ini
[2008/05/16 17:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOW2\System32\nvwdmcpl.dll
[2008/05/16 17:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOW2\System32\nwiz.exe
[2008/05/16 17:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOW2\System32\nview.dll
[2008/05/16 17:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOW2\System32\nvdspsch.exe
[2008/05/16 17:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOW2\System32\nvwimg.dll
[2008/05/16 17:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOW2\System32\nvshell.dll
[2008/05/16 17:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOW2\System32\nvappbar.exe
[2008/05/16 17:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOW2\System32\keystone.exe
[2008/05/16 17:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOW2\System32\nvnt4cpl.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOW2\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOW2\System32\mlang.dat
[2006/02/28 08:00:00 | 000,432,778 | ---- | C] () -- C:\WINDOW2\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOW2\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOW2\System32\dssec.dat
[2006/02/28 08:00:00 | 000,067,734 | ---- | C] () -- C:\WINDOW2\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOW2\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOW2\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOW2\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOW2\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOW2\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOW2\System32\noise.dat

========== LOP Check ==========

[2009/12/13 13:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Avery
[2011/10/27 16:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\COMMON FILES
[2009/09/01 23:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\FileOpen
[2009/09/20 13:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\IMSI
[2009/12/14 00:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\IProt
[2009/07/08 02:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Juniper Networks
[2011/10/27 16:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Nuance
[2011/10/20 01:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Panda Security
[2009/07/09 00:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\PCSettings
[2009/08/18 23:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\ScanSoft
[2011/10/27 16:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SQL Anywhere 11
[2009/08/18 23:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SSScanAppDataDir
[2009/08/18 23:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SSScanWizard
[2009/12/27 03:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\WD_SmartWareCommon
[2011/03/02 01:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Western Digital
[2011/10/29 00:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

========== Purity Check ==========



========== Custom Scans ==========


< :OTL >

< IE - HKU\Luli_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data] >

< [2005/03/01 14:04:22 | 002,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- C:\Desktop\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe >
Invalid Switch: 01 14:04:22 | 002,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- C:\Desktop\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

< [2009/02/06 06:32:03 | 002,186,112 | ---- | M] (Microsoft Corporation) MD5=6A936E9D7BADAF3CAAEED1E1966EC1B0 -- C:\WINDOW2\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe >
Invalid Switch: 06 06:32:03 | 002,186,112 | ---- | M] (Microsoft Corporation) MD5=6A936E9D7BADAF3CAAEED1E1966EC1B0 -- C:\WINDOW2\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe


< [2009/12/08 15:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOW2\$NtUninstallKB979683$\ntoskrnl.exe >
Invalid Switch: 08 15:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOW2\$NtUninstallKB979683$\ntoskrnl.exe


< [2009/02/06 07:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOW2\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe >
Invalid Switch: 06 07:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOW2\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe


< [2009/02/06 07:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOW2\$NtUninstallKB971486$\ntoskrnl.exe >
Invalid Switch: 06 07:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOW2\$NtUninstallKB971486$\ntoskrnl.exe


< [2010/12/09 09:43:18 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=A531BBD3DE13121C1380ED7DC99082DB -- C:\WINDOW2\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe >
Invalid Switch: 09 09:43:18 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=A531BBD3DE13121C1380ED7DC99082DB -- C:\WINDOW2\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe


< [2006/02/28 08:00:00 | 002,180,992 | ---- | M] (Microsoft Corporation) MD5=CE218BC7088681FAA06633E218596CA7 -- C:\WINDOW2\$NtUninstallKB956572_0$\ntoskrnl.exe >
Invalid Switch: 28 08:00:00 | 002,180,992 | ---- | M] (Microsoft Corporation) MD5=CE218BC7088681FAA06633E218596CA7 -- C:\WINDOW2\$NtUninstallKB956572_0$\ntoskrnl.exe


< [2009/02/06 13:24:35 | 002,180,480 | ---- | M] (Microsoft Corporation) MD5=FACEBB0CA3154F77009CDFEE78A00BBB -- C:\WINDOW2\$NtServicePackUninstall$\ntoskrnl.exe >
Invalid Switch: 06 13:24:35 | 002,180,480 | ---- | M] (Microsoft Corporation) MD5=FACEBB0CA3154F77009CDFEE78A00BBB -- C:\WINDOW2\$NtServicePackUninstall$\ntoskrnl.exe


< O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present >

< O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present >

< O7 - HKU\LocalService.NT_AUTHORITY.000_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present >

< O7 - HKU\Luli_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present >

< O7 - HKU\NetworkService.NT_AUTHORITY.000_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present >

< O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20) >
Invalid Switch: ...indows-i586.cab (Java Plug-in 1.6.0_20)


< O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20) >
Invalid Switch: ...indows-i586.cab (Java Plug-in 1.6.0_20)


< O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20) >
Invalid Switch: ...indows-i586.cab (Java Plug-in 1.6.0_20)


< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)


< [2011/10/29 00:08:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\~0 >
Invalid Switch: 29 00:08:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\~0




< :Reg >

< [HKU\Luli_ON_C\Software\Microsoft\Internet Explorer\Main] >

< "XMLHTTP_UUID_Default"=- >



< :Commands >

< [resethosts] >

< [emptytemp] >

< [CREATERESTOREPOINT] >


< End of report >


-------------------------------


23:47:24.0015 2128 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
23:47:24.0250 2128 ============================================================
23:47:24.0250 2128 Current date / time: 2011/10/29 23:47:24.0250
23:47:24.0250 2128 SystemInfo:
23:47:24.0250 2128
23:47:24.0250 2128 OS Version: 5.1.2600 ServicePack: 3.0
23:47:24.0250 2128 Product type: Workstation
23:47:24.0250 2128 ComputerName: JAMES-HOME
23:47:24.0250 2128 UserName: Baba
23:47:24.0250 2128 Windows directory: C:\WINDOW2
23:47:24.0250 2128 System windows directory: C:\WINDOW2
23:47:24.0250 2128 Processor architecture: Intel x86
23:47:24.0250 2128 Number of processors: 1
23:47:24.0250 2128 Page size: 0x1000
23:47:24.0250 2128 Boot type: Normal boot
23:47:24.0250 2128 ============================================================
23:47:26.0375 2128 Initialize success
23:48:27.0218 3468 ============================================================
23:48:27.0218 3468 Scan started
23:48:27.0218 3468 Mode: Manual; SigCheck; TDLFS;
23:48:27.0218 3468 ============================================================
23:48:27.0875 3468 90032672 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOW2\system32\DRIVERS\90032672.sys
23:48:28.0437 3468 90032672 - ok
23:48:28.0734 3468 Abiosdsk - ok
23:48:29.0046 3468 abp480n5 - ok
23:48:29.0484 3468 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOW2\system32\DRIVERS\ACPI.sys
23:48:29.0734 3468 ACPI - ok
23:48:30.0078 3468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOW2\system32\drivers\ACPIEC.sys
23:48:30.0343 3468 ACPIEC - ok
23:48:30.0656 3468 adpu160m - ok
23:48:31.0062 3468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOW2\system32\drivers\aec.sys
23:48:31.0390 3468 aec - ok
23:48:31.0781 3468 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOW2\System32\drivers\afd.sys
23:48:31.0937 3468 AFD - ok
23:48:32.0421 3468 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOW2\system32\DRIVERS\agp440.sys
23:48:32.0765 3468 agp440 - ok
23:48:33.0062 3468 Aha154x - ok
23:48:33.0375 3468 aic78u2 - ok
23:48:33.0703 3468 aic78xx - ok
23:48:34.0031 3468 AliIde - ok
23:48:34.0343 3468 amsint - ok
23:48:34.0734 3468 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOW2\system32\DRIVERS\arp1394.sys
23:48:35.0000 3468 Arp1394 - ok
23:48:35.0312 3468 asc - ok
23:48:35.0625 3468 asc3350p - ok
23:48:35.0937 3468 asc3550 - ok
23:48:36.0312 3468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOW2\system32\DRIVERS\asyncmac.sys
23:48:36.0515 3468 AsyncMac - ok
23:48:36.0906 3468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOW2\system32\DRIVERS\atapi.sys
23:48:37.0140 3468 atapi - ok
23:48:37.0468 3468 Atdisk - ok
23:48:37.0843 3468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOW2\system32\DRIVERS\atmarpc.sys
23:48:38.0109 3468 Atmarpc - ok
23:48:38.0468 3468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOW2\system32\DRIVERS\audstub.sys
23:48:38.0718 3468 audstub - ok
23:48:39.0093 3468 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOW2\system32\DRIVERS\avgntflt.sys
23:48:39.0125 3468 avgntflt - ok
23:48:39.0500 3468 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOW2\system32\DRIVERS\avipbb.sys
23:48:39.0531 3468 avipbb - ok
23:48:39.0890 3468 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOW2\system32\DRIVERS\avkmgr.sys
23:48:39.0906 3468 avkmgr - ok
23:48:40.0218 3468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOW2\system32\drivers\Beep.sys
23:48:40.0515 3468 Beep - ok
23:48:40.0687 3468 catchme - ok
23:48:41.0093 3468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOW2\system32\drivers\cbidf2k.sys
23:48:41.0375 3468 cbidf2k - ok
23:48:41.0734 3468 cd20xrnt - ok
23:48:42.0093 3468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOW2\system32\drivers\Cdaudio.sys
23:48:42.0343 3468 Cdaudio - ok
23:48:42.0734 3468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOW2\system32\drivers\Cdfs.sys
23:48:42.0984 3468 Cdfs - ok
23:48:43.0343 3468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOW2\system32\DRIVERS\cdrom.sys
23:48:43.0578 3468 Cdrom - ok
23:48:43.0937 3468 Changer - ok
23:48:44.0281 3468 CmdIde - ok
23:48:44.0781 3468 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOW2\system32\drivers\cmaudio.sys
23:48:45.0140 3468 cmpci - ok
23:48:45.0484 3468 Cpqarray - ok
23:48:45.0671 3468 d8a4fef9-85c1-448f-a6f9-2570fb195020 (7f109ab3e0251d73dcb56130bab7826e) C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys
23:48:45.0687 3468 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - warning
23:48:45.0687 3468 d8a4fef9-85c1-448f-a6f9-2570fb195020 - detected UnsignedFile.Multi.Generic (1)
23:48:46.0031 3468 dac2w2k - ok
23:48:46.0343 3468 dac960nt - ok
23:48:46.0750 3468 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOW2\system32\DRIVERS\disk.sys
23:48:47.0046 3468 Disk - ok
23:48:47.0734 3468 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOW2\system32\drivers\dmboot.sys
23:48:48.0484 3468 dmboot - ok
23:48:48.0906 3468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOW2\system32\drivers\dmio.sys
23:48:49.0203 3468 dmio - ok
23:48:49.0546 3468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOW2\system32\drivers\dmload.sys
23:48:49.0812 3468 dmload - ok
23:48:50.0203 3468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOW2\system32\drivers\DMusic.sys
23:48:50.0437 3468 DMusic - ok
23:48:50.0765 3468 dpti2o - ok
23:48:51.0109 3468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOW2\system32\drivers\drmkaud.sys
23:48:51.0296 3468 drmkaud - ok
23:48:51.0703 3468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOW2\system32\drivers\Fastfat.sys
23:48:52.0031 3468 Fastfat - ok
23:48:52.0390 3468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOW2\system32\DRIVERS\fdc.sys
23:48:52.0609 3468 Fdc - ok
23:48:53.0015 3468 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOW2\system32\drivers\Fips.sys
23:48:53.0234 3468 Fips - ok
23:48:53.0562 3468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOW2\system32\DRIVERS\flpydisk.sys
23:48:53.0765 3468 Flpydisk - ok
23:48:54.0171 3468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOW2\system32\drivers\fltmgr.sys
23:48:54.0437 3468 FltMgr - ok
23:48:54.0765 3468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOW2\system32\drivers\Fs_Rec.sys
23:48:55.0046 3468 Fs_Rec - ok
23:48:55.0406 3468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOW2\system32\DRIVERS\ftdisk.sys
23:48:55.0718 3468 Ftdisk - ok
23:48:56.0031 3468 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOW2\system32\DRIVERS\gameenum.sys
23:48:56.0234 3468 gameenum - ok
23:48:56.0593 3468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOW2\system32\DRIVERS\msgpc.sys
23:48:56.0828 3468 Gpc - ok
23:48:57.0187 3468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOW2\system32\DRIVERS\hidusb.sys
23:48:57.0390 3468 HidUsb - ok
23:48:57.0812 3468 hpn - ok
23:48:58.0265 3468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOW2\system32\Drivers\HTTP.sys
23:48:58.0375 3468 HTTP - ok
23:48:58.0687 3468 i2omgmt - ok
23:48:59.0015 3468 i2omp - ok
23:48:59.0359 3468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOW2\system32\DRIVERS\i8042prt.sys
23:48:59.0593 3468 i8042prt - ok
23:49:00.0015 3468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOW2\system32\DRIVERS\imapi.sys
23:49:00.0234 3468 Imapi - ok
23:49:00.0578 3468 ini910u - ok
23:49:00.0921 3468 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOW2\system32\DRIVERS\intelide.sys
23:49:01.0125 3468 IntelIde - ok
23:49:01.0515 3468 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOW2\system32\DRIVERS\intelppm.sys
23:49:01.0734 3468 intelppm - ok
23:49:02.0109 3468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOW2\system32\drivers\ip6fw.sys
23:49:02.0343 3468 Ip6Fw - ok
23:49:02.0687 3468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOW2\system32\DRIVERS\ipfltdrv.sys
23:49:03.0015 3468 IpFilterDriver - ok
23:49:03.0375 3468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOW2\system32\DRIVERS\ipinip.sys
23:49:03.0578 3468 IpInIp - ok
23:49:03.0984 3468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOW2\system32\DRIVERS\ipnat.sys
23:49:04.0218 3468 IpNat - ok
23:49:04.0578 3468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOW2\system32\DRIVERS\ipsec.sys
23:49:04.0812 3468 IPSec - ok
23:49:05.0140 3468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOW2\system32\DRIVERS\irenum.sys
23:49:05.0375 3468 IRENUM - ok
23:49:05.0828 3468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOW2\system32\DRIVERS\isapnp.sys
23:49:06.0109 3468 isapnp - ok
23:49:06.0421 3468 ivusb - ok
23:49:06.0781 3468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOW2\system32\DRIVERS\kbdclass.sys
23:49:07.0031 3468 Kbdclass - ok
23:49:07.0453 3468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOW2\system32\drivers\kmixer.sys
23:49:07.0750 3468 kmixer - ok
23:49:08.0140 3468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOW2\system32\drivers\KSecDD.sys
23:49:08.0312 3468 KSecDD - ok
23:49:08.0625 3468 lbrtfdc - ok
23:49:09.0000 3468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOW2\system32\drivers\mnmdd.sys
23:49:09.0296 3468 mnmdd - ok
23:49:09.0671 3468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOW2\system32\drivers\Modem.sys
23:49:09.0890 3468 Modem - ok
23:49:10.0281 3468 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOW2\system32\DRIVERS\mouclass.sys
23:49:10.0515 3468 Mouclass - ok
23:49:10.0859 3468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOW2\system32\DRIVERS\mouhid.sys
23:49:11.0140 3468 mouhid - ok
23:49:11.0484 3468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOW2\system32\drivers\MountMgr.sys
23:49:11.0718 3468 MountMgr - ok
23:49:12.0046 3468 mraid35x - ok
23:49:12.0453 3468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOW2\system32\DRIVERS\mrxdav.sys
23:49:12.0734 3468 MRxDAV - ok
23:49:13.0375 3468 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOW2\system32\DRIVERS\mrxsmb.sys
23:49:13.0765 3468 MRxSmb - ok
23:49:14.0125 3468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOW2\system32\drivers\Msfs.sys
23:49:14.0328 3468 Msfs - ok
23:49:14.0671 3468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOW2\system32\drivers\MSKSSRV.sys
23:49:14.0875 3468 MSKSSRV - ok
23:49:15.0218 3468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOW2\system32\drivers\MSPCLOCK.sys
23:49:15.0468 3468 MSPCLOCK - ok
23:49:15.0812 3468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOW2\system32\drivers\MSPQM.sys
23:49:16.0046 3468 MSPQM - ok
23:49:16.0406 3468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOW2\system32\DRIVERS\mssmbios.sys
23:49:16.0593 3468 mssmbios - ok
23:49:16.0968 3468 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOW2\system32\drivers\Mup.sys
23:49:17.0109 3468 Mup - ok
23:49:17.0531 3468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOW2\system32\drivers\NDIS.sys
23:49:17.0859 3468 NDIS - ok
23:49:18.0218 3468 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOW2\system32\DRIVERS\ndistapi.sys
23:49:18.0437 3468 NdisTapi - ok
23:49:18.0812 3468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOW2\system32\DRIVERS\ndisuio.sys
23:49:19.0015 3468 Ndisuio - ok
23:49:19.0453 3468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOW2\system32\DRIVERS\ndiswan.sys
23:49:19.0687 3468 NdisWan - ok
23:49:20.0046 3468 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOW2\system32\drivers\NDProxy.sys
23:49:20.0203 3468 NDProxy - ok
23:49:20.0546 3468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOW2\system32\DRIVERS\netbios.sys
23:49:20.0765 3468 NetBIOS - ok
23:49:21.0203 3468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOW2\system32\DRIVERS\netbt.sys
23:49:21.0484 3468 NetBT - ok
23:49:21.0890 3468 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOW2\system32\DRIVERS\nic1394.sys
23:49:22.0093 3468 NIC1394 - ok
23:49:22.0453 3468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOW2\system32\drivers\Npfs.sys
23:49:22.0687 3468 Npfs - ok
23:49:23.0312 3468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOW2\system32\drivers\Ntfs.sys
23:49:23.0890 3468 Ntfs - ok
23:49:24.0218 3468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOW2\system32\drivers\Null.sys
23:49:24.0500 3468 Null - ok
23:49:27.0578 3468 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOW2\system32\DRIVERS\nv4_mini.sys
23:49:32.0843 3468 nv - ok
23:49:33.0312 3468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOW2\system32\DRIVERS\nwlnkflt.sys
23:49:33.0609 3468 NwlnkFlt - ok
23:49:33.0953 3468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOW2\system32\DRIVERS\nwlnkfwd.sys
23:49:34.0234 3468 NwlnkFwd - ok
23:49:34.0609 3468 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOW2\system32\DRIVERS\ohci1394.sys
23:49:34.0796 3468 ohci1394 - ok
23:49:35.0187 3468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOW2\system32\drivers\Parport.sys
23:49:35.0421 3468 Parport - ok
23:49:35.0781 3468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOW2\system32\drivers\PartMgr.sys
23:49:36.0015 3468 PartMgr - ok
23:49:36.0359 3468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOW2\system32\drivers\ParVdm.sys
23:49:36.0703 3468 ParVdm - ok
23:49:37.0062 3468 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOW2\system32\DRIVERS\pci.sys
23:49:37.0312 3468 PCI - ok
23:49:37.0609 3468 PCIDump - ok
23:49:37.0953 3468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOW2\system32\drivers\PCIIde.sys
23:49:38.0203 3468 PCIIde - ok
23:49:38.0609 3468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOW2\system32\drivers\Pcmcia.sys
23:49:38.0875 3468 Pcmcia - ok
23:49:39.0187 3468 PDCOMP - ok
23:49:39.0500 3468 PDFRAME - ok
23:49:39.0812 3468 PDRELI - ok
23:49:40.0140 3468 PDRFRAME - ok
23:49:40.0468 3468 perc2 - ok
23:49:40.0781 3468 perc2hib - ok
23:49:41.0203 3468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOW2\system32\DRIVERS\raspptp.sys
23:49:41.0421 3468 PptpMiniport - ok
23:49:41.0796 3468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOW2\system32\DRIVERS\psched.sys
23:49:42.0046 3468 PSched - ok
23:49:42.0390 3468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOW2\system32\DRIVERS\ptilink.sys
23:49:42.0671 3468 Ptilink - ok
23:49:43.0031 3468 ql1080 - ok
23:49:43.0359 3468 Ql10wnt - ok
23:49:43.0671 3468 ql12160 - ok
23:49:44.0046 3468 ql1240 - ok
23:49:44.0390 3468 ql1280 - ok
23:49:44.0828 3468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOW2\system32\DRIVERS\rasacd.sys
23:49:46.0000 3468 RasAcd - ok
23:49:46.0546 3468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOW2\system32\DRIVERS\rasl2tp.sys
23:49:46.0921 3468 Rasl2tp - ok
23:49:47.0281 3468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOW2\system32\DRIVERS\raspppoe.sys
23:49:47.0515 3468 RasPppoe - ok
23:49:47.0906 3468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOW2\system32\DRIVERS\raspti.sys
23:49:48.0171 3468 Raspti - ok
23:49:48.0578 3468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOW2\system32\DRIVERS\rdbss.sys
23:49:48.0890 3468 Rdbss - ok
23:49:49.0250 3468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOW2\system32\DRIVERS\RDPCDD.sys
23:49:49.0500 3468 RDPCDD - ok
23:49:50.0078 3468 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOW2\system32\drivers\RDPWD.sys
23:49:50.0515 3468 RDPWD - ok
23:49:50.0890 3468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOW2\system32\DRIVERS\redbook.sys
23:49:51.0125 3468 redbook - ok
23:49:51.0515 3468 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOW2\system32\DRIVERS\RTL8139.SYS
23:49:51.0718 3468 rtl8139 - ok
23:49:52.0109 3468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOW2\system32\DRIVERS\secdrv.sys
23:49:52.0343 3468 Secdrv - ok
23:49:52.0765 3468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOW2\system32\drivers\Serial.sys
23:49:53.0000 3468 Serial - ok
23:49:53.0390 3468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOW2\system32\drivers\Sfloppy.sys
23:49:53.0609 3468 Sfloppy - ok
23:49:53.0953 3468 Simbad - ok
23:49:54.0281 3468 Sparrow - ok
23:49:54.0656 3468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOW2\system32\drivers\splitter.sys
23:49:54.0859 3468 splitter - ok
23:49:55.0281 3468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOW2\system32\DRIVERS\sr.sys
23:49:55.0515 3468 sr - ok
23:49:56.0046 3468 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOW2\system32\DRIVERS\srv.sys
23:49:56.0390 3468 Srv - ok
23:49:56.0750 3468 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOW2\system32\DRIVERS\ssmdrv.sys
23:49:56.0765 3468 ssmdrv - ok
23:49:57.0109 3468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOW2\system32\DRIVERS\swenum.sys
23:49:57.0296 3468 swenum - ok
23:49:57.0656 3468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOW2\system32\drivers\swmidi.sys
23:49:57.0921 3468 swmidi - ok
23:49:58.0281 3468 symc810 - ok
23:49:58.0609 3468 symc8xx - ok
23:49:58.0921 3468 sym_hi - ok
23:49:59.0250 3468 sym_u3 - ok
23:49:59.0640 3468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOW2\system32\drivers\sysaudio.sys
23:49:59.0890 3468 sysaudio - ok
23:50:00.0390 3468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOW2\system32\DRIVERS\tcpip.sys
23:50:00.0828 3468 Tcpip - ok
23:50:01.0203 3468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOW2\system32\drivers\TDPIPE.sys
23:50:01.0421 3468 TDPIPE - ok
23:50:01.0812 3468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOW2\system32\drivers\TDTCP.sys
23:50:02.0031 3468 TDTCP - ok
23:50:02.0437 3468 TermDD (88155247177638048422893737429d9e) C:\WINDOW2\system32\DRIVERS\termdd.sys
23:50:02.0656 3468 TermDD - ok
23:50:03.0046 3468 TosIde - ok
23:50:03.0468 3468 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\window2\system32\drivers\TrueSight.sys
23:50:03.0546 3468 TrueSight ( UnsignedFile.Multi.Generic ) - warning
23:50:03.0546 3468 TrueSight - detected UnsignedFile.Multi.Generic (1)
23:50:03.0953 3468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOW2\system32\drivers\Udfs.sys
23:50:04.0187 3468 Udfs - ok
23:50:04.0562 3468 uji3otqy (ff1774e78b914e36e603f790ca72d8a7) C:\WINDOW2\system32\Drivers\uji3otqy.sys
23:50:04.0593 3468 uji3otqy ( UnsignedFile.Multi.Generic ) - warning
23:50:04.0593 3468 uji3otqy - detected UnsignedFile.Multi.Generic (1)
23:50:04.0921 3468 ultra - ok
23:50:05.0437 3468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOW2\system32\DRIVERS\update.sys
23:50:05.0953 3468 Update - ok
23:50:06.0343 3468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOW2\system32\DRIVERS\usbehci.sys
23:50:06.0562 3468 usbehci - ok
23:50:06.0937 3468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOW2\system32\DRIVERS\usbhub.sys
23:50:07.0171 3468 usbhub - ok
23:50:07.0546 3468 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOW2\system32\DRIVERS\usbprint.sys
23:50:07.0750 3468 usbprint - ok
23:50:08.0140 3468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOW2\system32\DRIVERS\usbscan.sys
23:50:08.0359 3468 usbscan - ok
23:50:08.0781 3468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOW2\system32\DRIVERS\USBSTOR.SYS
23:50:09.0046 3468 USBSTOR - ok
23:50:09.0437 3468 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOW2\system32\DRIVERS\usbuhci.sys
23:50:09.0625 3468 usbuhci - ok
23:50:09.0968 3468 uti3otqy (524d8d450622db4a7875b111c299a76b) C:\WINDOW2\system32\Drivers\uti3otqy.sys
23:50:10.0000 3468 uti3otqy ( UnsignedFile.Multi.Generic ) - warning
23:50:10.0000 3468 uti3otqy - detected UnsignedFile.Multi.Generic (1)
23:50:10.0375 3468 uzi3otqy (d565ad44c6c4d934afad3ca4196b09aa) C:\WINDOW2\system32\Drivers\uzi3otqy.sys
23:50:10.0390 3468 uzi3otqy ( UnsignedFile.Multi.Generic ) - warning
23:50:10.0390 3468 uzi3otqy - detected UnsignedFile.Multi.Generic (1)
23:50:10.0734 3468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOW2\System32\drivers\vga.sys
23:50:11.0000 3468 VgaSave - ok
23:50:11.0328 3468 ViaIde - ok
23:50:11.0687 3468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOW2\system32\drivers\VolSnap.sys
23:50:11.0921 3468 VolSnap - ok
23:50:12.0296 3468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOW2\system32\DRIVERS\wanarp.sys
23:50:12.0515 3468 Wanarp - ok
23:50:12.0875 3468 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOW2\system32\DRIVERS\wdcsam.sys
23:50:13.0015 3468 WDC_SAM - ok
23:50:13.0359 3468 WDICA - ok
23:50:13.0750 3468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOW2\system32\drivers\wdmaud.sys
23:50:14.0000 3468 wdmaud - ok
23:50:14.0453 3468 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOW2\System32\drivers\ws2ifsl.sys
23:50:14.0765 3468 WS2IFSL - ok
23:50:15.0156 3468 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOW2\system32\DRIVERS\WudfPf.sys
23:50:15.0281 3468 WudfPf - ok
23:50:15.0343 3468 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:50:06.0218 3468 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:50:06.0218 3468 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:50:06.0234 3468 Boot (0x1200) (fc650981a1f3f179c87399ce78457b07) \Device\Harddisk0\DR0\Partition0
20:50:06.0234 3468 \Device\Harddisk0\DR0\Partition0 - ok
20:50:06.0234 3468 ============================================================
20:50:06.0234 3468 Scan finished
20:50:06.0234 3468 ============================================================
20:50:06.0375 1580 Detected object count: 6
20:50:06.0375 1580 Actual detected object count: 6
20:51:13.0484 1580 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:13.0484 1580 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:13.0484 1580 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:13.0484 1580 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:13.0484 1580 uji3otqy ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:13.0484 1580 uji3otqy ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:13.0484 1580 uti3otqy ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:13.0484 1580 uti3otqy ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:13.0500 1580 uzi3otqy ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:13.0500 1580 uzi3otqy ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:13.0500 1580 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:51:13.0500 1580 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:51:39.0593 1504 Deinitialize success

Edited by jsaklas, 29 October 2011 - 07:11 PM.

  • 0

#82
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
You did not click Run Fix in OTLPE you clicked Run Scan.

Please go back to Post #80.

Rerun Step 1.

This step is the OTLPE fix and make sure you click Run Fix after you put the fix.txt file in place.


Next if you did step 2. just skip that step, reboot and do Step 3. to run TDSSKiller again.

Then post the OTL fix log and the TDSSKiller log

We will deal with the WD program in our next post. :)
  • 0

#83
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

Sorry for the mix-up on the OTL run. The TDSSKILLER again found 6 suspicious threats all recommending skip; as instructed I just continued. Again the clock is off, this time by only one hour. I just corrected it.

Below are the logs.

-------------------------


========== OTL ==========
Unable to set value : HKU\Luli_ON_C\Software\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E!
C:\Desktop\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe moved successfully.
C:\WINDOW2\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe moved successfully.
C:\WINDOW2\$NtUninstallKB979683$\ntoskrnl.exe moved successfully.
C:\WINDOW2\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe moved successfully.
C:\WINDOW2\$NtUninstallKB971486$\ntoskrnl.exe moved successfully.
C:\WINDOW2\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe moved successfully.
C:\WINDOW2\$NtUninstallKB956572_0$\ntoskrnl.exe moved successfully.
C:\WINDOW2\$NtServicePackUninstall$\ntoskrnl.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\LocalService.NT_AUTHORITY.000_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\Luli_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\NetworkService.NT_AUTHORITY.000_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOW2\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Folder C:\Documents and Settings\All Users.WINDOW2\Application Data\~0\ not found.
========== REGISTRY ==========
Registry key HKEY_USERS\Luli_ON_C\Software\Microsoft\Internet Explorer\Main not found.
========== COMMANDS ==========
C:\WINDOW2\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.JAMES-HOME2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOW2
->Temp folder emptied: 0 bytes

User: Ariadne Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Baba
->Temp folder emptied: 1222879233 bytes
->Temporary Internet Files folder emptied: 4396244 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42426025 bytes
->Flash cache emptied: 3723 bytes

User: Danae Saklas

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOW2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: James Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Luli
->Temp folder emptied: 81834 bytes
->Temporary Internet Files folder emptied: 1071598 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 199714608 bytes
->Flash cache emptied: 1732 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Rosalia Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 179717944 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 1,574.00 mb

Error: Unable to interpret <[CREATERESTOREPOINT]> in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 10302011_003747



----------------------------


01:05:53.0718 0448 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
01:05:53.0875 0448 ============================================================
01:05:53.0875 0448 Current date / time: 2011/10/30 01:05:53.0875
01:05:53.0875 0448 SystemInfo:
01:05:53.0875 0448
01:05:53.0875 0448 OS Version: 5.1.2600 ServicePack: 3.0
01:05:53.0875 0448 Product type: Workstation
01:05:53.0875 0448 ComputerName: JAMES-HOME
01:05:53.0875 0448 UserName: Baba
01:05:53.0875 0448 Windows directory: C:\WINDOW2
01:05:53.0875 0448 System windows directory: C:\WINDOW2
01:05:53.0875 0448 Processor architecture: Intel x86
01:05:53.0875 0448 Number of processors: 1
01:05:53.0875 0448 Page size: 0x1000
01:05:53.0875 0448 Boot type: Normal boot
01:05:53.0875 0448 ============================================================
01:06:01.0234 0448 Initialize success
01:07:48.0687 3608 ============================================================
01:07:48.0687 3608 Scan started
01:07:48.0687 3608 Mode: Manual; SigCheck; TDLFS;
01:07:48.0687 3608 ============================================================
01:07:49.0312 3608 90032672 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOW2\system32\DRIVERS\90032672.sys
01:07:49.0781 3608 90032672 - ok
01:07:50.0062 3608 Abiosdsk - ok
01:07:50.0343 3608 abp480n5 - ok
01:07:50.0734 3608 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOW2\system32\DRIVERS\ACPI.sys
01:07:54.0484 3608 ACPI - ok
01:07:54.0875 3608 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOW2\system32\drivers\ACPIEC.sys
01:07:55.0109 3608 ACPIEC - ok
01:07:55.0390 3608 adpu160m - ok
01:07:55.0765 3608 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOW2\system32\drivers\aec.sys
01:07:56.0046 3608 aec - ok
01:07:56.0421 3608 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOW2\System32\drivers\afd.sys
01:07:56.0562 3608 AFD - ok
01:07:56.0890 3608 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOW2\system32\DRIVERS\agp440.sys
01:07:57.0156 3608 agp440 - ok
01:07:57.0468 3608 Aha154x - ok
01:07:57.0781 3608 aic78u2 - ok
01:07:58.0062 3608 aic78xx - ok
01:07:58.0375 3608 AliIde - ok
01:07:58.0671 3608 amsint - ok
01:07:59.0046 3608 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOW2\system32\DRIVERS\arp1394.sys
01:07:59.0296 3608 Arp1394 - ok
01:07:59.0593 3608 asc - ok
01:07:59.0875 3608 asc3350p - ok
01:08:00.0171 3608 asc3550 - ok
01:08:00.0500 3608 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOW2\system32\DRIVERS\asyncmac.sys
01:08:00.0718 3608 AsyncMac - ok
01:08:01.0046 3608 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOW2\system32\DRIVERS\atapi.sys
01:08:01.0265 3608 atapi - ok
01:08:01.0546 3608 Atdisk - ok
01:08:01.0890 3608 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOW2\system32\DRIVERS\atmarpc.sys
01:08:02.0156 3608 Atmarpc - ok
01:08:02.0484 3608 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOW2\system32\DRIVERS\audstub.sys
01:08:02.0703 3608 audstub - ok
01:08:03.0062 3608 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOW2\system32\DRIVERS\avgntflt.sys
01:08:03.0093 3608 avgntflt - ok
01:08:03.0484 3608 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOW2\system32\DRIVERS\avipbb.sys
01:08:03.0531 3608 avipbb - ok
01:08:03.0843 3608 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOW2\system32\DRIVERS\avkmgr.sys
01:08:03.0875 3608 avkmgr - ok
01:08:04.0171 3608 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOW2\system32\drivers\Beep.sys
01:08:04.0453 3608 Beep - ok
01:08:04.0609 3608 catchme - ok
01:08:04.0890 3608 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOW2\system32\drivers\cbidf2k.sys
01:08:05.0171 3608 cbidf2k - ok
01:08:05.0453 3608 cd20xrnt - ok
01:08:05.0843 3608 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOW2\system32\drivers\Cdaudio.sys
01:08:06.0125 3608 Cdaudio - ok
01:08:06.0468 3608 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOW2\system32\drivers\Cdfs.sys
01:08:06.0718 3608 Cdfs - ok
01:08:07.0062 3608 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOW2\system32\DRIVERS\cdrom.sys
01:08:07.0296 3608 Cdrom - ok
01:08:07.0578 3608 Changer - ok
01:08:07.0890 3608 CmdIde - ok
01:08:08.0343 3608 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOW2\system32\drivers\cmaudio.sys
01:08:08.0703 3608 cmpci - ok
01:08:09.0093 3608 Cpqarray - ok
01:08:09.0250 3608 d8a4fef9-85c1-448f-a6f9-2570fb195020 (7f109ab3e0251d73dcb56130bab7826e) C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys
01:08:09.0281 3608 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - warning
01:08:09.0281 3608 d8a4fef9-85c1-448f-a6f9-2570fb195020 - detected UnsignedFile.Multi.Generic (1)
01:08:09.0578 3608 dac2w2k - ok
01:08:09.0859 3608 dac960nt - ok
01:08:10.0187 3608 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOW2\system32\DRIVERS\disk.sys
01:08:10.0421 3608 Disk - ok
01:08:11.0078 3608 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOW2\system32\drivers\dmboot.sys
01:08:11.0828 3608 dmboot - ok
01:08:12.0171 3608 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOW2\system32\drivers\dmio.sys
01:08:12.0453 3608 dmio - ok
01:08:12.0781 3608 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOW2\system32\drivers\dmload.sys
01:08:13.0046 3608 dmload - ok
01:08:13.0359 3608 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOW2\system32\drivers\DMusic.sys
01:08:13.0609 3608 DMusic - ok
01:08:13.0906 3608 dpti2o - ok
01:08:14.0203 3608 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOW2\system32\drivers\drmkaud.sys
01:08:14.0406 3608 drmkaud - ok
01:08:14.0812 3608 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOW2\system32\drivers\Fastfat.sys
01:08:15.0078 3608 Fastfat - ok
01:08:15.0421 3608 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOW2\system32\DRIVERS\fdc.sys
01:08:15.0656 3608 Fdc - ok
01:08:16.0062 3608 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOW2\system32\drivers\Fips.sys
01:08:16.0281 3608 Fips - ok
01:08:16.0578 3608 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOW2\system32\DRIVERS\flpydisk.sys
01:08:16.0812 3608 Flpydisk - ok
01:08:17.0171 3608 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOW2\system32\drivers\fltmgr.sys
01:08:17.0437 3608 FltMgr - ok
01:08:17.0765 3608 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOW2\system32\drivers\Fs_Rec.sys
01:08:17.0984 3608 Fs_Rec - ok
01:08:18.0312 3608 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOW2\system32\DRIVERS\ftdisk.sys
01:08:18.0640 3608 Ftdisk - ok
01:08:18.0937 3608 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOW2\system32\DRIVERS\gameenum.sys
01:08:19.0125 3608 gameenum - ok
01:08:19.0437 3608 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOW2\system32\DRIVERS\msgpc.sys
01:08:19.0703 3608 Gpc - ok
01:08:20.0031 3608 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOW2\system32\DRIVERS\hidusb.sys
01:08:20.0234 3608 HidUsb - ok
01:08:20.0531 3608 hpn - ok
01:08:20.0953 3608 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOW2\system32\Drivers\HTTP.sys
01:08:21.0046 3608 HTTP - ok
01:08:21.0343 3608 i2omgmt - ok
01:08:21.0625 3608 i2omp - ok
01:08:21.0937 3608 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOW2\system32\DRIVERS\i8042prt.sys
01:08:22.0187 3608 i8042prt - ok
01:08:22.0546 3608 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOW2\system32\DRIVERS\imapi.sys
01:08:22.0812 3608 Imapi - ok
01:08:23.0109 3608 ini910u - ok
01:08:23.0406 3608 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOW2\system32\DRIVERS\intelide.sys
01:08:23.0609 3608 IntelIde - ok
01:08:23.0937 3608 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOW2\system32\DRIVERS\intelppm.sys
01:08:24.0156 3608 intelppm - ok
01:08:24.0546 3608 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOW2\system32\drivers\ip6fw.sys
01:08:24.0812 3608 Ip6Fw - ok
01:08:25.0171 3608 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOW2\system32\DRIVERS\ipfltdrv.sys
01:08:25.0453 3608 IpFilterDriver - ok
01:08:25.0765 3608 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOW2\system32\DRIVERS\ipinip.sys
01:08:25.0968 3608 IpInIp - ok
01:08:26.0312 3608 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOW2\system32\DRIVERS\ipnat.sys
01:08:26.0515 3608 IpNat - ok
01:08:26.0859 3608 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOW2\system32\DRIVERS\ipsec.sys
01:08:27.0078 3608 IPSec - ok
01:08:27.0375 3608 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOW2\system32\DRIVERS\irenum.sys
01:08:27.0578 3608 IRENUM - ok
01:08:27.0937 3608 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOW2\system32\DRIVERS\isapnp.sys
01:08:28.0187 3608 isapnp - ok
01:08:28.0468 3608 ivusb - ok
01:08:28.0812 3608 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOW2\system32\DRIVERS\kbdclass.sys
01:08:29.0015 3608 Kbdclass - ok
01:08:29.0359 3608 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOW2\system32\drivers\kmixer.sys
01:08:29.0640 3608 kmixer - ok
01:08:29.0953 3608 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOW2\system32\drivers\KSecDD.sys
01:08:30.0125 3608 KSecDD - ok
01:08:30.0437 3608 lbrtfdc - ok
01:08:30.0812 3608 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOW2\system32\drivers\mnmdd.sys
01:08:31.0062 3608 mnmdd - ok
01:08:31.0468 3608 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOW2\system32\drivers\Modem.sys
01:08:31.0671 3608 Modem - ok
01:08:31.0968 3608 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOW2\system32\DRIVERS\mouclass.sys
01:08:32.0187 3608 Mouclass - ok
01:08:32.0515 3608 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOW2\system32\DRIVERS\mouhid.sys
01:08:32.0812 3608 mouhid - ok
01:08:33.0109 3608 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOW2\system32\drivers\MountMgr.sys
01:08:33.0343 3608 MountMgr - ok
01:08:33.0609 3608 mraid35x - ok
01:08:34.0000 3608 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOW2\system32\DRIVERS\mrxdav.sys
01:08:34.0281 3608 MRxDAV - ok
01:08:34.0781 3608 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOW2\system32\DRIVERS\mrxsmb.sys
01:08:35.0156 3608 MRxSmb - ok
01:08:35.0468 3608 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOW2\system32\drivers\Msfs.sys
01:08:35.0687 3608 Msfs - ok
01:08:36.0062 3608 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOW2\system32\drivers\MSKSSRV.sys
01:08:36.0265 3608 MSKSSRV - ok
01:08:36.0578 3608 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOW2\system32\drivers\MSPCLOCK.sys
01:08:36.0812 3608 MSPCLOCK - ok
01:08:37.0125 3608 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOW2\system32\drivers\MSPQM.sys
01:08:37.0328 3608 MSPQM - ok
01:08:37.0640 3608 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOW2\system32\DRIVERS\mssmbios.sys
01:08:37.0875 3608 mssmbios - ok
01:08:38.0265 3608 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOW2\system32\drivers\Mup.sys
01:08:38.0390 3608 Mup - ok
01:08:38.0765 3608 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOW2\system32\drivers\NDIS.sys
01:08:39.0062 3608 NDIS - ok
01:08:39.0359 3608 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOW2\system32\DRIVERS\ndistapi.sys
01:08:39.0546 3608 NdisTapi - ok
01:08:39.0859 3608 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOW2\system32\DRIVERS\ndisuio.sys
01:08:40.0046 3608 Ndisuio - ok
01:08:40.0406 3608 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOW2\system32\DRIVERS\ndiswan.sys
01:08:40.0656 3608 NdisWan - ok
01:08:40.0953 3608 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOW2\system32\drivers\NDProxy.sys
01:08:41.0046 3608 NDProxy - ok
01:08:41.0375 3608 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOW2\system32\DRIVERS\netbios.sys
01:08:41.0593 3608 NetBIOS - ok
01:08:41.0968 3608 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOW2\system32\DRIVERS\netbt.sys
01:08:42.0296 3608 NetBT - ok
01:08:42.0656 3608 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOW2\system32\DRIVERS\nic1394.sys
01:08:43.0015 3608 NIC1394 - ok
01:08:43.0359 3608 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOW2\system32\drivers\Npfs.sys
01:08:43.0578 3608 Npfs - ok
01:08:44.0156 3608 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOW2\system32\drivers\Ntfs.sys
01:08:44.0703 3608 Ntfs - ok
01:08:45.0046 3608 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOW2\system32\drivers\Null.sys
01:08:45.0296 3608 Null - ok
01:08:48.0046 3608 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOW2\system32\DRIVERS\nv4_mini.sys
01:08:53.0109 3608 nv - ok
01:08:53.0500 3608 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOW2\system32\DRIVERS\nwlnkflt.sys
01:08:53.0781 3608 NwlnkFlt - ok
01:08:54.0093 3608 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOW2\system32\DRIVERS\nwlnkfwd.sys
01:08:54.0343 3608 NwlnkFwd - ok
01:08:54.0703 3608 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOW2\system32\DRIVERS\ohci1394.sys
01:08:54.0890 3608 ohci1394 - ok
01:08:55.0250 3608 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOW2\system32\drivers\Parport.sys
01:08:55.0484 3608 Parport - ok
01:08:55.0859 3608 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOW2\system32\drivers\PartMgr.sys
01:08:56.0078 3608 PartMgr - ok
01:08:56.0390 3608 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOW2\system32\drivers\ParVdm.sys
01:08:56.0796 3608 ParVdm - ok
01:08:57.0125 3608 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOW2\system32\DRIVERS\pci.sys
01:08:57.0359 3608 PCI - ok
01:08:57.0625 3608 PCIDump - ok
01:08:58.0093 3608 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOW2\system32\drivers\PCIIde.sys
01:08:58.0343 3608 PCIIde - ok
01:08:58.0843 3608 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOW2\system32\drivers\Pcmcia.sys
01:08:59.0109 3608 Pcmcia - ok
01:08:59.0406 3608 PDCOMP - ok
01:08:59.0828 3608 PDFRAME - ok
01:09:00.0125 3608 PDRELI - ok
01:09:00.0390 3608 PDRFRAME - ok
01:09:00.0812 3608 perc2 - ok
01:09:01.0109 3608 perc2hib - ok
01:09:01.0468 3608 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOW2\system32\DRIVERS\raspptp.sys
01:09:01.0843 3608 PptpMiniport - ok
01:09:02.0187 3608 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOW2\system32\DRIVERS\psched.sys
01:09:02.0406 3608 PSched - ok
01:09:02.0859 3608 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOW2\system32\DRIVERS\ptilink.sys
01:09:03.0109 3608 Ptilink - ok
01:09:03.0500 3608 ql1080 - ok
01:09:03.0921 3608 Ql10wnt - ok
01:09:04.0203 3608 ql12160 - ok
01:09:04.0484 3608 ql1240 - ok
01:09:04.0921 3608 ql1280 - ok
01:09:05.0218 3608 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOW2\system32\DRIVERS\rasacd.sys
01:09:05.0468 3608 RasAcd - ok
01:09:05.0937 3608 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOW2\system32\DRIVERS\rasl2tp.sys
01:09:06.0156 3608 Rasl2tp - ok
01:09:06.0468 3608 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOW2\system32\DRIVERS\raspppoe.sys
01:09:06.0671 3608 RasPppoe - ok
01:09:07.0125 3608 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOW2\system32\DRIVERS\raspti.sys
01:09:07.0375 3608 Raspti - ok
01:09:07.0843 3608 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOW2\system32\DRIVERS\rdbss.sys
01:09:08.0187 3608 Rdbss - ok
01:09:08.0484 3608 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOW2\system32\DRIVERS\RDPCDD.sys
01:09:08.0875 3608 RDPCDD - ok
01:09:09.0234 3608 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOW2\system32\drivers\RDPWD.sys
01:09:09.0515 3608 RDPWD - ok
01:09:10.0031 3608 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOW2\system32\DRIVERS\redbook.sys
01:09:10.0281 3608 redbook - ok
01:09:10.0640 3608 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOW2\system32\DRIVERS\RTL8139.SYS
01:09:10.0968 3608 rtl8139 - ok
01:09:11.0296 3608 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOW2\system32\DRIVERS\secdrv.sys
01:09:11.0515 3608 Secdrv - ok
01:09:12.0015 3608 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOW2\system32\drivers\Serial.sys
01:09:12.0250 3608 Serial - ok
01:09:12.0593 3608 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOW2\system32\drivers\Sfloppy.sys
01:09:12.0937 3608 Sfloppy - ok
01:09:13.0250 3608 Simbad - ok
01:09:13.0531 3608 Sparrow - ok
01:09:13.0984 3608 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOW2\system32\drivers\splitter.sys
01:09:14.0187 3608 splitter - ok
01:09:14.0515 3608 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOW2\system32\DRIVERS\sr.sys
01:09:14.0718 3608 sr - ok
01:09:15.0437 3608 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOW2\system32\DRIVERS\srv.sys
01:09:15.0906 3608 Srv - ok
01:09:16.0234 3608 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOW2\system32\DRIVERS\ssmdrv.sys
01:09:16.0250 3608 ssmdrv - ok
01:09:16.0546 3608 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOW2\system32\DRIVERS\swenum.sys
01:09:16.0906 3608 swenum - ok
01:09:17.0250 3608 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOW2\system32\drivers\swmidi.sys
01:09:17.0453 3608 swmidi - ok
01:09:17.0953 3608 symc810 - ok
01:09:18.0250 3608 symc8xx - ok
01:09:18.0531 3608 sym_hi - ok
01:09:19.0000 3608 sym_u3 - ok
01:09:19.0343 3608 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOW2\system32\drivers\sysaudio.sys
01:09:19.0562 3608 sysaudio - ok
01:09:20.0234 3608 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOW2\system32\DRIVERS\tcpip.sys
01:09:20.0609 3608 Tcpip - ok
01:09:21.0078 3608 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOW2\system32\drivers\TDPIPE.sys
01:09:21.0296 3608 TDPIPE - ok
01:09:21.0625 3608 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOW2\system32\drivers\TDTCP.sys
01:09:21.0968 3608 TDTCP - ok
01:09:22.0375 3608 TermDD (88155247177638048422893737429d9e) C:\WINDOW2\system32\DRIVERS\termdd.sys
01:09:22.0593 3608 TermDD - ok
01:09:23.0031 3608 TosIde - ok
01:09:23.0421 3608 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\window2\system32\drivers\TrueSight.sys
01:09:23.0484 3608 TrueSight ( UnsignedFile.Multi.Generic ) - warning
01:09:23.0484 3608 TrueSight - detected UnsignedFile.Multi.Generic (1)
01:09:23.0968 3608 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOW2\system32\drivers\Udfs.sys
01:09:24.0203 3608 Udfs - ok
01:09:24.0515 3608 uji3otqy (ff1774e78b914e36e603f790ca72d8a7) C:\WINDOW2\system32\Drivers\uji3otqy.sys
01:09:24.0562 3608 uji3otqy ( UnsignedFile.Multi.Generic ) - warning
01:09:24.0562 3608 uji3otqy - detected UnsignedFile.Multi.Generic (1)
01:09:24.0984 3608 ultra - ok
01:09:25.0453 3608 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOW2\system32\DRIVERS\update.sys
01:09:26.0062 3608 Update - ok
01:09:26.0437 3608 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOW2\system32\DRIVERS\usbehci.sys
01:09:26.0656 3608 usbehci - ok
01:09:27.0140 3608 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOW2\system32\DRIVERS\usbhub.sys
01:09:27.0359 3608 usbhub - ok
01:09:27.0671 3608 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOW2\system32\DRIVERS\usbprint.sys
01:09:28.0031 3608 usbprint - ok
01:09:28.0343 3608 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOW2\system32\DRIVERS\usbscan.sys
01:09:28.0562 3608 usbscan - ok
01:09:28.0953 3608 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOW2\system32\DRIVERS\USBSTOR.SYS
01:09:29.0156 3608 USBSTOR - ok
01:09:29.0500 3608 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOW2\system32\DRIVERS\usbuhci.sys
01:09:29.0687 3608 usbuhci - ok
01:09:29.0984 3608 uti3otqy (524d8d450622db4a7875b111c299a76b) C:\WINDOW2\system32\Drivers\uti3otqy.sys
01:09:30.0015 3608 uti3otqy ( UnsignedFile.Multi.Generic ) - warning
01:09:30.0015 3608 uti3otqy - detected UnsignedFile.Multi.Generic (1)
01:09:30.0328 3608 uzi3otqy (d565ad44c6c4d934afad3ca4196b09aa) C:\WINDOW2\system32\Drivers\uzi3otqy.sys
01:09:30.0343 3608 uzi3otqy ( UnsignedFile.Multi.Generic ) - warning
01:09:30.0343 3608 uzi3otqy - detected UnsignedFile.Multi.Generic (1)
01:09:30.0671 3608 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOW2\System32\drivers\vga.sys
01:09:30.0906 3608 VgaSave - ok
01:09:31.0171 3608 ViaIde - ok
01:09:31.0515 3608 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOW2\system32\drivers\VolSnap.sys
01:09:31.0750 3608 VolSnap - ok
01:09:32.0078 3608 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOW2\system32\DRIVERS\wanarp.sys
01:09:32.0281 3608 Wanarp - ok
01:09:32.0609 3608 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOW2\system32\DRIVERS\wdcsam.sys
01:09:32.0703 3608 WDC_SAM - ok
01:09:33.0031 3608 WDICA - ok
01:09:33.0375 3608 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOW2\system32\drivers\wdmaud.sys
01:09:33.0640 3608 wdmaud - ok
01:09:34.0078 3608 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOW2\System32\drivers\ws2ifsl.sys
01:09:34.0328 3608 WS2IFSL - ok
01:09:34.0687 3608 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOW2\system32\DRIVERS\WudfPf.sys
01:09:34.0812 3608 WudfPf - ok
01:09:34.0875 3608 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:09:35.0234 3608 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
01:09:35.0234 3608 \Device\Harddisk0\DR0 - detected TDSS File System (1)
01:09:35.0250 3608 Boot (0x1200) (fc650981a1f3f179c87399ce78457b07) \Device\Harddisk0\DR0\Partition0
01:09:35.0250 3608 \Device\Harddisk0\DR0\Partition0 - ok
01:09:35.0265 3608 ============================================================
01:09:35.0265 3608 Scan finished
01:09:35.0265 3608 ============================================================
01:09:35.0390 3604 Detected object count: 6
01:09:35.0390 3604 Actual detected object count: 6
01:09:58.0843 3604 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - skipped by user
01:09:58.0843 3604 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:09:58.0859 3604 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
01:09:58.0859 3604 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:09:58.0859 3604 uji3otqy ( UnsignedFile.Multi.Generic ) - skipped by user
01:09:58.0859 3604 uji3otqy ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:09:58.0875 3604 uti3otqy ( UnsignedFile.Multi.Generic ) - skipped by user
01:09:58.0875 3604 uti3otqy ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:09:58.0875 3604 uzi3otqy ( UnsignedFile.Multi.Generic ) - skipped by user
01:09:58.0875 3604 uzi3otqy ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:09:58.0890 3604 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
01:09:58.0890 3604 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
01:10:06.0640 2504 Deinitialize success
  • 0

#84
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

This tool is a good uninstaller and it has a tool to stop the autostart of your WD programs.

Autorun manager Revo Uninstaller

Another excellent tool for your computer is a good uninstaller with extra tools.

  • Please download the free Revo Uninstaller. Or if you have it still installed just follow the steps from step 3 on below:
  • Run the revosetup.exe to install Revo Uninstaller Free version.
  • Start Revo Uninstaller
  • Click Tools in the top menu bar.
  • Click Autorun Manager in the left window pane.
  • Uncheck the appropriate startup items for your WD*.exe
  • Close Revo Uninstaller.
  • Anytime you want them to autostart again just follow steps 3 through 5 and check the box next to the item for step 6.


Step 2.

Stop WD services

Open Services...
Start > Run > Type: services.msc > Click OK
Scroll down to and double click WDDMService (WDDMService)
Set to Manual or On demand under Startup type
Click the Apply button
Click the Stop button
When it stops click OK

Repeat these steps for:

WD File Management Engine (WDFME)
WD File Management Shadow Engine (WDSC)

Reboot your computer and verify that these are not in your Task list.


Step 3.

MalwareBytes Quick Scan

  • Open MalwareBytes, click the Update tab and click Check for Updates and allow it to update.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Step 4.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\*.* /s
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open one notepad window. OTL.Txt . It is saved in the same location as OTL.



Step 5.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 6.

Please post:

mbam log
OTL.txt
aswMBR log


Please let me know how your computer is performing now!
  • 0

#85
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

The WD*.exe files are gone from the Task Manager and therefore the Start-Up. This has speeded up the machine significantly. Overall, I'd say the computer is back to normal.

I have several questions: Although I don't recognize all the programs in the Task Manager, one is completely unknown to me. It is mixer.exe. It does not consume effectively any CPU and only minimal memory and therefore is by no means a problem - I'm just curious about what it does.

Secondly, we did not seem to find hardly any viruses or malware - what what causing the problems?


js



Here are the scans:


----------------------------------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8048

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/31/2011 9:22:50 AM
mbam-log-2011-10-31 (09-22-50).txt

Scan type: Quick scan
Objects scanned: 350135
Time elapsed: 31 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------------------------

OTL logfile created on: 10/31/2011 9:30:26 AM - Run 13
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 61.53% Memory free
2.10 Gb Paging File | 1.60 Gb Available in Paging File | 75.93% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 14.54 Gb Free Space | 19.51% Space Free | Partition Type: NTFS

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/18 22:21:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL(1).exe
PRC - [2011/10/05 10:24:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/05 10:24:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/05 10:24:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/05 10:24:15 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/10/05 10:24:14 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/05 10:24:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 09:39:58 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/06/30 13:26:28 | 000,055,640 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\IBuEngHost.exe
PRC - [2011/06/30 13:26:18 | 005,816,664 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
PRC - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\PANDA\Panda USB Vaccine\USBVaccine.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOW2\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2002/10/15 14:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOW2\mixer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/27 23:35:19 | 008,522,400 | ---- | M] () -- C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/05 10:24:28 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/02 18:35:30 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/02 02:42:23 | 000,998,400 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
MOD - [2011/07/02 02:36:19 | 000,256,000 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiagnostics.ni.dll
MOD - [2011/07/02 02:33:33 | 017,403,904 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll
MOD - [2011/07/02 02:32:05 | 002,345,472 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c889a45c82004537f1620dd3b211af66\System.Runtime.Serialization.ni.dll
MOD - [2011/07/02 02:31:45 | 001,070,080 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a8039af85f459c19c041313f9fe0d7e8\System.IdentityModel.ni.dll
MOD - [2011/07/02 02:00:04 | 000,212,992 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/07/02 01:59:08 | 001,840,640 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll
MOD - [2011/07/02 01:58:46 | 011,800,576 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.Web.ni.dll
MOD - [2011/07/02 01:53:11 | 014,328,320 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\999df2b262da53356dda514512bb7bb8\PresentationFramework.ni.dll
MOD - [2011/07/02 01:51:58 | 012,430,848 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll
MOD - [2011/07/02 01:51:36 | 001,587,200 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll
MOD - [2011/07/02 01:51:13 | 012,215,808 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\PresentationCore\caafa254739e326b0cf55eed815b4333\PresentationCore.ni.dll
MOD - [2011/07/02 01:50:24 | 003,325,440 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\WindowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsBase.ni.dll
MOD - [2011/07/02 01:49:56 | 005,450,752 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
MOD - [2011/07/02 01:49:45 | 000,971,264 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
MOD - [2011/07/02 01:49:36 | 007,950,848 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/07/02 01:49:17 | 011,490,816 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/06/30 13:26:28 | 000,055,640 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\IBuEngHost.exe
MOD - [2011/06/30 13:26:18 | 000,083,800 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll
MOD - [2009/04/23 22:55:14 | 000,176,235 | ---- | M] () -- C:\WINDOW2\system32\Primomonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/05 10:24:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/05 10:24:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/05 10:24:15 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/10/05 10:24:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/06 09:39:58 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/29 19:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/10/25 21:26:10 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\uji3otqy.sys -- (uji3otqy)
DRV - [2011/10/25 21:26:09 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\uti3otqy.sys -- (uti3otqy)
DRV - [2011/10/25 21:25:57 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\uzi3otqy.sys -- (uzi3otqy)
DRV - [2011/10/23 09:43:16 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOW2\system32\DRIVERS\90032672.sys -- (90032672)
DRV - [2011/10/20 16:46:46 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOW2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/13 23:57:18 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys -- (d8a4fef9-85c1-448f-a6f9-2570fb195020)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/11/18 11:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOW2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 18:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 23:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 23:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Baba\Application Data\Move Networks [2009/12/02 02:06:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Components: C:\Netscape 6\Components
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Plugins: C:\Netscape 6\Plugins

[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions
[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/07 23:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions
[2010/06/25 22:04:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/28 23:57:29 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\searchplugins\imdb.xml
[2011/03/23 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 12:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/24 12:46:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/02 18:35:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 19:36:22 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/06/24 12:46:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 07:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 09:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/30 00:38:01 | 000,000,098 | ---- | M]) - C:\WINDOW2\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOW2\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks\NswUiTray.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOW2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOW2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOW2\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ US DOT VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = File not found
O4 - Startup: C:\Documents and Settings\Baba\Start Menu\Programs\Startup\PandaUSBVaccine.lnk = C:\PANDA\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKU\S-1-5-21-299502267-115176313-839522115-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sra.dot.gov/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17B7A976-DB18-48C7-AD20-F583F7824731}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - F:\QUICKBOOKS\HelpAsyncPluggableProtocol.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOW2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOW2\system32\userinit.exe) -C:\WINDOW2\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOW2\drescher1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOW2\drescher1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 17:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/02 07:48:02 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-115176313-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-299502267-115176313-839522115-1004\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/31 06:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\VSRevoGroup
[2011/10/29 23:40:22 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
[2011/10/29 00:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/10/29 00:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Uniblue
[2011/10/29 00:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Local Settings\Application Data\PackageAware
[2011/10/27 23:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\ImgBurn
[2011/10/27 17:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\ImgBurn
[2011/10/27 17:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/10/27 17:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Local Settings\Application Data\Intuit
[2011/10/27 17:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\QuickBooks
[2011/10/27 16:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Nuance
[2011/10/27 16:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2011/10/27 16:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Intuit
[2011/10/27 16:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SQL Anywhere 11
[2011/10/27 16:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\COMMON FILES
[2011/10/27 16:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Documents\Intuit
[2011/10/27 15:17:01 | 000,000,000 | ---D | C] -- C:\WINDOW2\Intuit
[2011/10/27 14:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Download Manager
[2011/10/27 14:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Akamai
[2011/10/25 21:26:10 | 000,010,240 | ---- | C] (Zaitsev Oleg, 2006) -- C:\WINDOW2\System32\drivers\uji3otqy.sys
[2011/10/25 00:47:37 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOW2\System32\drivers\90032672.sys
[2011/10/23 01:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\Revo Uninstaller
[2011/10/23 01:38:00 | 000,000,000 | ---D | C] -- C:\UNINSTALLER-Revo
[2011/10/22 00:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/22 00:25:05 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOW2\System32\drivers\mbam.sys
[2011/10/20 01:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Panda Security
[2011/10/20 01:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Panda Security
[2011/10/20 01:47:56 | 000,000,000 | ---D | C] -- C:\PANDA
[2011/10/18 19:55:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Baba\Recent
[2011/10/18 17:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\System Restore
[2011/10/17 15:40:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/17 15:33:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWREG.exe
[2011/10/17 15:33:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWSC.exe
[2011/10/17 15:33:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWXCACLS.exe
[2011/10/17 15:33:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOW2\NIRCMD.exe
[2011/10/17 15:32:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/17 15:32:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\Administrative Tools
[2011/10/16 09:54:23 | 000,000,000 | ---D | C] -- C:\Danae Saklas
[2011/10/16 09:54:06 | 000,000,000 | ---D | C] -- C:\Danae
[2011/10/13 18:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Puran Defrag
[2011/10/13 18:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/10/12 23:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Avira
[2011/10/12 23:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Avira
[2011/10/12 23:01:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\ssmdrv.sys
[2011/10/12 23:01:08 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avipbb.sys
[2011/10/12 23:01:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avkmgr.sys
[2011/10/12 23:01:07 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avgntflt.sys
[2011/10/12 22:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/12 01:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/07 23:30:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/06 09:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Local Settings
[2011/10/01 12:23:41 | 000,000,000 | ---D | C] -- C:\Computer

========== Files - Modified Within 30 Days ==========

[2011/10/31 07:17:40 | 000,186,097 | ---- | M] () -- C:\WINDOW2\System32\nvapps.xml
[2011/10/31 07:17:32 | 000,013,646 | ---- | M] () -- C:\WINDOW2\System32\wpa.dbl
[2011/10/31 07:17:11 | 000,002,048 | --S- | M] () -- C:\WINDOW2\bootstat.dat
[2011/10/31 07:17:09 | 1610,145,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/30 00:38:01 | 000,000,098 | ---- | M] () -- C:\WINDOW2\System32\drivers\etc\Hosts
[2011/10/29 23:28:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/28 21:01:13 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dushku1.bmp
[2011/10/28 20:49:07 | 001,045,526 | ---- | M] () -- C:\WINDOW2\dunst2.bmp
[2011/10/28 20:45:21 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dunst1.bmp
[2011/10/28 11:12:06 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
[2011/10/28 00:11:17 | 000,943,608 | ---- | M] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2011/10/27 17:02:53 | 000,000,090 | ---- | M] () -- C:\WINDOW2\QBChanUtil_Trigger.ini
[2011/10/27 17:01:20 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/10/27 17:01:20 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2011/10/27 17:01:20 | 000,001,386 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\QuickBooks Pro 2011.lnk
[2011/10/27 17:01:20 | 000,001,357 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2011/10/27 16:34:26 | 000,432,778 | ---- | M] () -- C:\WINDOW2\System32\perfh009.dat
[2011/10/27 16:34:25 | 000,067,734 | ---- | M] () -- C:\WINDOW2\System32\perfc009.dat
[2011/10/25 21:26:10 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) -- C:\WINDOW2\System32\drivers\uji3otqy.sys
[2011/10/25 21:26:09 | 000,007,168 | ---- | M] () -- C:\WINDOW2\System32\drivers\uti3otqy.sys
[2011/10/25 21:25:57 | 000,011,264 | ---- | M] () -- C:\WINDOW2\System32\drivers\uzi3otqy.sys
[2011/10/23 09:43:16 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOW2\System32\drivers\90032672.sys
[2011/10/23 01:58:20 | 000,000,376 | ---- | M] () -- C:\WINDOW2\ODBC.INI
[2011/10/23 01:38:20 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Baba\Desktop\Revo Uninstaller.lnk
[2011/10/22 12:02:51 | 000,000,223 | ---- | M] () -- C:\WINDOW2\Prestopm.INI
[2011/10/22 12:00:44 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2011/10/22 11:13:42 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dors2.bmp
[2011/10/22 11:10:38 | 001,045,394 | ---- | M] () -- C:\WINDOW2\dors1.bmp
[2011/10/22 11:03:41 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dunne2.bmp
[2011/10/22 10:55:52 | 001,045,230 | ---- | M] () -- C:\WINDOW2\dunne1.bmp
[2011/10/22 10:51:50 | 001,045,550 | ---- | M] () -- C:\WINDOW2\drescher2.bmp
[2011/10/22 10:49:54 | 001,045,514 | ---- | M] () -- C:\WINDOW2\drescher1.bmp
[2011/10/21 19:08:07 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2011/10/20 16:46:46 | 000,111,872 | ---- | M] () -- C:\WINDOW2\System32\drivers\TrueSight.sys
[2011/10/20 01:48:54 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Baba\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2011/10/15 12:32:20 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/12 23:02:29 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/07 22:45:59 | 001,045,466 | ---- | M] () -- C:\WINDOW2\dietrich2.bmp
[2011/10/07 22:42:35 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:13 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:53 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody1.bmp

========== Files Created - No Company Name ==========

[2011/10/27 17:01:20 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/10/27 17:01:20 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2011/10/27 17:01:20 | 000,001,386 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\QuickBooks Pro 2011.lnk
[2011/10/27 17:01:20 | 000,001,357 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2011/10/27 16:43:34 | 000,000,090 | ---- | C] () -- C:\WINDOW2\QBChanUtil_Trigger.ini
[2011/10/25 21:26:03 | 000,007,168 | ---- | C] () -- C:\WINDOW2\System32\drivers\uti3otqy.sys
[2011/10/25 21:25:57 | 000,011,264 | ---- | C] () -- C:\WINDOW2\System32\drivers\uzi3otqy.sys
[2011/10/23 01:38:20 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Baba\Desktop\Revo Uninstaller.lnk
[2011/10/22 11:13:40 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dors2.bmp
[2011/10/22 11:03:39 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dunne2.bmp
[2011/10/22 10:55:50 | 001,045,230 | ---- | C] () -- C:\WINDOW2\dunne1.bmp
[2011/10/22 10:51:43 | 001,045,550 | ---- | C] () -- C:\WINDOW2\drescher2.bmp
[2011/10/22 10:49:51 | 001,045,514 | ---- | C] () -- C:\WINDOW2\drescher1.bmp
[2011/10/21 19:08:07 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2011/10/20 01:48:54 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Baba\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2011/10/19 23:48:07 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/19 23:48:06 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/19 23:48:06 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyula's Commander.lnk
[2011/10/19 23:48:06 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/19 23:48:06 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Thunderbird.lnk
[2011/10/19 23:48:06 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/10/19 23:48:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/10/19 23:47:57 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/19 23:47:57 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\MSN.lnk
[2011/10/19 23:47:57 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Apple Software Update.lnk
[2011/10/19 23:47:57 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Photoshop Elements 2.0.lnk
[2011/10/19 23:47:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/19 23:47:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Windows Movie Maker.lnk
[2011/10/19 23:47:57 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Windows Messenger.lnk
[2011/10/18 21:57:08 | 000,111,872 | ---- | C] () -- C:\WINDOW2\System32\drivers\TrueSight.sys
[2011/10/17 15:41:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/17 15:40:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/17 15:33:15 | 000,256,000 | ---- | C] () -- C:\WINDOW2\PEV.exe
[2011/10/17 15:33:15 | 000,208,896 | ---- | C] () -- C:\WINDOW2\MBR.exe
[2011/10/17 15:33:15 | 000,098,816 | ---- | C] () -- C:\WINDOW2\sed.exe
[2011/10/17 15:33:15 | 000,080,412 | ---- | C] () -- C:\WINDOW2\grep.exe
[2011/10/17 15:33:15 | 000,068,096 | ---- | C] () -- C:\WINDOW2\zip.exe
[2011/10/07 22:48:57 | 001,045,394 | ---- | C] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:42:32 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:11 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:50 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody1.bmp
[2011/10/02 00:06:09 | 000,302,592 | ---- | C] () -- C:\gmer.exe
[2010/10/05 19:15:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/13 19:01:29 | 000,000,066 | ---- | C] () -- C:\WINDOW2\GDINST.INI
[2009/10/01 23:33:34 | 000,000,223 | ---- | C] () -- C:\WINDOW2\Prestopm.INI
[2009/10/01 23:32:22 | 000,036,291 | ---- | C] () -- C:\WINDOW2\CSTBox.INI
[2009/08/20 00:28:34 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PrimoPDFSet.xml
[2009/08/19 23:45:06 | 000,176,235 | ---- | C] () -- C:\WINDOW2\System32\Primomonnt.dll
[2009/08/13 18:23:41 | 000,075,776 | ---- | C] () -- C:\WINDOW2\cadkasdeinst01e.exe
[2009/07/14 04:35:33 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 03:17:34 | 000,000,235 | ---- | C] () -- C:\WINDOW2\EXCEL4.INI
[2009/07/11 15:13:24 | 000,022,480 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI16.DLL
[2009/07/11 15:13:24 | 000,020,992 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI32.DLL
[2009/07/10 21:26:01 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JPR.{PB
[2009/07/10 21:26:01 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JCM.{PB
[2009/07/09 21:54:40 | 000,000,532 | ---- | C] () -- C:\WINDOW2\MAXLINK.INI
[2009/07/09 21:52:13 | 000,000,105 | ---- | C] () -- C:\WINDOW2\UMXADDIN.INI
[2009/07/09 21:52:12 | 000,040,960 | ---- | C] () -- C:\WINDOW2\System32\IPPCPUID.DLL
[2009/07/09 21:51:55 | 000,011,776 | ---- | C] () -- C:\WINDOW2\System32\pmsbfn32.dll
[2009/07/09 21:50:49 | 000,000,074 | ---- | C] () -- C:\WINDOW2\PMINI.ini
[2009/07/08 01:14:23 | 000,024,501 | ---- | C] () -- C:\WINDOW2\mozver.dat
[2009/07/06 21:13:13 | 000,000,376 | ---- | C] () -- C:\WINDOW2\ODBC.INI
[2009/07/06 19:05:29 | 000,000,335 | ---- | C] () -- C:\WINDOW2\nsreg.dat
[2009/07/06 19:03:10 | 000,000,025 | ---- | C] () -- C:\WINDOW2\mixerdef.ini
[2009/07/06 18:56:15 | 000,002,048 | --S- | C] () -- C:\WINDOW2\bootstat.dat
[2009/07/06 18:43:58 | 000,021,640 | ---- | C] () -- C:\WINDOW2\System32\emptyregdb.dat
[2009/07/06 11:30:20 | 000,004,161 | ---- | C] () -- C:\WINDOW2\ODBCINST.INI
[2009/07/06 11:27:26 | 000,943,608 | ---- | C] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2009/07/06 10:34:13 | 000,039,104 | ---- | C] () -- C:\WINDOW2\cmijack.dat
[2009/07/06 10:34:13 | 000,022,178 | ---- | C] () -- C:\WINDOW2\cmaudio.dat
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOW2\primopdf.ini
[2008/05/16 17:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOW2\System32\nvwdmcpl.dll
[2008/05/16 17:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOW2\System32\nwiz.exe
[2008/05/16 17:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOW2\System32\nview.dll
[2008/05/16 17:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOW2\System32\nvdspsch.exe
[2008/05/16 17:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOW2\System32\nvwimg.dll
[2008/05/16 17:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOW2\System32\nvshell.dll
[2008/05/16 17:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOW2\System32\nvappbar.exe
[2008/05/16 17:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOW2\System32\keystone.exe
[2008/05/16 17:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOW2\System32\nvnt4cpl.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOW2\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOW2\System32\mlang.dat
[2006/02/28 08:00:00 | 000,432,778 | ---- | C] () -- C:\WINDOW2\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOW2\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOW2\System32\dssec.dat
[2006/02/28 08:00:00 | 000,067,734 | ---- | C] () -- C:\WINDOW2\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOW2\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOW2\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOW2\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOW2\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOW2\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOW2\System32\noise.dat

========== LOP Check ==========

[2009/12/13 13:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2006/03/29 20:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2007/08/12 13:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/12/10 20:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2007/06/18 15:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/06/03 06:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSI
[2008/04/23 17:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/04/10 13:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2006/02/04 19:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2005/10/29 12:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2005/10/29 12:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2006/12/19 08:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/11/22 12:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/17 21:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ypmtgrih
[2009/01/30 14:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/12/13 13:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Avery
[2011/10/27 16:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\COMMON FILES
[2009/09/01 23:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\FileOpen
[2009/09/20 13:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\IMSI
[2009/12/14 00:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\IProt
[2009/07/08 02:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Juniper Networks
[2011/10/27 16:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Nuance
[2011/10/20 01:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Panda Security
[2009/07/09 00:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\PCSettings
[2009/08/18 23:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\ScanSoft
[2011/10/27 16:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SQL Anywhere 11
[2009/08/18 23:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SSScanAppDataDir
[2009/08/18 23:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SSScanWizard
[2009/12/27 03:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\WD_SmartWareCommon
[2011/03/02 01:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Western Digital
[2011/10/29 00:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2005/11/24 22:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ariadne Saklas\Application Data\acccore
[2006/02/08 11:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ariadne Saklas\Application Data\Canon
[2006/09/12 11:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ariadne Saklas\Application Data\FileOpen
[2005/11/25 07:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ariadne Saklas\Application Data\Thunderbird
[2011/10/29 21:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Canon
[2009/07/09 22:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\DeepBurner
[2009/09/01 23:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\FileOpen
[2011/10/27 17:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\ImgBurn
[2009/09/20 13:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\IMSI
[2010/12/14 10:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Juniper Networks
[2009/07/06 20:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Netscape
[2009/07/09 21:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\NewSoft
[2011/03/24 22:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\NSBackup
[2010/06/24 13:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\OpenOffice.org
[2011/10/10 14:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Quyb
[2009/07/09 21:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\ScanSoft
[2009/12/31 20:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\TechWizard
[2010/09/03 18:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Thunderbird
[2011/10/29 00:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Uniblue
[2011/10/31 06:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\VSRevoGroup
[2009/12/27 01:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Western Digital
[2005/11/24 16:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\acccore
[2005/11/30 19:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Canon
[2006/09/27 20:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Configuration
[2008/01/01 12:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\DNA
[2006/02/13 12:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\FileOpen
[2008/03/05 02:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\IMSI
[2008/04/23 17:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Juniper Networks
[2005/11/04 15:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Netscape
[2008/09/29 09:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Nuance
[2005/10/29 12:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\ScanSoft
[2006/07/08 09:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Seven Zip
[2005/12/01 19:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Simple Star
[2005/12/01 19:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Snapfish
[2005/10/19 18:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Thunderbird
[2006/02/13 12:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\WebPublisherDemo
[2006/07/08 09:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\{4588FC3C-C040-44E3-BB19-D9D014557FE1}
[2011/07/26 21:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\Canon
[2009/09/04 16:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\FileOpen
[2010/08/09 20:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\NewSoft
[2011/10/12 00:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\Saleq
[2009/08/18 23:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\ScanSoft
[2010/09/03 19:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\Thunderbird
[2011/10/12 02:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\Viur
[2009/07/03 07:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DeepBurner
[2008/08/16 08:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\Canon
[2006/02/20 15:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\FileOpen
[2008/04/10 13:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\Nuance
[2007/08/02 15:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\ScanSoft
[2006/02/23 02:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\Thunderbird
[2006/04/05 06:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\WebPublisherDemo

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/09/19 19:07:48 | 000,045,568 | ---- | M] (Atribune.org) -- C:\ATF-Cleaner.exe
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\gmer.exe
[2011/10/28 11:12:06 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\ServicePackFiles\i386\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOW2\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOW2\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOW2\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOW2\system32\svchost.exe
[2006/02/28 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOW2\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOW2\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOW2\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\system32\winlogon.exe

< C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\*.* /s >
[2010/02/21 03:08:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\allComes.jar-2367d1b3-6da7b282.idx
[2010/02/21 03:08:50 | 000,005,003 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\allComes.jar-2367d1b3-6da7b282.zip
[2010/02/27 00:35:15 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\esChat.jar-736f9de1-31df131a.idx
[2010/02/27 00:35:15 | 000,167,061 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\esChat.jar-736f9de1-31df131a.zip
[2009/08/28 01:01:25 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\f.cgi-4663b564-416c235c.idx
[2009/10/03 03:44:00 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\f.cgi-4663b564-416c235c.zip
[2009/08/25 10:13:34 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\f.cgi-6e503f59-41d362a3.idx
[2009/10/03 03:44:01 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\f.cgi-6e503f59-41d362a3.zip
[2009/09/01 23:14:48 | 000,003,301 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\FileOpenInstaller.jar-47959888-3a409049.idx
[2009/09/01 23:14:47 | 000,050,702 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\FileOpenInstaller.jar-47959888-3a409049.zip
[2010/03/04 10:23:17 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\jar.jar-3bcbbadc-187cddc5.idx
[2010/03/06 03:41:56 | 000,000,340 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\jar.jar-3bcbbadc-187cddc5.zip
[2009/07/08 02:40:48 | 000,003,107 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\JuniperSetupClientApplet.jar-6b16dbf1-71d8aa32.idx
[2009/07/08 02:40:48 | 000,441,956 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\JuniperSetupClientApplet.jar-6b16dbf1-71d8aa32.zip
[2009/07/12 05:35:43 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\jvmsecman.jar-6b26d6f5-61969cce.idx
[2009/07/12 05:35:38 | 000,000,157 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\jvmseria.jar-1e32bd68-7edcad93.idx
[2010/06/20 12:51:51 | 000,004,406 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\jvmseria.jar-1e32bd68-7edcad93.zip
[2009/07/12 05:35:55 | 000,000,157 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\jvmusafe.jar-6cdbf472-4287a518.idx
[2009/07/12 05:35:54 | 000,019,214 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\jvmusafe.jar-6cdbf472-4287a518.zip
[2010/03/04 10:23:14 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\midi.jar-6b787fee-120f86ed.idx
[2009/08/16 14:05:25 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\StarterJDK%5f20090609.jar-1ba76195-595c9638.idx
[2009/08/16 14:05:24 | 000,150,073 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\StarterJDK%5f20090609.jar-1ba76195-595c9638.zip
[2010/01/25 22:04:48 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\StarterJDK%5f20091211.jar-3133be08-4bbffef9.idx
[2010/01/14 23:09:12 | 000,152,444 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\StarterJDK%5f20091211.jar-3133be08-4bbffef9.zip
[2010/03/01 01:17:15 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\Touchup.jar-59d03bd5-4c234862.idx
[2010/03/01 01:17:15 | 000,114,985 | ---- | M] () -- C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\Touchup.jar-59d03bd5-4c234862.zip

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >



------------------------------


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-31 09:46:56
-----------------------------
09:46:56.546 OS Version: Windows 5.1.2600 Service Pack 3
09:46:56.546 Number of processors: 1 586 0x207
09:46:56.546 ComputerName: JAMES-HOME UserName: Baba
09:47:06.781 Initialize success
09:47:46.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
09:47:46.859 Disk 0 Vendor: WDC_WD800JB-00FMA0 13.03G13 Size: 76319MB BusType: 3
09:47:46.890 Disk 0 MBR read successfully
09:47:46.890 Disk 0 MBR scan
09:47:46.890 Disk 0 Windows XP default MBR code
09:47:46.906 Disk 0 scanning sectors +156296385
09:47:47.031 Disk 0 scanning C:\WINDOW2\system32\drivers
09:48:03.843 Service scanning
09:48:07.250 Modules scanning
09:48:24.312 Disk 0 trace - called modules:
09:48:24.328 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
09:48:24.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2cfab8]
09:48:24.328 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000060[0x8a2f79e8]
09:48:24.328 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a2f3d98]
09:48:24.671 Scan finished successfully
09:49:09.359 Disk 0 MBR has been saved successfully to "C:\Computer\MBR.dat"
09:49:09.359 The log file has been saved successfully to "C:\Computer\aswMBR 10-30-11.txt"
  • 0

Advertisements


#86
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

Although I don't recognize all the programs in the Task Manager, one is completely unknown to me. It is mixer.exe. It does not consume effectively any CPU and only minimal memory and therefore is by no means a problem - I'm just curious about what it does.


C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards (like yours)with on-board audio. It provides System Tray access to change audio settings and is also available via Start -> Settings -> Control Panel or Start -> Programs


Secondly, we did not seem to find hardly any viruses or malware - what what causing the problems?


That is what we were expecting after the OTL fix you had a Tracur virus that required resetting a registry value and then deleting that registry value. We also had a few system files that were corrupt and were deleted/replaced. We also were making sure you no longer had an active rootkit in your master boot record.


Step 1.



Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 2.

Please post:

checkup.txt

Please tell me of any issues with your computer now
  • 0

#87
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

Thanks for the info. The checkup.txt follows.

js


---------------------


Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Avira Antivirus Premium 2012
ESET Online Scanner v3
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java Web Start
Java™ 6 Update 20
Java 2 Runtime Environment, SE v1.4.1_02
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.1)
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (7.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
  • 0

#88
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

I noticed in the checkup log that my IE is outdated. I use IE only very rarely, mostly when I need to connect remotely to my office computer. I read that there were some problems with some post version 6 IE. If so, please recommend what I should do, stay with my version 6 or update of a newer version, and, if so, which one.

js
  • 0

#89
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Update Java:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to clear the Java Cache, remove older version Java components, and update:

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
Applications and Applets
Trace and Log Files


  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

    Download Current Version of Java
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 u1.
  • Click the "Download" button to the right for JRE.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation, jre-7u1 windows-i586.exe and save the file to your desktop.


    Uninstall Old Java
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    Java Web Start
    Java™ 6 Update 20
    Java 2 Runtime Environment, SE v1.4.1_02
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.

    Install New Java
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.


Step 2.

Your Internet Explorer is out of Date.

Please go to Start > All Programs > Microsoft update.

Select Custom When the install options come up install all critical and then do the internet explorer update all the way up to version 8 as well.

Newer version 8.0 has better security and additional features some sites now take advantage of for the user, plus it is integral to windows - so updating IE also updates windows!!
  • 0

#90
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

I installed the new Java with no problems, but I was not able to update IE.

I clicked on Windows Update, and then selected Custom, as instructed. However, then I got:


:) Files required to use Windows Update are no longer registered or installed on your computer, to continue:
o Register or reinstall the files for me now (Recommended)
o Let me read about more steps...


I chose the first and then got:

SERVER ERROR 403 Forbidden Access is Denied
You do not have permission to view ... using the credentials you supplied

Edited by jsaklas, 31 October 2011 - 11:37 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP