Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Removal of win32/ramnit.ae virus

Started by JAM266 , Oct 25 2011 05:14 AM

This topic is locked

#31
Essexboy

Posted 28 October 2011 - 02:09 PM

GeekU Moderator

Retired Staff
69,964 posts

No as TDSSKiller has done that and is still reporting the problem

#32
JAM266

Posted 29 October 2011 - 02:28 AM

Member

Topic Starter
Member
32 posts

OTL logfile created on: 10/29/2011 10:02:55 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 263.00 Mb Available Physical Memory | 51.00% Memory free
459.00 Mb Paging File | 299.00 Mb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 0.47 Gb Free Space | 2.50% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 10:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2002/09/20 12:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SliceDisk5)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (MpKslfb7a28dc)
DRV - File not found [Kernel | System] -- -- (MpKslf6d61e9f)
DRV - File not found [Kernel | System] -- -- (MpKslef3cbf47)
DRV - File not found [Kernel | System] -- -- (MpKslee39272f)
DRV - File not found [Kernel | System] -- -- (MpKslc71a369b)
DRV - File not found [Kernel | System] -- -- (MpKslb2427c90)
DRV - File not found [Kernel | System] -- -- (MpKslaf074d40)
DRV - File not found [Kernel | System] -- -- (MpKsla34930c7)
DRV - File not found [Kernel | System] -- -- (MpKsla04c51e7)
DRV - File not found [Kernel | System] -- -- (MpKsl96476bb0)
DRV - File not found [Kernel | System] -- -- (MpKsl7f69b9d9)
DRV - File not found [Kernel | System] -- -- (MpKsl7b3fc78e)
DRV - File not found [Kernel | System] -- -- (MpKsl79a6af6a)
DRV - File not found [Kernel | System] -- -- (MpKsl6735596a)
DRV - File not found [Kernel | System] -- -- (MpKsl3fe45779)
DRV - File not found [Kernel | System] -- -- (MpKsl3555347b)
DRV - File not found [Kernel | System] -- -- (MpKsl2763caa9)
DRV - File not found [Kernel | System] -- -- (MpKsl23c8a940)
DRV - File not found [Kernel | System] -- -- (MpKsl1b9047f5)
DRV - File not found [Kernel | System] -- -- (MpKsl13f99ac4)
DRV - File not found [Kernel | System] -- -- (MpKsl0cf79fe9)
DRV - File not found [Kernel | System] -- -- (MpKsl06b19df4)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/06/08 12:30:54 | 000,017,480 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2009/08/04 15:13:29 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/08/04 15:13:29 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/04/22 10:28:08 | 000,008,704 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/04/22 10:28:06 | 000,003,072 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2007/06/28 07:44:58 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/06/28 07:44:16 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2007/05/10 19:12:48 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2007/04/23 09:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2006/11/30 10:13:56 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se45bus.sys -- (se45bus) Sony Ericsson Device 069 driver (WDM)
DRV - [2006/07/25 09:03:42 | 000,086,432 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se45obex.sys -- (se45obex)
DRV - [2004/12/01 04:54:50 | 000,093,632 | ---- | M] (VM) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 A9 F6 B6 75 D9 CA 01 [binary data]
IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/28 13:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/28 16:54:48 | 000,000,000 | ---D | M]

[2011/10/28 12:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/29 10:55:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/11 08:27:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 05:27:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/09/11 11:41:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2007/12/04 16:46:58 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/04/29 10:55:11 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/09/11 11:40:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/08 08:32:11 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/08 08:32:11 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/08 08:32:11 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/03/24 06:34:04 | 000,002,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
[2011/10/08 08:32:11 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/10/27 14:42:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (Vimicro)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKU\User_ON_C..\Run: [KpwMkhgr] C:\Documents and Settings\User\Local Settings\Application Data\cjfawewb\kpwmkhgr.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\kpwmkhgr.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\User\Local Settings\Application Data\cjfawewb\kpwmkhgr.exe) - C:\Documents and Settings\User\Local Settings\Application Data\cjfawewb\kpwmkhgr.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/04 10:08:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/29 09:48:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2011/10/29 09:48:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\My Documents
[2011/10/28 16:14:27 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\User\Desktop\OTLPENet.exe
[2011/10/27 14:59:06 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/27 14:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\cjfawewb
[2011/10/27 14:41:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/27 14:41:05 | 000,000,000 | ---D | C] -- \_OTL
[2011/10/27 13:12:46 | 000,703,510 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/10/26 17:56:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2011/10/26 17:56:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/26 17:56:02 | 000,000,000 | -HSD | C] -- \RECYCLER
[2011/10/26 17:23:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2011/10/26 16:31:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/26 16:31:23 | 000,000,000 | RHSD | C] -- \cmdcons
[2011/10/26 13:08:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/26 13:08:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/26 13:08:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/26 13:08:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/26 13:06:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/26 13:05:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/26 13:05:46 | 000,000,000 | ---D | C] -- \Qoobox
[2011/10/26 12:44:11 | 004,271,590 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2011/10/24 10:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/16 11:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AutoTransfer
[2011/09/29 14:15:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\.mpr_file_store_32

========== Files - Modified Within 30 Days ==========

[2011/10/29 03:18:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/29 03:16:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/29 03:16:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/29 03:15:58 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/10/29 03:15:38 | 536,334,336 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/28 18:09:42 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/10/28 17:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/28 16:51:10 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk
[2011/10/28 16:18:51 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\User\Desktop\OTLPENet.exe
[2011/10/28 15:01:48 | 001,543,800 | ---- | M] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2011/10/28 06:42:05 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/28 06:35:13 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\User\jagex_runescape_preferences2.dat
[2011/10/28 06:27:45 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\User\jagex_runescape_preferences.dat
[2011/10/28 06:26:54 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\User\jagex_cl_runescape_LIVE.dat
[2011/10/27 17:09:14 | 000,078,766 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBRCheck.zip
[2011/10/27 17:00:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2011/10/27 16:55:22 | 001,879,208 | ---- | M] () -- C:\Documents and Settings\User\Desktop\aswMBR.zip
[2011/10/27 14:59:07 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/27 14:42:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/10/27 13:13:10 | 000,703,510 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/10/27 10:08:44 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/27 05:16:19 | 129,816,576 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2011/10/26 16:31:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/26 16:24:33 | 004,271,590 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2011/10/24 15:07:39 | 000,122,080 | ---- | M] () -- C:\Documents and Settings\User\Desktop\EConfickerRemover.exe
[2011/10/23 10:39:13 | 000,116,257 | --S- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\kpwmkhgr.exe
[2011/10/14 12:00:17 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/14 11:50:03 | 000,025,196 | ---- | M] () -- C:\Documents and Settings\User\My Documents\clip0010.avi
[2011/10/12 13:29:53 | 000,003,189 | ---- | M] () -- C:\Documents and Settings\User\Desktop\colpick.jpg
[2011/10/07 10:09:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/01 13:35:17 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files Created - No Company Name ==========

[2011/10/28 06:26:53 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\User\jagex_cl_runescape_LIVE.dat
[2011/10/27 17:30:27 | 001,543,800 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2011/10/27 17:08:48 | 000,078,766 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBRCheck.zip
[2011/10/27 17:00:16 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2011/10/27 16:54:47 | 001,879,208 | ---- | C] () -- C:\Documents and Settings\User\Desktop\aswMBR.zip
[2011/10/27 08:31:20 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/26 16:31:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/26 16:31:53 | 000,000,211 | ---- | C] () -- \Boot.bak
[2011/10/26 16:31:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/26 16:31:37 | 000,260,272 | RHS- | C] () -- \cmldr
[2011/10/26 13:08:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/26 13:08:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/26 13:08:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/26 13:08:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/26 13:08:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/26 10:07:31 | 129,816,576 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2011/10/26 10:07:31 | 129,816,576 | ---- | C] () -- \REMOVE_THIS_FILE.livecd.swap
[2011/10/24 15:06:34 | 000,122,080 | ---- | C] () -- C:\Documents and Settings\User\Desktop\EConfickerRemover.exe
[2011/10/23 10:39:29 | 000,116,257 | --S- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\kpwmkhgr.exe
[2011/10/14 11:50:00 | 000,025,196 | ---- | C] () -- C:\Documents and Settings\User\My Documents\clip0010.avi
[2011/10/12 13:29:53 | 000,003,189 | ---- | C] () -- C:\Documents and Settings\User\Desktop\colpick.jpg
[2011/06/21 10:42:34 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\User\Application Data\RSBuddy_jawz700.ini
[2011/06/08 12:32:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/06/08 12:21:59 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/08 11:49:46 | 536,334,336 | -HS- | C] () -- \hiberfil.sys
[2011/06/07 11:34:53 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\mlog
[2011/06/07 11:31:54 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ylog
[2011/03/30 13:44:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\.pspsh.hist
[2010/08/23 12:08:19 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/24 12:01:38 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\User\jagex__preferences3.dat
[2009/11/07 06:00:22 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009/11/07 06:00:21 | 001,663,488 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2009/11/07 06:00:21 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2009/11/07 06:00:21 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009/11/07 06:00:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/10/28 17:13:04 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\User\jagex_runescape_preferences2.dat
[2009/10/28 17:12:34 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\User\jagex_runescape_preferences.dat
[2009/10/19 13:56:51 | 000,000,286 | ---- | C] () -- \Shortcut to HP_RECOVERY (E).lnk
[2009/10/19 12:09:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\jagex_runescape_preferences.dat
[2009/08/03 11:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 11:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/08 04:33:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jnaqeqovuzi.bin
[2009/02/03 20:32:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2008/08/30 05:38:16 | 000,000,264 | ---- | C] () -- \ez_log.htm
[2008/05/31 15:48:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2008/05/25 14:36:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/03/30 11:40:53 | 000,000,268 | -H-- | C] () -- \sqmdata19.sqm
[2008/03/30 11:40:53 | 000,000,244 | -H-- | C] () -- \sqmnoopt19.sqm
[2008/03/13 14:18:57 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/16 18:16:12 | 000,000,244 | -H-- | C] () -- \sqmnoopt18.sqm
[2008/02/16 18:16:12 | 000,000,232 | -H-- | C] () -- \sqmdata18.sqm
[2008/02/02 13:11:17 | 000,000,244 | -H-- | C] () -- \sqmnoopt17.sqm
[2008/02/02 13:11:17 | 000,000,232 | -H-- | C] () -- \sqmdata17.sqm
[2008/02/02 10:37:37 | 000,000,244 | -H-- | C] () -- \sqmnoopt16.sqm
[2008/02/02 10:37:37 | 000,000,232 | -H-- | C] () -- \sqmdata16.sqm
[2008/01/19 05:37:13 | 000,000,268 | -H-- | C] () -- \sqmdata15.sqm
[2008/01/19 05:37:13 | 000,000,244 | -H-- | C] () -- \sqmnoopt15.sqm
[2008/01/19 04:54:53 | 000,000,268 | -H-- | C] () -- \sqmdata14.sqm
[2008/01/19 04:54:53 | 000,000,244 | -H-- | C] () -- \sqmnoopt14.sqm
[2008/01/18 17:58:37 | 000,000,244 | -H-- | C] () -- \sqmnoopt13.sqm
[2008/01/18 17:58:37 | 000,000,232 | -H-- | C] () -- \sqmdata13.sqm
[2008/01/18 17:56:33 | 000,000,244 | -H-- | C] () -- \sqmnoopt12.sqm
[2008/01/18 17:56:33 | 000,000,232 | -H-- | C] () -- \sqmdata12.sqm
[2008/01/18 16:58:25 | 000,000,244 | -H-- | C] () -- \sqmnoopt11.sqm
[2008/01/18 16:58:25 | 000,000,232 | -H-- | C] () -- \sqmdata11.sqm
[2008/01/04 14:57:02 | 000,000,268 | -H-- | C] () -- \sqmdata10.sqm
[2008/01/04 14:57:02 | 000,000,244 | -H-- | C] () -- \sqmnoopt10.sqm
[2008/01/04 13:59:43 | 000,000,268 | -H-- | C] () -- \sqmdata09.sqm
[2008/01/04 13:59:43 | 000,000,244 | -H-- | C] () -- \sqmnoopt09.sqm
[2008/01/04 13:55:15 | 000,000,268 | -H-- | C] () -- \sqmdata08.sqm
[2008/01/04 13:55:15 | 000,000,244 | -H-- | C] () -- \sqmnoopt08.sqm
[2008/01/04 11:10:16 | 000,000,268 | -H-- | C] () -- \sqmdata07.sqm
[2008/01/04 11:10:16 | 000,000,244 | -H-- | C] () -- \sqmnoopt07.sqm
[2007/12/20 08:24:45 | 000,000,268 | -H-- | C] () -- \sqmdata06.sqm
[2007/12/20 08:24:45 | 000,000,244 | -H-- | C] () -- \sqmnoopt06.sqm
[2007/12/19 16:33:28 | 000,000,232 | -H-- | C] () -- \sqmdata05.sqm
[2007/12/19 16:33:27 | 000,000,244 | -H-- | C] () -- \sqmnoopt05.sqm
[2007/12/19 15:13:29 | 000,000,244 | -H-- | C] () -- \sqmnoopt04.sqm
[2007/12/19 15:13:29 | 000,000,232 | -H-- | C] () -- \sqmdata04.sqm
[2007/12/19 13:30:42 | 000,000,244 | -H-- | C] () -- \sqmnoopt03.sqm
[2007/12/19 13:30:42 | 000,000,232 | -H-- | C] () -- \sqmdata03.sqm
[2007/12/18 14:43:02 | 000,000,393 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/12/08 17:25:27 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/12/07 12:23:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/06 17:35:45 | 000,000,268 | -H-- | C] () -- \sqmdata02.sqm
[2007/12/06 17:35:45 | 000,000,244 | -H-- | C] () -- \sqmnoopt02.sqm
[2007/12/05 13:21:05 | 000,000,244 | -H-- | C] () -- \sqmnoopt01.sqm
[2007/12/05 13:21:05 | 000,000,232 | -H-- | C] () -- \sqmdata01.sqm
[2007/12/05 13:11:50 | 000,000,268 | -H-- | C] () -- \sqmdata00.sqm
[2007/12/05 13:11:50 | 000,000,244 | -H-- | C] () -- \sqmnoopt00.sqm
[2007/12/04 19:48:57 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2007/12/04 19:22:26 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/04 19:12:24 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2007/12/04 19:11:59 | 000,065,024 | ---- | C] () -- C:\WINDOWS\IFinst26.exe
[2007/12/04 17:57:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/12/04 11:20:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/04 10:47:38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/12/04 10:11:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/12/04 10:08:05 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2007/12/04 10:08:05 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2007/12/04 10:08:05 | 000,000,000 | ---- | C] () -- \CONFIG.SYS
[2007/12/04 10:08:05 | 000,000,000 | ---- | C] () -- \AUTOEXEC.BAT
[2007/12/04 10:03:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/12/04 09:55:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/04 09:53:16 | 000,262,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/04 09:52:25 | 000,000,327 | RHS- | C] () -- \boot.ini
[2004/12/20 07:08:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 07:03:26 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,505,056 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,250,032 | RHS- | C] () -- \ntldr
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,088,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,047,564 | RHS- | C] () -- \NTDETECT.COM
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/18 10:55:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2003/08/18 10:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 11:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2002/05/28 14:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 14:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/01/19 15:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE

========== LOP Check ==========

[2011/10/16 11:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AutoTransfer
[2007/12/04 19:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DataCast
[2011/10/27 17:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DVDVideoSoft
[2011/09/05 16:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers
[2011/06/07 11:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\E945C755DA8BBB08C86D65C127AC53A4
[2011/06/07 14:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ekaris
[2009/07/23 14:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FrostWire
[2011/03/18 14:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GameTuts
[2011/06/07 17:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Geek
[2009/11/06 10:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\JAM Software
[2007/12/04 11:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SampleView
[2011/05/08 11:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TeamViewer
[2010/12/11 11:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Tific
[2011/06/20 11:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Uniblue
[2011/07/09 13:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/12/18 14:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/10/25 13:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2011/02/17 10:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2011/06/08 12:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2007/12/29 15:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/10/24 15:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/12/01 19:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/10/16 13:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/10 12:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/17 15:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/06/20 11:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/10/29 03:15:58 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

========== Custom Scans ==========

Invalid Environment Variable: %temp%\smtmp\*.*

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/03 19:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/03 19:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2009/12/19 18:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ntoskrnl.exe
[2009/12/08 19:52:36 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=05BE3D9A71972223AFF6A3C823BA51B1 -- C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[2008/04/13 15:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[2009/12/08 14:14:02 | 002,185,984 | ---- | M] (Microsoft Corporation) MD5=128D88B3176E70B2E3088ECEB842B673 -- C:\WINDOWS\$hf_mig$\KB977165\SP2QFE\ntoskrnl.exe
[2005/03/01 21:04:22 | 002,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[2008/08/14 11:11:10 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=31914172342BFF330063F343AC6958FE -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[2009/12/08 14:55:25 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=5648297DBF1C631164F779863DF9D5BF -- C:\WINDOWS\$NtUninstallKB979683$\ntoskrnl.exe
[2007/02/28 05:55:14 | 002,182,144 | ---- | M] (Microsoft Corporation) MD5=5A5C8DB4AA962C714C8371FBDF189FC9 -- C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[2009/02/06 06:32:03 | 002,186,112 | ---- | M] (Microsoft Corporation) MD5=6A936E9D7BADAF3CAAEED1E1966EC1B0 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[2009/12/08 15:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOWS\$hf_mig$\KB977165\SP3GDR\ntoskrnl.exe
[2009/02/06 07:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[2009/08/04 15:44:46 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=8415D9C7C050E7022AED8ABF281BE4A6 -- C:\WINDOWS\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[2009/08/04 08:51:17 | 002,185,984 | ---- | M] (Microsoft Corporation) MD5=8DF112C341425F29DB4566B8D2A96A7F -- C:\WINDOWS\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[2010/02/16 13:37:57 | 002,186,880 | ---- | M] (Microsoft Corporation) MD5=97E2BF68857818A4D142B872404DC41B -- C:\WINDOWS\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe
[2008/08/14 05:57:20 | 002,185,984 | ---- | M] (Microsoft Corporation) MD5=CE69DBD54221F2D40E49FF6DB77C6507 -- C:\WINDOWS\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[2010/02/17 04:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) MD5=D41C3CBAD0E1C0728D1CDFD541F60CFA -- C:\WINDOWS\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
[2009/08/04 10:00:46 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=D6B537A639D623ED85B73AF3E3BE4B94 -- C:\WINDOWS\$NtUninstallKB977165$\ntoskrnl.exe
[2006/02/21 00:01:46 | 002,180,992 | ---- | M] (Microsoft Corporation) MD5=DF4D09B676964646FA166A78C816B4C3 -- C:\WINDOWS\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
[2010/02/16 08:52:12 | 002,190,080 | ---- | M] (Microsoft Corporation) MD5=E1F653A542449D54FA2D27463D99B6B6 -- C:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[2010/02/16 09:19:55 | 002,181,376 | ---- | M] (Microsoft Corporation) MD5=EBB75B113E74E90074382347B74D652B -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2010/02/16 09:19:55 | 002,181,376 | ---- | M] (Microsoft Corporation) MD5=EBB75B113E74E90074382347B74D652B -- C:\WINDOWS\ERDNT\cache\ntoskrnl.exe
[2010/02/16 09:19:55 | 002,181,376 | ---- | M] (Microsoft Corporation) MD5=EBB75B113E74E90074382347B74D652B -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2010/02/16 09:19:55 | 002,181,376 | ---- | M] (Microsoft Corporation) MD5=EBB75B113E74E90074382347B74D652B -- C:\WINDOWS\system32\ntoskrnl.exe
[2008/08/14 06:11:02 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EEAF32F8E15A24F62BECB1BD403BB5C5 -- C:\WINDOWS\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[2009/02/07 14:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2009/08/04 09:56:10 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe

< MD5 for: UXTHEME.DLL >
[2004/08/04 08:00:00 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=2CDE496666A975A2CE8F969F3042C8DB -- C:\WINDOWS\system32\dllcache\uxtheme.dll
[2004/08/04 08:00:00 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=2CDE496666A975A2CE8F969F3042C8DB -- C:\WINDOWS\system32\uxtheme.dll
[2008/04/13 20:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\uxtheme.dll

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

< C:\*.* >
[2007/12/04 10:08:05 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/06/08 12:01:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/26 16:31:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 18:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/10/26 17:21:05 | 000,024,851 | ---- | M] () -- C:\ComboFix.txt
[2007/12/04 10:08:05 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/08/30 05:38:16 | 000,000,264 | ---- | M] () -- C:\ez_log.htm
[2009/10/25 13:28:56 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log
[2011/10/29 03:15:38 | 536,334,336 | -HS- | M] () -- C:\hiberfil.sys
[2007/12/04 10:08:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/12/04 10:08:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 08:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/10/29 09:43:47 | 000,063,548 | ---- | M] () -- C:\OTL.Txt
[2011/10/29 03:15:33 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2011/10/27 05:16:19 | 129,816,576 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2011/10/27 08:46:15 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2009/09/27 09:20:47 | 000,000,091 | ---- | M] () -- C:\setup.log
[2007/12/18 14:59:22 | 000,000,168 | ---- | M] () -- C:\setupfax.log
[2009/10/19 13:56:51 | 000,000,286 | ---- | M] () -- C:\Shortcut to HP_RECOVERY (E).lnk
[2007/12/05 13:11:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/12/05 13:21:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/12/06 17:35:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/12/19 13:30:42 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/12/19 15:13:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/12/19 16:33:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2007/12/20 08:24:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/01/04 11:10:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/01/04 13:55:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/01/04 13:59:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/01/04 14:57:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/01/18 16:58:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/01/18 17:56:33 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/01/18 17:58:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/01/19 04:54:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/01/19 05:37:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/02/02 10:37:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/02/02 13:11:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/02/16 18:16:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/03/30 11:40:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2007/12/05 13:11:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/12/05 13:21:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/12/06 17:35:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/12/19 13:30:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/12/19 15:13:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/12/19 16:33:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007/12/20 08:24:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/01/04 11:10:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/01/04 13:55:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/01/04 13:59:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/01/04 14:57:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/01/18 16:58:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/01/18 17:56:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/01/18 17:58:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/01/19 04:54:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/01/19 05:37:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/02/02 10:37:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/02/02 13:11:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/02/16 18:16:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/03/30 11:40:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2011/06/08 10:02:56 | 000,040,102 | ---- | M] () -- C:\TDSSKiller.2.5.4.0_08.06.2011_15.01.38_log.txt
[2011/06/08 11:19:17 | 000,039,374 | ---- | M] () -- C:\TDSSKiller.2.5.4.0_08.06.2011_16.17.51_log.txt
[2011/10/27 18:58:25 | 000,104,312 | ---- | M] () -- C:\TDSSKiller.2.6.13.0_27.10.2011_22.33.16_log.txt
[2011/10/28 14:30:46 | 000,053,070 | ---- | M] () -- C:\TDSSKiller.2.6.13.0_28.10.2011_18.44.55_log.txt
[2011/10/28 16:34:37 | 000,053,070 | ---- | M] () -- C:\TDSSKiller.2.6.13.0_28.10.2011_20.19.38_log.txt

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/08 08:32:12 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/08 08:32:12 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/08 08:32:12 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/08 08:32:02 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/08 08:32:02 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/08 08:32:02 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 09:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 09:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 09:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 10:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 10:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/11/05 17:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/11/05 17:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/11/05 17:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/11/05 17:14:44 | 001,794,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/08 08:32:12 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/08 08:32:12 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/08 08:32:12 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/08 08:32:02 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/08 08:32:02 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/08 08:32:02 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 09:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 09:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 09:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 10:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 10:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/11/05 17:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/11/05 17:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/11/05 17:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/11/05 17:14:44 | 001,794,848 | ---- | M] (Apple Inc.)

< CREATERESTOREPOINT >

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19D65491
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#33
Essexboy

Posted 29 October 2011 - 05:42 AM

GeekU Moderator

Retired Staff
69,964 posts

Well that revealed some hidden files - so we will kill them and fix the MBR

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
[attachment=53241:fix.txt]

Insert your USB drive with fix.txt on it
Start OTLPE
Drag and drop fix.txt into the Custom scans and fixes box
If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done to normal mode if possible
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

THEN

On the Reatogo desktop there is a MBRFix icon

Double click that

In the box type the following and press enter

MBRFix /drive 0

Accept any warnings

Reboot to normal windows and let me know how the computer is behaving

#34
JAM266

Posted 29 October 2011 - 06:18 AM

Member

Topic Starter
Member
32 posts

========== OTL ==========
Registry value HKEY_USERS\User_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
C:\Documents and Settings\User\Start Menu\Programs\Startup\kpwmkhgr.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\User\Local Settings\Application Data\cjfawewb\kpwmkhgr.exe deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\cjfawewb\kpwmkhgr.exe moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\cjfawewb folder moved successfully.
File C:\Documents and Settings\User\Start Menu\Programs\Startup\kpwmkhgr.exe not found.
C:\Documents and Settings\User\Application Data\E945C755DA8BBB08C86D65C127AC53A4 folder moved successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 10292011_151610

#35
Essexboy

Posted 29 October 2011 - 06:20 AM

GeekU Moderator

Retired Staff
69,964 posts

OK just the fixmbr to do now

#36
JAM266

Posted 29 October 2011 - 06:50 AM

Member

Topic Starter
Member
32 posts

Ok rebooted to normal windows
What would you like me to do next?

#37
Essexboy

Posted 29 October 2011 - 06:54 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you now run a fresh TDSSKiller run please and let me know what problems you are having

#38
JAM266

Posted 29 October 2011 - 07:30 AM

Member

Topic Starter
Member
32 posts

Computer and internet is running slow

16:05:37.0812 0680 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
16:05:39.0328 0680 ============================================================
16:05:39.0328 0680 Current date / time: 2011/10/29 16:05:39.0328
16:05:39.0328 0680 SystemInfo:
16:05:39.0328 0680
16:05:39.0328 0680 OS Version: 5.1.2600 ServicePack: 2.0
16:05:39.0328 0680 Product type: Workstation
16:05:39.0343 0680 ComputerName: USER-CCB8100A40
16:05:39.0343 0680 UserName: User
16:05:39.0343 0680 Windows directory: C:\WINDOWS
16:05:39.0343 0680 System windows directory: C:\WINDOWS
16:05:39.0343 0680 Processor architecture: Intel x86
16:05:39.0343 0680 Number of processors: 1
16:05:39.0343 0680 Page size: 0x1000
16:05:39.0343 0680 Boot type: Normal boot
16:05:39.0343 0680 ============================================================
16:05:51.0015 0680 Initialize success
16:06:13.0109 1068 ============================================================
16:06:13.0109 1068 Scan started
16:06:13.0109 1068 Mode: Manual; SigCheck; TDLFS;
16:06:13.0109 1068 ============================================================
16:06:32.0281 1068 Abiosdsk - ok
16:06:33.0046 1068 abp480n5 - ok
16:06:34.0421 1068 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
16:07:06.0406 1068 ac97intc - ok
16:07:07.0937 1068 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:07:10.0062 1068 ACPI - ok
16:07:10.0843 1068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:07:12.0296 1068 ACPIEC - ok
16:07:12.0687 1068 adpu160m - ok
16:07:13.0218 1068 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
16:07:14.0375 1068 aeaudio - ok
16:07:15.0984 1068 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
16:07:18.0781 1068 aec - ok
16:07:19.0625 1068 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
16:07:20.0515 1068 AFD - ok
16:07:21.0890 1068 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:07:22.0953 1068 agp440 - ok
16:07:23.0484 1068 Aha154x - ok
16:07:24.0000 1068 aic78u2 - ok
16:07:24.0812 1068 aic78xx - ok
16:07:25.0500 1068 AliIde - ok
16:07:26.0187 1068 amsint - ok
16:07:26.0640 1068 asc - ok
16:07:27.0171 1068 asc3350p - ok
16:07:28.0328 1068 asc3550 - ok
16:07:29.0531 1068 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:07:30.0437 1068 AsyncMac - ok
16:07:31.0140 1068 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:07:32.0234 1068 atapi - ok
16:07:32.0890 1068 Atdisk - ok
16:07:33.0531 1068 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:07:34.0187 1068 Atmarpc - ok
16:07:35.0125 1068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:07:35.0843 1068 audstub - ok
16:07:36.0328 1068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:07:37.0671 1068 Beep - ok
16:07:38.0156 1068 catchme - ok
16:07:39.0250 1068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:07:59.0046 1068 cbidf2k - ok
16:08:01.0000 1068 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:08:01.0890 1068 CCDECODE - ok
16:08:02.0765 1068 cd20xrnt - ok
16:08:03.0781 1068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:08:05.0171 1068 Cdaudio - ok
16:08:05.0937 1068 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
16:08:06.0578 1068 Cdfs - ok
16:08:07.0875 1068 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:08:09.0687 1068 Cdrom - ok
16:08:11.0531 1068 Changer - ok
16:08:13.0187 1068 CmdIde - ok
16:08:14.0140 1068 Cpqarray - ok
16:08:14.0687 1068 dac2w2k - ok
16:08:15.0703 1068 dac960nt - ok
16:08:17.0171 1068 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
16:08:18.0640 1068 Disk - ok
16:08:21.0296 1068 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
16:08:23.0625 1068 dmboot - ok
16:08:25.0000 1068 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
16:08:26.0062 1068 dmio - ok
16:08:27.0218 1068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:08:29.0593 1068 dmload - ok
16:08:30.0421 1068 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
16:08:31.0531 1068 DMusic - ok
16:08:32.0015 1068 dpti2o - ok
16:08:32.0828 1068 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
16:08:33.0390 1068 drmkaud - ok
16:08:34.0531 1068 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:08:35.0671 1068 E100B - ok
16:08:36.0718 1068 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) C:\WINDOWS\system32\epmntdrv.sys
16:08:38.0890 1068 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
16:08:38.0890 1068 epmntdrv - detected UnsignedFile.Multi.Generic (1)
16:08:40.0093 1068 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\WINDOWS\system32\EuGdiDrv.sys
16:08:40.0859 1068 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
16:08:40.0859 1068 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
16:08:42.0625 1068 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
16:08:45.0109 1068 Fastfat - ok
16:08:46.0000 1068 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:08:46.0953 1068 Fdc - ok
16:08:48.0015 1068 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
16:08:48.0718 1068 Fips - ok
16:08:49.0421 1068 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:08:51.0671 1068 Flpydisk - ok
16:08:52.0484 1068 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:08:53.0968 1068 FltMgr - ok
16:08:55.0000 1068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:09:06.0765 1068 Fs_Rec - ok
16:09:07.0796 1068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:09:08.0640 1068 Ftdisk - ok
16:09:09.0750 1068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:09:10.0703 1068 GEARAspiWDM - ok
16:09:12.0109 1068 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
16:09:16.0718 1068 ggflt - ok
16:09:17.0500 1068 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
16:09:18.0750 1068 ggsemc - ok
16:09:20.0125 1068 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:09:21.0625 1068 Gpc - ok
16:09:22.0578 1068 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:09:23.0515 1068 HidUsb - ok
16:09:24.0625 1068 hitmanpro35 (60de0d719dd083a8beb476da616d2811) C:\WINDOWS\system32\drivers\hitmanpro35.sys
16:09:24.0937 1068 hitmanpro35 - ok
16:09:25.0703 1068 hpn - ok
16:09:26.0968 1068 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
16:09:29.0406 1068 HTTP - ok
16:09:30.0312 1068 i2omgmt - ok
16:09:31.0093 1068 i2omp - ok
16:09:32.0062 1068 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:09:35.0812 1068 i8042prt - ok
16:09:36.0406 1068 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:09:37.0171 1068 Imapi - ok
16:09:37.0812 1068 ini910u - ok
16:09:38.0703 1068 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:09:39.0390 1068 IntelIde - ok
16:09:40.0062 1068 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:09:40.0937 1068 Ip6Fw - ok
16:09:42.0296 1068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:09:43.0328 1068 IpFilterDriver - ok
16:09:44.0218 1068 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:09:44.0828 1068 IpInIp - ok
16:09:45.0593 1068 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:09:46.0921 1068 IpNat - ok
16:09:48.0031 1068 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:09:49.0593 1068 IPSec - ok
16:09:50.0437 1068 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:09:51.0000 1068 IRENUM - ok
16:09:51.0859 1068 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:09:52.0484 1068 isapnp - ok
16:09:53.0109 1068 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:09:53.0671 1068 Kbdclass - ok
16:09:54.0828 1068 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:09:56.0953 1068 kbdhid - ok
16:09:57.0906 1068 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
16:10:00.0156 1068 kmixer - ok
16:10:01.0125 1068 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
16:10:04.0312 1068 KSecDD - ok
16:10:04.0984 1068 lbrtfdc - ok
16:10:05.0843 1068 libusb0 (d1598203b19b4922531a8bd6811547f7) C:\WINDOWS\system32\DRIVERS\libusb0.sys
16:10:07.0250 1068 libusb0 ( UnsignedFile.Multi.Generic ) - warning
16:10:07.0250 1068 libusb0 - detected UnsignedFile.Multi.Generic (1)
16:10:08.0546 1068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:10:09.0234 1068 mnmdd - ok
16:10:11.0421 1068 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
16:10:12.0796 1068 Modem - ok
16:10:14.0625 1068 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:10:15.0640 1068 Mouclass - ok
16:10:17.0046 1068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:10:17.0984 1068 mouhid - ok
16:10:19.0031 1068 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
16:10:19.0812 1068 MountMgr - ok
16:10:21.0328 1068 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:10:30.0937 1068 MpFilter - ok
16:10:32.0343 1068 MpKsl06b19df4 - ok
16:10:34.0687 1068 MpKsl0c02d25e (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2FF70333-37F8-4622-8CE0-D25FEC2B592C}\MpKsl0c02d25e.sys
16:10:35.0546 1068 MpKsl0c02d25e - ok
16:10:37.0062 1068 MpKsl0cf79fe9 - ok
16:10:38.0406 1068 MpKsl13f99ac4 - ok
16:10:39.0718 1068 MpKsl1b9047f5 - ok
16:10:40.0812 1068 MpKsl23c8a940 - ok
16:10:41.0937 1068 MpKsl2763caa9 - ok
16:10:43.0156 1068 MpKsl3555347b - ok
16:10:44.0281 1068 MpKsl3fe45779 - ok
16:10:45.0500 1068 MpKsl6735596a - ok
16:10:46.0921 1068 MpKsl79a6af6a - ok
16:10:48.0093 1068 MpKsl7b3fc78e - ok
16:10:49.0250 1068 MpKsl7f69b9d9 - ok
16:10:50.0406 1068 MpKsl96476bb0 - ok
16:10:51.0578 1068 MpKsla04c51e7 - ok
16:10:52.0921 1068 MpKsla34930c7 - ok
16:10:54.0218 1068 MpKslaf074d40 - ok
16:10:55.0437 1068 MpKslb2427c90 - ok
16:10:56.0812 1068 MpKslc71a369b - ok
16:10:58.0125 1068 MpKslee39272f - ok
16:10:59.0421 1068 MpKslef3cbf47 - ok
16:11:00.0984 1068 MpKslf6d61e9f - ok
16:11:02.0343 1068 MpKslfb7a28dc - ok
16:11:03.0625 1068 mraid35x - ok
16:11:05.0921 1068 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:11:45.0656 1068 MRxDAV - ok
16:11:46.0328 1068 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:11:47.0296 1068 MRxSmb - ok
16:11:47.0937 1068 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
16:11:48.0531 1068 Msfs - ok
16:11:49.0578 1068 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:11:50.0531 1068 MSKSSRV - ok
16:11:50.0984 1068 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:11:51.0421 1068 MSPCLOCK - ok
16:11:51.0921 1068 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
16:11:52.0531 1068 MSPQM - ok
16:11:53.0109 1068 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:11:53.0640 1068 mssmbios - ok
16:11:54.0078 1068 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
16:11:54.0812 1068 MSTEE - ok
16:11:55.0406 1068 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
16:11:56.0046 1068 Mup - ok
16:11:56.0625 1068 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:11:57.0265 1068 NABTSFEC - ok
16:11:58.0031 1068 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
16:11:58.0812 1068 NDIS - ok
16:11:59.0546 1068 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:12:00.0406 1068 NdisIP - ok
16:12:01.0203 1068 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:12:03.0953 1068 NdisTapi - ok
16:12:04.0609 1068 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:12:05.0281 1068 Ndisuio - ok
16:12:06.0250 1068 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:12:07.0296 1068 NdisWan - ok
16:12:08.0390 1068 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
16:12:11.0390 1068 NDProxy - ok
16:12:12.0093 1068 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:12:12.0984 1068 NetBIOS - ok
16:12:13.0796 1068 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:12:15.0078 1068 NetBT - ok
16:12:17.0062 1068 nmwcd (e380bbcad640304737650367ddfa2366) C:\WINDOWS\system32\drivers\nmwcd.sys
16:12:19.0062 1068 nmwcd - ok
16:12:19.0937 1068 nmwcdc (3c4650af9712ae0cb405064b6278ccad) C:\WINDOWS\system32\drivers\nmwcdc.sys
16:12:20.0343 1068 nmwcdc - ok
16:12:21.0046 1068 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
16:12:21.0515 1068 Npfs - ok
16:12:22.0703 1068 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
16:12:26.0187 1068 Ntfs - ok
16:12:27.0125 1068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:12:27.0515 1068 Null - ok
16:12:30.0125 1068 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:12:35.0250 1068 nv - ok
16:12:36.0234 1068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:12:37.0734 1068 NwlnkFlt - ok
16:12:38.0671 1068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:12:39.0390 1068 NwlnkFwd - ok
16:12:39.0703 1068 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
16:12:40.0984 1068 Parport - ok
16:12:41.0312 1068 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
16:12:42.0406 1068 PartMgr - ok
16:12:42.0671 1068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:12:43.0625 1068 ParVdm - ok
16:12:44.0015 1068 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
16:12:45.0156 1068 PCI - ok
16:12:45.0359 1068 PCIDump - ok
16:12:45.0500 1068 PCIIde - ok
16:12:45.0718 1068 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:12:46.0656 1068 Pcmcia - ok
16:12:46.0796 1068 PDCOMP - ok
16:12:46.0906 1068 PDFRAME - ok
16:12:47.0031 1068 PDRELI - ok
16:12:47.0281 1068 PDRFRAME - ok
16:12:47.0546 1068 perc2 - ok
16:12:47.0750 1068 perc2hib - ok
16:12:48.0109 1068 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:12:49.0296 1068 PptpMiniport - ok
16:12:49.0656 1068 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
16:12:50.0718 1068 Processor - ok
16:12:51.0078 1068 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
16:12:52.0171 1068 PSched - ok
16:12:52.0500 1068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:12:53.0656 1068 Ptilink - ok
16:12:54.0234 1068 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:12:54.0562 1068 PxHelp20 - ok
16:12:55.0328 1068 ql1080 - ok
16:12:55.0890 1068 Ql10wnt - ok
16:12:56.0453 1068 ql12160 - ok
16:12:57.0062 1068 ql1240 - ok
16:12:57.0437 1068 ql1280 - ok
16:12:57.0890 1068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:12:59.0203 1068 RasAcd - ok
16:13:00.0250 1068 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:13:01.0312 1068 Rasl2tp - ok
16:13:01.0625 1068 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:13:02.0765 1068 RasPppoe - ok
16:13:03.0093 1068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:13:03.0593 1068 Raspti - ok
16:13:04.0437 1068 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:13:06.0859 1068 Rdbss - ok
16:13:07.0171 1068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:13:08.0078 1068 RDPCDD - ok
16:13:08.0531 1068 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:13:09.0578 1068 rdpdr - ok
16:13:09.0906 1068 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
16:13:12.0265 1068 RDPWD - ok
16:13:12.0671 1068 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:13:13.0734 1068 redbook - ok
16:13:14.0218 1068 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys
16:13:14.0531 1068 s115bus - ok
16:13:15.0156 1068 se45bus (531ebc57db331c8500c042d9f8a6aef2) C:\WINDOWS\system32\DRIVERS\se45bus.sys
16:13:15.0609 1068 se45bus - ok
16:13:16.0218 1068 se45obex (5e003693822460d37516d9a262de9e11) C:\WINDOWS\system32\DRIVERS\se45obex.sys
16:13:17.0062 1068 se45obex - ok
16:13:17.0937 1068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:13:19.0343 1068 Secdrv - ok
16:13:20.0156 1068 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:13:20.0734 1068 serenum - ok
16:13:21.0828 1068 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
16:13:23.0390 1068 Serial - ok
16:13:23.0906 1068 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:13:24.0906 1068 Sfloppy - ok
16:13:25.0171 1068 Simbad - ok
16:13:25.0343 1068 SliceDisk5 - ok
16:13:25.0640 1068 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:13:26.0640 1068 SLIP - ok
16:13:27.0109 1068 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
16:13:27.0968 1068 smwdm - ok
16:13:28.0421 1068 Sparrow - ok
16:13:28.0718 1068 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
16:13:30.0781 1068 splitter - ok
16:13:31.0093 1068 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
16:13:32.0156 1068 sr - ok
16:13:32.0500 1068 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
16:13:33.0000 1068 Srv - ok
16:13:33.0343 1068 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:13:34.0250 1068 streamip - ok
16:13:34.0734 1068 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:13:35.0703 1068 swenum - ok
16:13:36.0125 1068 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
16:13:37.0078 1068 swmidi - ok
16:13:37.0312 1068 symc810 - ok
16:13:38.0171 1068 symc8xx - ok
16:13:38.0375 1068 sym_hi - ok
16:13:38.0562 1068 sym_u3 - ok
16:13:38.0890 1068 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
16:13:39.0921 1068 sysaudio - ok
16:13:40.0328 1068 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:13:41.0218 1068 Tcpip - ok
16:13:41.0609 1068 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:13:42.0218 1068 TDPIPE - ok
16:13:43.0218 1068 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
16:13:44.0171 1068 TDTCP - ok
16:13:45.0906 1068 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:13:46.0578 1068 TermDD - ok
16:13:47.0453 1068 TosIde - ok
16:13:48.0671 1068 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
16:13:50.0437 1068 Udfs - ok
16:13:50.0984 1068 ultra - ok
16:13:52.0015 1068 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
16:13:53.0921 1068 Update - ok
16:13:54.0750 1068 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:13:55.0531 1068 USBAAPL - ok
16:13:55.0890 1068 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
16:13:58.0203 1068 usbaudio - ok
16:13:58.0531 1068 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:14:00.0484 1068 usbccgp - ok
16:14:00.0937 1068 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:14:02.0984 1068 usbhub - ok
16:14:03.0250 1068 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:14:04.0890 1068 usbprint - ok
16:14:05.0250 1068 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:14:06.0968 1068 usbscan - ok
16:14:07.0390 1068 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:14:08.0890 1068 USBSTOR - ok
16:14:09.0156 1068 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:14:10.0890 1068 usbuhci - ok
16:14:11.0218 1068 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:14:13.0468 1068 usbvideo - ok
16:14:13.0828 1068 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
16:14:15.0687 1068 VgaSave - ok
16:14:15.0859 1068 ViaIde - ok
16:14:16.0171 1068 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
16:14:17.0984 1068 VolSnap - ok
16:14:18.0359 1068 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:14:20.0140 1068 Wanarp - ok
16:14:20.0531 1068 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:14:21.0359 1068 Wdf01000 - ok
16:14:21.0578 1068 WDICA - ok
16:14:21.0859 1068 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
16:14:24.0640 1068 wdmaud - ok
16:14:25.0218 1068 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
16:14:25.0812 1068 WpdUsb - ok
16:14:26.0234 1068 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:14:27.0359 1068 WSTCODEC - ok
16:14:27.0828 1068 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:14:29.0234 1068 WudfPf - ok
16:14:29.0687 1068 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
16:14:30.0265 1068 WUDFRd - ok
16:14:31.0171 1068 ZSMC301b (d94d9777e33c70e8489c7e6ce678fd23) C:\WINDOWS\system32\Drivers\usbVM31b.sys
16:14:31.0968 1068 ZSMC301b - ok
16:14:32.0093 1068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:14:33.0843 1068 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:14:33.0843 1068 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:14:33.0890 1068 Boot (0x1200) (60669a18b8df7b80011ad46980132f67) \Device\Harddisk0\DR0\Partition0
16:14:33.0937 1068 \Device\Harddisk0\DR0\Partition0 - ok
16:14:33.0953 1068 ============================================================
16:14:33.0953 1068 Scan finished
16:14:33.0968 1068 ============================================================
16:14:34.0484 0728 Detected object count: 4
16:14:34.0484 0728 Actual detected object count: 4
16:15:20.0625 0728 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:15:20.0625 0728 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:15:20.0625 0728 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:15:20.0625 0728 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:15:20.0625 0728 libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user
16:15:20.0625 0728 libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:15:20.0656 0728 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:15:20.0656 0728 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#39
Essexboy

Posted 29 October 2011 - 07:47 AM

GeekU Moderator

Retired Staff
69,964 posts

It is still reporting which is a tad weird, lets get a second opinion - what are your current problems

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#40
JAM266

Posted 29 October 2011 - 09:25 AM

Member

Topic Starter
Member
32 posts

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-29 17:07:46
-----------------------------
17:07:46.328 OS Version: Windows 5.1.2600 Service Pack 2
17:07:46.328 Number of processors: 1 586 0xA
17:07:46.328 ComputerName: USER-CCB8100A40 UserName: User
17:08:03.859 Initialize success
17:09:05.046 AVAST engine defs: 11102900
17:09:29.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:09:29.921 Disk 0 Vendor: WDC_WD200BB-60CJA0 16.06V16 Size: 19092MB BusType: 3
17:09:31.984 Disk 0 MBR read successfully
17:09:31.984 Disk 0 MBR scan
17:09:32.437 Disk 0 Windows XP default MBR code
17:09:32.500 Disk 0 scanning sectors +39100320
17:09:32.859 Disk 0 scanning C:\WINDOWS\system32\drivers
17:11:15.703 Service scanning
17:11:25.078 Service MpKsl21ba89e6 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA8967CB-0961-445F-83CE-D456BB24C9E5}\MpKsl21ba89e6.sys **LOCKED** 32
17:11:27.000 Modules scanning
17:12:21.953 Disk 0 trace - called modules:
17:12:22.015 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
17:12:22.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82ed0ab8]
17:12:22.390 3 CLASSPNP.SYS[f86f705b] -> nt!IofCallDriver -> \Device\0000006f[0x82fdcf18]
17:12:22.406 5 ACPI.sys[f866d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fda940]
17:12:24.328 AVAST engine scan C:\WINDOWS
17:13:40.359 AVAST engine scan C:\WINDOWS\system32
17:25:09.312 AVAST engine scan C:\WINDOWS\system32\drivers
17:25:58.765 AVAST engine scan C:\Documents and Settings\User
17:50:11.843 AVAST engine scan C:\Documents and Settings\All Users
18:20:45.687 Scan finished successfully
18:22:06.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
18:22:07.343 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

#41
Essexboy

Posted 29 October 2011 - 09:28 AM

GeekU Moderator

Retired Staff
69,964 posts

Hmm a conflict there I feel - what are the current problems ?

#42
JAM266

Posted 29 October 2011 - 09:32 AM

Member

Topic Starter
Member
32 posts

Computer still running slow I also have a pop up from Microsoft Security Essentials asking if I would like to restart computer for cleanup to be complete.