Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search engines blocked

Started by Cstaffa , Dec 06 2011 12:19 PM

  • Please log in to reply

#1
Cstaffa
Posted 06 December 2011 - 12:19 PM

Cstaffa

    Member

  • Member
  • PipPip
  • 32 posts
Symptoms:
Cannot access google or yahoo search through either Firefox or IE8. Similarly cannot ping search.yahoo.com or www.google.com.

Software:
Running xpPro version 2002 SP3, avast! Pro AV, and SuperAntiSpyware.

History:
Visited fapdu site for JD video. Clicked play, which opened PornHub in another tab. Popup came up with warning, selected Run In Sandbox. Another window opened in the background with some video, including audio, which I closed. Two windows popped up, one running "XP Security 2012", with a fake scan showing virus infections. I restarted the computer from the Windows Start menu. Tried to google "xp security 2012", and google was not found. Similarly with yahoo! search.

Ran SmitFraudFix v2.424, option 2: Clean, in SafeMode; got a lot of Access is Denied messages and the process finished after only a few minutes.
Ran avast! Quick Scan, Full Scan, and Boot Scan. Found nothing relevant.
Ran OTL.exe

Suspected sites, from firefox History:

http://fapdu.com/jay...ing-deep-throat
http://streamate.dou...tdelivery=False
http://www.pornhub.c..._campaign=embed
http://www.fapducams...HNSMTY=471&lp=3
http://www.fapducams...HNSMTY=471&lp=3
http://rts.phn.doubl...tdelivery=False
http://promo.awempir...s=1323154773055
http://creatives.liv...m=REVS&site=jsm


OTL logfile created on: 12/6/2011 12:31:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 48.12% Memory free
2.83 Gb Paging File | 1.59 Gb Available in Paging File | 56.05% Paging File free
Paging file location(s): C:\pagefile.sys 500 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 33.95 Gb Free Space | 45.60% Space Free | Partition Type: NTFS
Drive E: | 7.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.51 Gb Total Space | 866.69 Gb Free Space | 93.04% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 866.69 Gb Free Space | 93.04% Space Free | Partition Type: NTFS
Drive H: | 3.74 Gb Total Space | 3.63 Gb Free Space | 97.05% Space Free | Partition Type: FAT32

Computer Name: DJB7QB1-CDS | User Name: cds | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/06 17:33:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\OTL.exe
PRC - [2011/12/06 12:21:57 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\510eb8af-9012-4d14-8e11-c202b367451a.com
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/28 23:16:06 | 010,087,883 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_BRP4_1.00_windows_intelx86__BRP3SSE.exe
PRC - [2011/09/12 16:45:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/02 03:34:06 | 008,948,719 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\einstein.phys.uwm.edu\hsgamma_FGRP1_0.23_windows_intelx86.exe
PRC - [2011/07/26 09:13:47 | 010,286,511 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_BRP4_1.00_windows_intelx86__BRP3cuda32.exe
PRC - [2010/09/14 15:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
PRC - [2010/09/14 15:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2010/09/14 15:53:20 | 000,660,856 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2010/07/01 12:27:06 | 004,862,720 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2010/07/01 12:27:04 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2010/07/01 12:27:02 | 000,840,448 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinc.exe
PRC - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2009/11/20 16:35:26 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/29 12:34:48 | 007,320,872 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/11/05 11:51:28 | 000,203,965 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\always-on-top.exe
PRC - [2008/09/08 10:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/07/24 14:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/07/24 14:22:12 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/04 09:41:00 | 000,035,328 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/06 12:23:29 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/12/06 12:23:29 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/12/06 11:06:11 | 001,643,008 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11120602\algo.dll
MOD - [2011/12/06 07:40:37 | 001,643,008 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11120601\algo.dll
MOD - [2011/12/05 17:19:20 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11120602\aswRep.dll
MOD - [2011/12/05 17:19:20 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11120601\aswRep.dll
MOD - [2011/10/26 00:09:35 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/10/17 12:17:26 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
MOD - [2011/10/17 12:17:26 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
MOD - [2011/10/17 12:17:25 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2011/10/17 12:17:23 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/10/17 12:14:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/17 12:14:36 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/17 12:14:31 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/17 12:13:57 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/17 12:13:39 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/17 12:12:30 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/17 12:12:13 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2011/10/17 12:12:09 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/09/28 23:16:06 | 010,087,883 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_BRP4_1.00_windows_intelx86__BRP3SSE.exe
MOD - [2011/09/02 03:34:06 | 008,948,719 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\einstein.phys.uwm.edu\hsgamma_FGRP1_0.23_windows_intelx86.exe
MOD - [2011/08/10 02:54:39 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/10 02:52:28 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/07/26 09:13:47 | 010,286,511 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_BRP4_1.00_windows_intelx86__BRP3cuda32.exe
MOD - [2009/12/26 22:36:55 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2009/08/18 11:02:42 | 000,061,952 | ---- | M] () -- C:\Program Files\BOINC\zlib1.dll
MOD - [2008/11/05 11:51:28 | 000,203,965 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\always-on-top.exe
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/07 12:36:34 | 001,953,792 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP Professional\res0409.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (psService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/12 16:45:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/09/14 15:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2010/09/14 15:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2010/05/20 15:06:30 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe -- (HPWJAService)
SRV - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/07/29 05:42:14 | 000,083,240 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2009/01/08 12:16:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/07 19:41:46 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2008/07/24 14:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2006/02/23 11:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/10 01:54:21 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2011/08/03 21:59:35 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/03 21:59:35 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/18 14:18:30 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/20 18:00:10 | 000,089,680 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2009/10/20 18:00:04 | 000,130,640 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec7.sys -- (TotRec7)
DRV - [2008/02/01 15:17:12 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2008/02/01 15:17:06 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2007/06/06 12:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/05/25 14:40:00 | 001,156,808 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2001/10/02 09:41:00 | 000,067,441 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2001/10/02 09:41:00 | 000,050,433 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/10/02 09:41:00 | 000,005,841 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wiseacres.dynalias.com:8080/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://news.yahoo.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@alternatiff.com/AlternaTIFF: C:\Program Files\MIE\AlternaTIFF\npzzatif.dll (Medical Informatics Engineering, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/30 11:51:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/08 19:30:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/26 18:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Mozilla\Extensions
[2011/11/27 23:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Mozilla\Firefox\Profiles\3y5tqzhs.default\extensions
[2011/11/08 19:30:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/07 17:59:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\{902D2C4A-457A-4EF9-AD43-7014562929FF}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\BOOKMARKFAVICONCHANGER@SONTHAKIT.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\SNAPLINKS@SNAPLINKS.MOZDEV.ORG.XPI
[2011/11/30 11:51:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/11/08 19:30:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 19:30:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/06 02:01:10 | 000,001,401 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 216.240.133.193 www.google-analytics.com.
O1 - Hosts: 216.240.133.193 ad-emea.doubleclick.net.
O1 - Hosts: 216.240.133.193 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [Display] C:\Program Files\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe (American Power Conversion Corporation)
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\always-on-top.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SubstG.lnk = C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SUPERAntiSpyware Alternate Start.lnk = C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE (SUPERAdBlocker.com and SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: fastenal.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: marriott.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: solidworks.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([https] in Trusted sites)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...x-w32-2.0.0.cab (AlternaTIFF ActiveX)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} http://pacificbearin...3D/cnsweb3d.cab (PARTsolutions 3D Web Viewer)
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} http://www.3dpublish...ingsEnglish.cab (EModelNonVersionSpecificViewControl Class)
O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} http://www.immdesign.../IPAWebView.cab (Ipa Control)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webi...6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231364466602 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1231364521836 (MUWebControl Class)
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} http://wiseacres.dyn.../WinWebPush.cab (WebWatch Class)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%20LT%202002/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%20LT%202002/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002/InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://zcorpevents....bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEFFEA56-3C42-423E-B553-D7A2DACC5DAA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/19 20:37:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/16 14:03:24 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2008/02/15 15:11:36 | 000,000,052 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/06 12:31:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\OTL.exe
[2011/12/06 01:59:33 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\jcw.exe
[2011/11/07 17:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/06 17:33:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\OTL.exe
[2011/12/06 12:16:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/06 08:50:16 | 2681,892,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/06 08:44:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/06 07:50:52 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix.exe
[2011/12/06 04:44:04 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/06 03:15:44 | 000,004,218 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/12/06 02:48:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 02:01:10 | 000,001,401 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/06 01:59:33 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\jcw.exe
[2011/12/02 19:33:09 | 000,297,397 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\8036EFCB32695EDCE04400144F0104BD.jpeg
[2011/12/02 19:32:47 | 000,304,693 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\a35_aerien_St-Alexandre_6.jpg
[2011/12/02 01:16:19 | 000,218,712 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\000eqkq1.jpg
[2011/12/02 01:08:02 | 000,080,208 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2416491_125_full.jpg
[2011/12/01 17:29:29 | 022,399,585 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\msl20111128-640.mov
[2011/12/01 17:17:34 | 029,903,338 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\msl20111126_launchOnNTV-640.mov
[2011/11/30 11:51:20 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/28 12:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/27 23:57:41 | 030,797,223 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\Alchemical-Sigils-Symbols.pdf
[2011/11/19 01:24:35 | 013,812,424 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\iPod_nano_6thgen_User_Guide.pdf
[2011/11/17 01:19:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/15 20:01:48 | 000,024,529 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\boinca.png
[2011/11/14 20:30:39 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2009 SP4.1.lnk
[2011/11/14 13:01:10 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/07 17:57:25 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/07 17:56:32 | 000,491,354 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 17:56:32 | 000,090,246 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/06 03:18:04 | 2681,892,864 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/06 02:50:38 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix.exe
[2011/12/02 19:33:08 | 000,297,397 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\8036EFCB32695EDCE04400144F0104BD.jpeg
[2011/12/02 19:32:46 | 000,304,693 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\a35_aerien_St-Alexandre_6.jpg
[2011/12/02 01:16:16 | 000,218,712 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\000eqkq1.jpg
[2011/12/02 01:08:00 | 000,080,208 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2416491_125_full.jpg
[2011/12/01 17:24:55 | 022,399,585 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\msl20111128-640.mov
[2011/12/01 17:08:21 | 029,903,338 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\msl20111126_launchOnNTV-640.mov
[2011/11/27 23:57:39 | 030,797,223 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\Alchemical-Sigils-Symbols.pdf
[2011/11/19 01:24:35 | 013,812,424 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\iPod_nano_6thgen_User_Guide.pdf
[2011/11/15 20:01:48 | 000,024,529 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\boinca.png
[2011/11/07 17:57:25 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/10 15:53:26 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011/06/26 18:37:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/23 20:04:27 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/23 20:04:25 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/23 20:04:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/23 20:04:01 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/12/15 15:55:15 | 000,393,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/22 12:30:39 | 000,000,135 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2010/07/29 17:54:47 | 000,000,536 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/20 23:05:09 | 000,000,410 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\burnaware.ini
[2009/12/13 21:47:10 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/12/13 21:47:10 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/12/13 21:22:35 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/12/13 21:21:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/12/13 19:18:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/12/04 15:56:03 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/04 15:56:03 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\FASTApp.html
[2009/12/04 14:37:36 | 000,015,006 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\FASTWiz.html
[2009/10/19 16:56:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/10/11 23:20:20 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/02 16:23:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/06/18 13:49:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/04/02 12:42:52 | 000,000,047 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2009/02/20 17:10:20 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/18 18:06:12 | 000,001,340 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/02/18 18:06:12 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/02/18 18:06:12 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd9440cn.dat
[2009/02/18 18:04:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/02/18 18:04:18 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/02/18 18:04:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BAOCH06A.DAT
[2009/02/18 18:04:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/02/18 18:02:13 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/10 17:32:12 | 000,000,023 | ---- | C] () -- C:\WINDOWS\bo9440cn.ini
[2009/02/10 17:31:57 | 000,000,435 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/02/10 17:31:57 | 000,000,105 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/01/09 19:36:12 | 000,000,524 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/01/07 22:00:36 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2009/01/07 22:00:36 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2009/01/07 19:42:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/11/24 20:20:16 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/19 20:39:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/19 20:35:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/19 15:28:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/19 15:28:07 | 000,380,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/05 03:52:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/21 20:46:34 | 000,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2007/01/07 12:43:12 | 000,143,360 | ---- | C] () -- C:\WINDOWS\libexpat.dll
[2005/11/23 04:00:00 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/12 21:57:10 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/04 12:52:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/04/04 12:35:24 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/02/04 03:59:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\metaflac.exe
[2005/02/04 03:59:44 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\flac.exe
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,491,354 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,090,246 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/06/23 18:36:04 | 000,442,880 | ---- | C] () -- C:\WINDOWS\System32\VFAPIConv.exe
[2002/06/17 19:36:10 | 000,482,816 | ---- | C] () -- C:\WINDOWS\System32\VFCodec.dll
[2001/04/23 03:15:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mtstack.exe
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 07 December 2011 - 01:27 AM

RKinner

    Malware Expert

  • Expert
  • 19,773 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Uninstall Symantec if you haven't already.
Run the Norton Removal tool.
Reboot.


Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
[2011/12/06 01:59:33 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\jcw.exe

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config psService start= disabled /c
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.exe
     
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Open OTL again and select the Use All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Ron
  • 0

#3
Cstaffa
Posted 07 December 2011 - 03:55 AM

Cstaffa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I accidentally ran the OTL custom fix before the Norton Removal Tool. I hope that doesn't make much difference. Here are the logs in order:

ComboFix 11-12-06.01 - cds 12/07/2011 2:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1878 [GMT -5:00]
Running from: c:\documents and settings\cds.DJB7QB1-CDS.000\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\jcw.exe
c:\documents and settings\cds.DJB7QB1-CDS.000\My Documents\~WRL0003.tmp
c:\documents and settings\cds.NPA\WINDOWS
c:\windows\CSC\d6
c:\windows\dasetup.log
c:\windows\EventSystem.log
c:\windows\jestertb.dll
c:\windows\system32\drivers\hwinterface.sys
c:\windows\system32\tmp.reg
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_hwinterface
-------\Service_hwinterface
.
.
((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-12-07 03:22 . 2011-12-07 03:22 -------- d-----w- c:\documents and settings\cds.DJB7QB1-CDS.000\Application Data\ElevatedDiagnostics
2011-12-06 23:01 . 2011-12-06 23:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-06 19:50 . 2011-12-06 19:51 -------- d-----w- c:\program files\trend micro
2011-12-06 19:50 . 2011-12-06 19:51 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2011-08-11 20:42 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-01-21 15:19 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-08-11 20:42 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-01-21 15:19 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-01-21 15:19 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-01-21 15:19 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-01-21 15:19 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-01-21 15:19 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-01-21 15:19 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-01-21 15:19 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-17 06:19 . 2011-06-02 00:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2008-11-20 01:35 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2007-10-09 18:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-09 00:30 . 2011-06-26 23:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2009-07-29 7320872]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-10-04 35328]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-20 198160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2010-07-01 4862720]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2010-07-01 58112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
always-on-top.exe [2008-11-5 203965]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
SubstG.lnk - c:\windows\system32\cmd.exe [2004-8-4 389120]
SUPERAntiSpyware Alternate Start.lnk - c:\program files\SUPERAntiSpyware\RUNSAS.EXE [2008-11-3 313728]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/11/2011 3:42 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/21/2010 10:19 AM 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/12/2009 9:24 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/4/2010 3:25 PM 116608]
R2 APC Data Service;APC Data Service;c:\program files\APC\APC PowerChute Personal Edition\dataserv.exe [9/14/2010 3:54 PM 21880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/21/2010 10:19 AM 20568]
R2 MSSQL$HPWJA;SQL Server (HPWJA);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 5:29 PM 29293408]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [12/16/2009 10:11 AM 65856]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/18/2009 8:51 PM 24652]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 2:22 PM 102400]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2/23/2010 12:19 PM 130640]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2/23/2010 12:19 PM 89680]
S0 oiaodjt;oiaodjt;c:\windows\system32\drivers\vprjee.sys --> c:\windows\system32\drivers\vprjee.sys [?]
S2 psService;Prosoft Data Backup PC3 Backup/Copy Engine;"c:\program files\Prosoft\Prosoft Data Backup PC3\psService.exe" --> c:\program files\Prosoft\Prosoft Data Backup PC3\psService.exe [?]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks\SolidWorks\swScheduler\DTSCoordinatorService.exe [7/29/2009 5:42 AM 83240]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2/22/2010 2:14 AM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2/22/2010 2:14 AM 8320]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 12872]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2009 3:32 AM 0]
S4 HPWJAService;HPWJA Service;c:\program files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe [5/20/2010 3:06 PM 45056]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 03:23]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 03:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wiseacres.dynalias.com:8080/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: fastenal.com\www
Trusted Zone: marriott.com\www
Trusted Zone: microsoft.com
Trusted Zone: solidworks.com\www
TCP: DhcpNameServer = 192.168.1.1
DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://pacificbearing.sp02.partcommunity.com/PARTcommunity/portal/all/cnsViewer3D/cnsweb3d.cab
DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} - hxxp://www.immdesign.com/webview/IPAWebView.cab
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://wiseacres.dynalias.com:8080/Ctl/WinWebPush.cab
FF - ProfilePath - c:\documents and settings\cds.DJB7QB1-CDS.000\Application Data\Mozilla\Firefox\Profiles\3y5tqzhs.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Notify-NavLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 03:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\cds.DJB7QB1-CDS.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\cds.DJB7QB1-CDS.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
.
- - - - - - - > 'explorer.exe'(2504)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LgMousHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\All Users\Start Menu\Programs\Startup\always-on-top.exe
c:\program files\BOINC\boinc.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Completion time: 2011-12-07 03:19:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-07 08:19
.
Pre-Run: 35,283,832,832 bytes free
Post-Run: 36,656,365,568 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /PAE
.
- - End Of File - - F0F7F51DD23A9D2B1A608BCC6B437B8E

03:23:36.0796 2320 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
03:23:36.0937 2320 ============================================================
03:23:36.0937 2320 Current date / time: 2011/12/07 03:23:36.0937
03:23:36.0937 2320 SystemInfo:
03:23:36.0937 2320
03:23:36.0937 2320 OS Version: 5.1.2600 ServicePack: 3.0
03:23:36.0937 2320 Product type: Workstation
03:23:36.0937 2320 ComputerName: DJB7QB1-CDS
03:23:36.0937 2320 UserName: cds
03:23:36.0937 2320 Windows directory: C:\WINDOWS
03:23:36.0937 2320 System windows directory: C:\WINDOWS
03:23:36.0937 2320 Processor architecture: Intel x86
03:23:36.0937 2320 Number of processors: 2
03:23:36.0937 2320 Page size: 0x1000
03:23:36.0937 2320 Boot type: Normal boot
03:23:36.0937 2320 ============================================================
03:23:37.0187 2320 Initialize success
03:23:43.0703 3848 ============================================================
03:23:43.0703 3848 Scan started
03:23:43.0703 3848 Mode: Manual;
03:23:43.0703 3848 ============================================================
03:23:44.0015 3848 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
03:23:44.0031 3848 Aavmker4 - ok
03:23:44.0046 3848 Abiosdsk - ok
03:23:44.0062 3848 abp480n5 - ok
03:23:44.0125 3848 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:23:44.0140 3848 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 25a0e4c6de3d09685fbb763fae90847b
03:23:44.0140 3848 ACPI ( Virus.Win32.Rloader.a ) - infected
03:23:44.0140 3848 ACPI - detected Virus.Win32.Rloader.a (0)
03:23:44.0187 3848 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
03:23:44.0203 3848 ACPIEC - ok
03:23:44.0203 3848 adpu160m - ok
03:23:44.0250 3848 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
03:23:44.0250 3848 aec - ok
03:23:44.0312 3848 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
03:23:44.0328 3848 AFD - ok
03:23:44.0328 3848 Aha154x - ok
03:23:44.0328 3848 aic78u2 - ok
03:23:44.0343 3848 aic78xx - ok
03:23:44.0359 3848 AliIde - ok
03:23:44.0359 3848 amsint - ok
03:23:44.0421 3848 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
03:23:44.0421 3848 Arp1394 - ok
03:23:44.0437 3848 asc - ok
03:23:44.0437 3848 asc3350p - ok
03:23:44.0453 3848 asc3550 - ok
03:23:44.0484 3848 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
03:23:44.0500 3848 aswFsBlk - ok
03:23:44.0500 3848 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
03:23:44.0500 3848 aswMon2 - ok
03:23:44.0578 3848 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
03:23:44.0578 3848 aswRdr - ok
03:23:44.0656 3848 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
03:23:44.0656 3848 aswSnx - ok
03:23:44.0671 3848 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
03:23:44.0687 3848 aswSP - ok
03:23:44.0734 3848 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
03:23:44.0734 3848 aswTdi - ok
03:23:44.0796 3848 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:23:44.0796 3848 AsyncMac - ok
03:23:44.0812 3848 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
03:23:44.0812 3848 atapi - ok
03:23:44.0812 3848 Atdisk - ok
03:23:44.0859 3848 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:23:44.0859 3848 Atmarpc - ok
03:23:44.0921 3848 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
03:23:44.0921 3848 audstub - ok
03:23:44.0984 3848 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
03:23:44.0984 3848 b57w2k - ok
03:23:45.0046 3848 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
03:23:45.0046 3848 Beep - ok
03:23:45.0109 3848 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
03:23:45.0109 3848 BrScnUsb - ok
03:23:45.0250 3848 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
03:23:45.0250 3848 BrSerIf - ok
03:23:45.0343 3848 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
03:23:45.0343 3848 BrUsbSer - ok
03:23:45.0375 3848 catchme - ok
03:23:45.0468 3848 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
03:23:45.0468 3848 cbidf2k - ok
03:23:45.0484 3848 cd20xrnt - ok
03:23:45.0546 3848 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
03:23:45.0546 3848 Cdaudio - ok
03:23:45.0593 3848 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
03:23:45.0593 3848 Cdfs - ok
03:23:45.0625 3848 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:23:45.0625 3848 Cdrom - ok
03:23:45.0687 3848 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
03:23:45.0703 3848 cercsr6 - ok
03:23:45.0703 3848 Changer - ok
03:23:45.0718 3848 CmdIde - ok
03:23:45.0750 3848 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
03:23:45.0750 3848 Compbatt - ok
03:23:45.0750 3848 Cpqarray - ok
03:23:45.0765 3848 dac2w2k - ok
03:23:45.0781 3848 dac960nt - ok
03:23:45.0781 3848 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
03:23:45.0781 3848 Disk - ok
03:23:45.0843 3848 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
03:23:45.0890 3848 dmboot - ok
03:23:45.0906 3848 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
03:23:45.0921 3848 dmio - ok
03:23:45.0921 3848 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
03:23:45.0921 3848 dmload - ok
03:23:45.0937 3848 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
03:23:45.0937 3848 DMusic - ok
03:23:45.0953 3848 dpti2o - ok
03:23:45.0968 3848 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
03:23:45.0968 3848 drmkaud - ok
03:23:46.0000 3848 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
03:23:46.0000 3848 Fastfat - ok
03:23:46.0062 3848 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
03:23:46.0062 3848 Fdc - ok
03:23:46.0062 3848 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
03:23:46.0062 3848 Fips - ok
03:23:46.0078 3848 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
03:23:46.0078 3848 Flpydisk - ok
03:23:46.0140 3848 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
03:23:46.0140 3848 FltMgr - ok
03:23:46.0156 3848 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:23:46.0156 3848 Fs_Rec - ok
03:23:46.0171 3848 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:23:46.0171 3848 Ftdisk - ok
03:23:46.0203 3848 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
03:23:46.0203 3848 giveio - ok
03:23:46.0234 3848 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:23:46.0234 3848 Gpc - ok
03:23:46.0250 3848 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
03:23:46.0250 3848 HDAudBus - ok
03:23:46.0281 3848 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
03:23:46.0281 3848 HidBatt - ok
03:23:46.0359 3848 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:23:46.0359 3848 hidusb - ok
03:23:46.0375 3848 hpn - ok
03:23:46.0437 3848 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
03:23:46.0437 3848 HTTP - ok
03:23:46.0531 3848 i2omgmt - ok
03:23:46.0546 3848 i2omp - ok
03:23:46.0609 3848 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:23:46.0609 3848 i8042prt - ok
03:23:46.0640 3848 iastor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
03:23:46.0656 3848 iastor - ok
03:23:46.0687 3848 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
03:23:46.0687 3848 Imapi - ok
03:23:46.0703 3848 ini910u - ok
03:23:46.0718 3848 IntelIde - ok
03:23:46.0781 3848 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:23:46.0781 3848 intelppm - ok
03:23:46.0796 3848 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
03:23:46.0796 3848 Ip6Fw - ok
03:23:46.0859 3848 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:23:46.0859 3848 IpFilterDriver - ok
03:23:46.0890 3848 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:23:46.0890 3848 IpInIp - ok
03:23:46.0906 3848 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:23:46.0906 3848 IpNat - ok
03:23:46.0921 3848 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:23:46.0921 3848 IPSec - ok
03:23:46.0953 3848 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
03:23:46.0953 3848 IRENUM - ok
03:23:46.0968 3848 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:23:46.0968 3848 isapnp - ok
03:23:46.0968 3848 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:23:46.0968 3848 Kbdclass - ok
03:23:46.0984 3848 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:23:46.0984 3848 kbdhid - ok
03:23:47.0015 3848 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
03:23:47.0015 3848 kmixer - ok
03:23:47.0078 3848 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
03:23:47.0093 3848 KSecDD - ok
03:23:47.0093 3848 l8042pr2 (2e5bf125406324d289de17ed9ab6e232) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
03:23:47.0093 3848 l8042pr2 - ok
03:23:47.0109 3848 lbrtfdc - ok
03:23:47.0125 3848 LKbdFlt2 (3f8d827943fc4489eb1e4cc03799b581) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
03:23:47.0125 3848 LKbdFlt2 - ok
03:23:47.0125 3848 LMouFlt2 (a24b919082a553f2d7da3a39aaaeb50b) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
03:23:47.0125 3848 LMouFlt2 - ok
03:23:47.0156 3848 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
03:23:47.0156 3848 mnmdd - ok
03:23:47.0187 3848 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
03:23:47.0187 3848 Modem - ok
03:23:47.0203 3848 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:23:47.0218 3848 Mouclass - ok
03:23:47.0250 3848 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:23:47.0250 3848 mouhid - ok
03:23:47.0250 3848 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
03:23:47.0265 3848 MountMgr - ok
03:23:47.0265 3848 mraid35x - ok
03:23:47.0281 3848 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:23:47.0281 3848 MRxDAV - ok
03:23:47.0328 3848 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:23:47.0343 3848 MRxSmb - ok
03:23:47.0421 3848 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
03:23:47.0421 3848 Msfs - ok
03:23:47.0515 3848 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:23:47.0515 3848 MSKSSRV - ok
03:23:47.0531 3848 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:23:47.0531 3848 MSPCLOCK - ok
03:23:47.0546 3848 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
03:23:47.0546 3848 MSPQM - ok
03:23:47.0609 3848 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:23:47.0609 3848 mssmbios - ok
03:23:47.0656 3848 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
03:23:47.0656 3848 Mup - ok
03:23:47.0671 3848 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
03:23:47.0671 3848 NDIS - ok
03:23:47.0703 3848 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:23:47.0718 3848 NdisTapi - ok
03:23:47.0718 3848 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:23:47.0718 3848 Ndisuio - ok
03:23:47.0734 3848 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:23:47.0734 3848 NdisWan - ok
03:23:47.0765 3848 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
03:23:47.0765 3848 NDProxy - ok
03:23:47.0781 3848 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
03:23:47.0781 3848 NetBIOS - ok
03:23:47.0812 3848 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
03:23:47.0812 3848 NetBT - ok
03:23:47.0843 3848 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
03:23:47.0843 3848 NIC1394 - ok
03:23:47.0906 3848 nmwcdnsu (be7fd9ca07e7d39f77c78ba5756930d9) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
03:23:47.0906 3848 nmwcdnsu - ok
03:23:47.0937 3848 nmwcdnsuc (94651f5808d3328d28ef967a9e853b8f) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
03:23:47.0953 3848 nmwcdnsuc - ok
03:23:47.0984 3848 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
03:23:47.0984 3848 Npfs - ok
03:23:48.0000 3848 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
03:23:48.0000 3848 Ntfs - ok
03:23:48.0062 3848 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
03:23:48.0062 3848 Null - ok
03:23:48.0421 3848 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
03:23:48.0703 3848 nv - ok
03:23:48.0750 3848 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:23:48.0750 3848 NwlnkFlt - ok
03:23:48.0765 3848 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:23:48.0765 3848 NwlnkFwd - ok
03:23:48.0765 3848 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
03:23:48.0781 3848 ohci1394 - ok
03:23:48.0781 3848 oiaodjt - ok
03:23:48.0812 3848 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
03:23:48.0812 3848 Parport - ok
03:23:48.0812 3848 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
03:23:48.0812 3848 PartMgr - ok
03:23:48.0875 3848 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
03:23:48.0875 3848 ParVdm - ok
03:23:48.0953 3848 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
03:23:48.0953 3848 PCI - ok
03:23:48.0968 3848 PCIDump - ok
03:23:49.0000 3848 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
03:23:49.0000 3848 PCIIde - ok
03:23:49.0046 3848 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
03:23:49.0046 3848 Pcmcia - ok
03:23:49.0078 3848 PDCOMP - ok
03:23:49.0078 3848 PDFRAME - ok
03:23:49.0093 3848 PDRELI - ok
03:23:49.0093 3848 PDRFRAME - ok
03:23:49.0109 3848 perc2 - ok
03:23:49.0109 3848 perc2hib - ok
03:23:49.0156 3848 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:23:49.0156 3848 PptpMiniport - ok
03:23:49.0265 3848 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
03:23:49.0265 3848 PSched - ok
03:23:49.0328 3848 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:23:49.0328 3848 Ptilink - ok
03:23:49.0328 3848 ql1080 - ok
03:23:49.0343 3848 Ql10wnt - ok
03:23:49.0343 3848 ql12160 - ok
03:23:49.0359 3848 ql1240 - ok
03:23:49.0359 3848 ql1280 - ok
03:23:49.0375 3848 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:23:49.0375 3848 RasAcd - ok
03:23:49.0421 3848 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:23:49.0421 3848 Rasl2tp - ok
03:23:49.0421 3848 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:23:49.0421 3848 RasPppoe - ok
03:23:49.0437 3848 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
03:23:49.0437 3848 Raspti - ok
03:23:49.0453 3848 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:23:49.0453 3848 Rdbss - ok
03:23:49.0468 3848 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:23:49.0468 3848 RDPCDD - ok
03:23:49.0484 3848 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:23:49.0484 3848 rdpdr - ok
03:23:49.0531 3848 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
03:23:49.0546 3848 RDPWD - ok
03:23:49.0578 3848 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
03:23:49.0578 3848 redbook - ok
03:23:49.0734 3848 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
03:23:49.0734 3848 SASDIFSV - ok
03:23:49.0796 3848 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
03:23:49.0796 3848 SASENUM - ok
03:23:49.0812 3848 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
03:23:49.0812 3848 SASKUTIL - ok
03:23:49.0843 3848 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
03:23:49.0843 3848 sbp2port - ok
03:23:49.0890 3848 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:23:49.0890 3848 Secdrv - ok
03:23:49.0906 3848 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
03:23:49.0906 3848 serenum - ok
03:23:49.0906 3848 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
03:23:49.0906 3848 Serial - ok
03:23:49.0937 3848 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
03:23:49.0953 3848 Sfloppy - ok
03:23:49.0953 3848 Simbad - ok
03:23:50.0015 3848 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
03:23:50.0015 3848 SONYPVU1 - ok
03:23:50.0031 3848 Sparrow - ok
03:23:50.0109 3848 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
03:23:50.0109 3848 speedfan - ok
03:23:50.0156 3848 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
03:23:50.0156 3848 splitter - ok
03:23:50.0171 3848 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
03:23:50.0171 3848 sr - ok
03:23:50.0234 3848 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
03:23:50.0250 3848 Srv - ok
03:23:50.0343 3848 STHDA (9db5dbed65f2d74acd1d20a53898af79) C:\WINDOWS\system32\drivers\sthda.sys
03:23:50.0343 3848 STHDA - ok
03:23:50.0406 3848 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
03:23:50.0406 3848 StillCam - ok
03:23:50.0484 3848 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
03:23:50.0484 3848 swenum - ok
03:23:50.0500 3848 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
03:23:50.0515 3848 swmidi - ok
03:23:50.0515 3848 symc810 - ok
03:23:50.0531 3848 symc8xx - ok
03:23:50.0531 3848 sym_hi - ok
03:23:50.0546 3848 sym_u3 - ok
03:23:50.0562 3848 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
03:23:50.0562 3848 sysaudio - ok
03:23:50.0656 3848 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:23:50.0656 3848 Tcpip - ok
03:23:50.0703 3848 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
03:23:50.0703 3848 TDPIPE - ok
03:23:50.0718 3848 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
03:23:50.0718 3848 TDTCP - ok
03:23:50.0796 3848 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
03:23:50.0796 3848 TermDD - ok
03:23:50.0812 3848 TosIde - ok
03:23:50.0875 3848 TotRec7 (cb847e385ad960d9070737e50aaa0d75) C:\WINDOWS\system32\drivers\TotRec7.sys
03:23:50.0890 3848 TotRec7 - ok
03:23:50.0906 3848 TotRec8 (f7937fc27cbaf6d5e8e05bd36b205012) C:\WINDOWS\system32\drivers\TotRec8.sys
03:23:50.0906 3848 TotRec8 - ok
03:23:50.0906 3848 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
03:23:50.0921 3848 Udfs - ok
03:23:50.0921 3848 ultra - ok
03:23:50.0984 3848 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
03:23:50.0984 3848 Update - ok
03:23:51.0062 3848 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:23:51.0062 3848 usbccgp - ok
03:23:51.0093 3848 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:23:51.0093 3848 usbehci - ok
03:23:51.0125 3848 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:23:51.0125 3848 usbhub - ok
03:23:51.0156 3848 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
03:23:51.0156 3848 usbprint - ok
03:23:51.0218 3848 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:23:51.0218 3848 USBSTOR - ok
03:23:51.0281 3848 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:23:51.0281 3848 usbuhci - ok
03:23:51.0296 3848 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
03:23:51.0296 3848 VgaSave - ok
03:23:51.0296 3848 ViaIde - ok
03:23:51.0359 3848 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
03:23:51.0359 3848 VolSnap - ok
03:23:51.0375 3848 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:23:51.0375 3848 Wanarp - ok
03:23:51.0390 3848 WDC_SAM - ok
03:23:51.0390 3848 WDICA - ok
03:23:51.0406 3848 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
03:23:51.0406 3848 wdmaud - ok
03:23:51.0484 3848 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:23:51.0500 3848 WudfPf - ok
03:23:51.0546 3848 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:23:51.0546 3848 WudfRd - ok
03:23:51.0593 3848 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
03:23:51.0671 3848 \Device\Harddisk0\DR0 - ok
03:23:51.0687 3848 Boot (0x1200) (3032963acac2bf7f4f552f8d9bffb68f) \Device\Harddisk0\DR0\Partition0
03:23:51.0687 3848 \Device\Harddisk0\DR0\Partition0 - ok
03:23:51.0687 3848 ============================================================
03:23:51.0687 3848 Scan finished
03:23:51.0687 3848 ============================================================
03:23:51.0687 1912 Detected object count: 1
03:23:51.0687 1912 Actual detected object count: 1
03:24:43.0671 1912 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
03:24:43.0671 1912 ACPI ( Virus.Win32.Rloader.a ) - User select action: Quarantine
03:24:51.0046 4088 Deinitialize success

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-07 03:26:29
-----------------------------
03:26:29.890 OS Version: Windows 5.1.2600 Service Pack 3
03:26:29.890 Number of processors: 2 586 0xF06
03:26:29.890 ComputerName: DJB7QB1-CDS UserName: cds
03:26:30.453 Initialize success
03:26:30.500 AVAST engine defs: 11120602
03:27:07.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
03:27:07.328 Disk 0 Vendor: WDC_WD80 10.0 Size: 76293MB BusType: 3
03:27:07.343 Disk 0 MBR read successfully
03:27:07.343 Disk 0 MBR scan
03:27:07.343 Disk 0 Windows XP default MBR code
03:27:07.359 Disk 0 scanning sectors +156232125
03:27:07.437 Disk 0 scanning C:\WINDOWS\system32\drivers
03:27:22.265 Service scanning
03:27:22.546 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
03:27:23.171 Modules scanning
03:27:27.984 AVAST engine scan C:\WINDOWS
03:27:41.781 AVAST engine scan C:\WINDOWS\system32
03:29:31.187 AVAST engine scan C:\WINDOWS\system32\drivers
03:29:47.328 AVAST engine scan C:\Documents and Settings\cds.DJB7QB1-CDS.000
03:40:09.015 AVAST engine scan C:\Documents and Settings\All Users
03:42:11.875 Scan finished successfully
03:42:46.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\MBR.dat"
03:42:46.203 The log file has been saved successfully to "C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\aswMBR.txt"

The Fix button was not enabled.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8326

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/7/2011 4:02:59 AM
mbam-log-2011-12-07 (04-02-59).txt

Scan type: Quick scan
Objects scanned: 210936
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

========== PROCESSES ==========
All processes killed
========== OTL ==========
File C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\jcw.exe not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\cmd.txt deleted successfully.
< sc config psService start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12072011_040809

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 12/7/2011 4:36:55 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 77.92% Memory free
2.83 Gb Paging File | 2.29 Gb Available in Paging File | 80.92% Paging File free
Paging file location(s): C:\pagefile.sys 500 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 34.17 Gb Free Space | 45.89% Space Free | Partition Type: NTFS
Drive E: | 7.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.51 Gb Total Space | 866.68 Gb Free Space | 93.04% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 866.68 Gb Free Space | 93.04% Space Free | Partition Type: NTFS

Computer Name: DJB7QB1-CDS | User Name: cds | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/06 17:33:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\OTL.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/12 16:45:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/30 12:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/08/30 12:24:53 | 000,144,832 | ---- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrodist.exe
PRC - [2010/09/14 15:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
PRC - [2010/09/14 15:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2010/09/14 15:53:20 | 000,660,856 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2010/07/01 12:27:06 | 004,862,720 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2010/07/01 12:27:04 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2010/07/01 12:27:02 | 000,840,448 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinc.exe
PRC - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2009/11/20 16:35:26 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/29 12:34:48 | 007,320,872 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2009/01/08 12:16:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/11/05 11:51:28 | 000,203,965 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\always-on-top.exe
PRC - [2008/09/08 10:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/07/24 14:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/07/24 14:22:12 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/04 09:41:00 | 000,035,328 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/06 11:06:11 | 001,643,008 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11120602\algo.dll
MOD - [2011/12/05 17:19:20 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11120602\aswRep.dll
MOD - [2011/10/17 12:17:26 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
MOD - [2011/10/17 12:17:26 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
MOD - [2011/10/17 12:17:25 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2011/10/17 12:17:23 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/10/17 12:14:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/17 12:14:36 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/17 12:14:31 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/17 12:13:57 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/17 12:13:39 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/17 12:12:30 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/17 12:12:13 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2011/10/17 12:12:09 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/08/10 02:52:28 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2009/12/26 22:36:55 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2009/08/18 11:02:42 | 000,061,952 | ---- | M] () -- C:\Program Files\BOINC\zlib1.dll
MOD - [2009/08/04 13:33:23 | 000,389,120 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeXMP.dll
MOD - [2008/11/05 11:51:28 | 000,203,965 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\always-on-top.exe
MOD - [2007/12/07 12:36:34 | 001,953,792 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP Professional\res0409.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (psService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/12 16:45:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/09/14 15:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2010/09/14 15:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2010/05/20 15:06:30 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe -- (HPWJAService)
SRV - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/07/29 05:42:14 | 000,083,240 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2009/01/08 12:16:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/07 19:41:46 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2008/07/24 14:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/03 21:59:35 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/03 21:59:35 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/18 14:18:30 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/20 18:00:10 | 000,089,680 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2009/10/20 18:00:04 | 000,130,640 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec7.sys -- (TotRec7)
DRV - [2008/04/13 13:36:35 | 000,187,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/02/01 15:17:12 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2008/02/01 15:17:06 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2007/06/06 12:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/05/25 14:40:00 | 001,156,808 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2001/10/02 09:41:00 | 000,067,441 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2001/10/02 09:41:00 | 000,050,433 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/10/02 09:41:00 | 000,005,841 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wiseacres.dynalias.com:8080/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://news.yahoo.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@alternatiff.com/AlternaTIFF: C:\Program Files\MIE\AlternaTIFF\npzzatif.dll (Medical Informatics Engineering, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/30 11:51:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/08 19:30:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/26 18:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Mozilla\Extensions
[2011/11/27 23:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Mozilla\Firefox\Profiles\3y5tqzhs.default\extensions
[2011/11/08 19:30:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/07 17:59:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\{902D2C4A-457A-4EF9-AD43-7014562929FF}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\BOOKMARKFAVICONCHANGER@SONTHAKIT.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\SNAPLINKS@SNAPLINKS.MOZDEV.ORG.XPI
[2011/11/30 11:51:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/11/08 19:30:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 19:30:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/07 04:08:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\always-on-top.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SubstG.lnk = C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SUPERAntiSpyware Alternate Start.lnk = C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE (SUPERAdBlocker.com and SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: fastenal.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: marriott.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: solidworks.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([https] in Trusted sites)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...x-w32-2.0.0.cab (AlternaTIFF ActiveX)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} http://pacificbearin...3D/cnsweb3d.cab (PARTsolutions 3D Web Viewer)
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} http://www.3dpublish...ingsEnglish.cab (EModelNonVersionSpecificViewControl Class)
O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} http://www.immdesign.../IPAWebView.cab (Ipa Control)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webi...6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231364466602 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1231364521836 (MUWebControl Class)
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} http://wiseacres.dyn.../WinWebPush.cab (WebWatch Class)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%20LT%202002/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%20LT%202002/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002/InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://zcorpevents....bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEFFEA56-3C42-423E-B553-D7A2DACC5DAA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/19 20:37:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/16 14:03:24 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2008/02/15 15:11:36 | 000,000,052 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/07 04:33:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/07 04:08:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/07 03:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/07 03:54:48 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/07 03:53:38 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/07 03:24:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/07 02:43:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/07 02:40:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/07 02:40:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/07 02:40:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/07 02:40:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/07 02:39:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/07 02:39:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/07 02:39:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/07 02:37:24 | 004,328,480 | R--- | C] (Swearware) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\ComboFix.exe
[2011/12/06 22:35:54 | 006,776,168 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\WindowsUpdateAgent30-x86.exe
[2011/12/06 22:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\ElevatedDiagnostics
[2011/12/06 22:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/12/06 22:21:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/12/06 22:07:57 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\aswMBR.exe
[2011/12/06 17:34:02 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\tdsskiller.exe
[2011/12/06 14:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/12/06 14:50:33 | 000,000,000 | ---D | C] -- C:\rsit
[2011/12/06 12:31:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\OTL.exe
[2011/11/07 17:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/07 04:34:12 | 000,149,638 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\Search engines blocked.pdf
[2011/12/07 04:24:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/07 04:24:07 | 2681,892,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/07 04:16:42 | 000,920,384 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\Norton_Removal_Tool.exe
[2011/12/07 04:08:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/07 04:05:41 | 000,065,331 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\Diskmgmt.jpg
[2011/12/07 03:54:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/07 03:53:20 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/07 03:44:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/07 03:42:46 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\MBR.dat
[2011/12/07 03:26:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\aswMBR.exe
[2011/12/07 03:22:40 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\tdsskiller.exe
[2011/12/07 02:43:50 | 000,000,332 | RHS- | M] () -- C:\boot.ini
[2011/12/07 02:38:09 | 004,328,480 | R--- | M] (Swearware) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\ComboFix.exe
[2011/12/07 00:29:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/06 22:35:57 | 006,776,168 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\WindowsUpdateAgent30-x86.exe
[2011/12/06 21:22:40 | 000,381,631 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\MiniToolBox.exe
[2011/12/06 17:33:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\OTL.exe
[2011/12/06 14:52:07 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\vgiybb01.exe
[2011/12/06 14:49:32 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\RSIT.exe
[2011/12/06 07:50:52 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix.exe
[2011/12/06 04:44:04 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/06 02:01:10 | 000,001,401 | -HS- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\fooey
[2011/12/02 19:33:09 | 000,297,397 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\8036EFCB32695EDCE04400144F0104BD.jpeg
[2011/12/02 19:32:47 | 000,304,693 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\a35_aerien_St-Alexandre_6.jpg
[2011/12/02 01:16:19 | 000,218,712 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\000eqkq1.jpg
[2011/12/02 01:08:02 | 000,080,208 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2416491_125_full.jpg
[2011/12/01 17:29:29 | 022,399,585 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\msl20111128-640.mov
[2011/12/01 17:17:34 | 029,903,338 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\msl20111126_launchOnNTV-640.mov
[2011/11/30 11:51:20 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/28 12:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/27 23:57:41 | 030,797,223 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\Alchemical-Sigils-Symbols.pdf
[2011/11/19 01:24:35 | 013,812,424 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\iPod_nano_6thgen_User_Guide.pdf
[2011/11/17 01:19:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/15 20:01:48 | 000,024,529 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\boinca.png
[2011/11/14 20:30:39 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2009 SP4.1.lnk
[2011/11/14 13:05:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/07 17:57:25 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/07 17:56:32 | 000,491,354 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 17:56:32 | 000,090,246 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/07 04:34:12 | 000,149,638 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\Search engines blocked.pdf
[2011/12/07 04:16:35 | 000,920,384 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\Norton_Removal_Tool.exe
[2011/12/07 04:05:41 | 000,065,331 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\Diskmgmt.jpg
[2011/12/07 03:54:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/07 03:42:46 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\MBR.dat
[2011/12/07 02:43:49 | 000,000,216 | ---- | C] () -- C:\Boot.bak
[2011/12/07 02:43:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/07 02:40:00 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/07 02:40:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/07 02:40:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/07 02:40:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/07 02:40:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/06 20:16:13 | 2681,892,864 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/06 17:34:05 | 000,381,631 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\MiniToolBox.exe
[2011/12/06 14:52:07 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\vgiybb01.exe
[2011/12/06 14:49:32 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\RSIT.exe
[2011/12/06 02:50:38 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix.exe
[2011/12/02 19:33:08 | 000,297,397 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\8036EFCB32695EDCE04400144F0104BD.jpeg
[2011/12/02 19:32:46 | 000,304,693 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\a35_aerien_St-Alexandre_6.jpg
[2011/12/02 01:16:16 | 000,218,712 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\000eqkq1.jpg
[2011/12/02 01:08:00 | 000,080,208 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2416491_125_full.jpg
[2011/12/01 17:24:55 | 022,399,585 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\msl20111128-640.mov
[2011/12/01 17:08:21 | 029,903,338 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\msl20111126_launchOnNTV-640.mov
[2011/11/27 23:57:39 | 030,797,223 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\Alchemical-Sigils-Symbols.pdf
[2011/11/19 01:24:35 | 013,812,424 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\iPod_nano_6thgen_User_Guide.pdf
[2011/11/15 20:01:48 | 000,024,529 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\boinca.png
[2011/11/07 17:57:25 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/10 15:53:26 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011/06/26 18:37:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/23 20:04:27 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/23 20:04:25 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/23 20:04:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/23 20:04:01 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/12/15 15:55:15 | 000,393,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/22 12:30:39 | 000,000,135 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2010/07/29 17:54:47 | 000,000,536 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/20 23:05:09 | 000,000,410 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\burnaware.ini
[2009/12/13 21:47:10 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/12/13 21:47:10 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/12/13 21:22:35 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/12/13 21:21:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/12/13 19:18:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/12/04 15:56:03 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/04 15:56:03 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\FASTApp.html
[2009/12/04 14:37:36 | 000,015,006 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\FASTWiz.html
[2009/10/19 16:56:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/02 16:23:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/06/18 13:49:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/04/02 12:42:52 | 000,000,047 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2009/02/20 17:10:20 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/18 18:06:12 | 000,001,340 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/02/18 18:06:12 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/02/18 18:06:12 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd9440cn.dat
[2009/02/18 18:04:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/02/18 18:04:18 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/02/18 18:04:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BAOCH06A.DAT
[2009/02/18 18:04:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/02/18 18:02:13 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/10 17:32:12 | 000,000,023 | ---- | C] () -- C:\WINDOWS\bo9440cn.ini
[2009/02/10 17:31:57 | 000,000,435 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/02/10 17:31:57 | 000,000,105 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/01/09 19:36:12 | 000,000,524 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/01/07 22:00:36 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2009/01/07 22:00:36 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2009/01/07 19:42:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/11/24 20:20:16 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/19 20:39:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/19 20:35:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/19 15:28:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/19 15:28:07 | 000,380,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/05 03:52:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/21 20:46:34 | 000,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2007/01/07 12:43:12 | 000,143,360 | ---- | C] () -- C:\WINDOWS\libexpat.dll
[2005/11/23 04:00:00 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/12 21:57:10 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/04 12:52:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/04/04 12:35:24 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/02/04 03:59:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\metaflac.exe
[2005/02/04 03:59:44 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\flac.exe
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,491,354 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,187,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\acpi.sys
[2004/08/04 05:00:00 | 000,090,246 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/06/23 18:36:04 | 000,442,880 | ---- | C] () -- C:\WINDOWS\System32\VFAPIConv.exe
[2002/06/17 19:36:10 | 000,482,816 | ---- | C] () -- C:\WINDOWS\System32\VFCodec.dll
[2001/04/23 03:15:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mtstack.exe
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >


OTL Extras logfile created on: 12/7/2011 4:36:55 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 77.92% Memory free
2.83 Gb Paging File | 2.29 Gb Available in Paging File | 80.92% Paging File free
Paging file location(s): C:\pagefile.sys 500 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 34.17 Gb Free Space | 45.89% Space Free | Partition Type: NTFS
Drive E: | 7.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.51 Gb Total Space | 866.68 Gb Free Space | 93.04% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 866.68 Gb Free Space | 93.04% Space Free | Partition Type: NTFS

Computer Name: DJB7QB1-CDS | User Name: cds | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = AutoCADLTScriptFile] -- C:\WINDOWS\NOTEPAD.EXE (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"2967:TCP" = 2967:TCP:LocalSubNet:Enabled:Symantec Management
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"2967:TCP" = 2967:TCP:LocalSubNet:Enabled:Symantec Management
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"54925:UDP" = 54925:UDP:LocalSubNet:Enabled:Scanning
"54926:UDP" = 54926:UDP:LocalSubNet:Enabled:PC-Fax

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\cds.NPA\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Common Files\SolidWorks Installation Manager\17.0\sldimdownloader.exe" = C:\Program Files\Common Files\SolidWorks Installation Manager\17.0\sldimdownloader.exe:*:Enabled:sldimdownloader.exe -- (Dassault Systèmes SolidWorks Corp.)
"C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" = C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe:*:Enabled:sldIMScheduler.exe -- (Dassault Systèmes SolidWorks Corp.)
"C:\Program Files\Google\Google Earth\googleearth.exe" = C:\Program Files\Google\Google Earth\googleearth.exe:*:Enabled:Google Earth
"C:\Program Files\Ipswitch\WS_FTP Professional\ftpfind.exe" = C:\Program Files\Ipswitch\WS_FTP Professional\ftpfind.exe:*:Enabled:WS_FTP Find Utility -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe" = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\SolidWorks\SolidWorks\swspmanager.exe" = C:\Program Files\SolidWorks\SolidWorks\swspmanager.exe:*:Enabled:swspmanager.exe -- (Dassault Systèmes SolidWorks Corp.)
"C:\Program Files\Symantec AntiVirus\VPC32.exe" = C:\Program Files\Symantec AntiVirus\VPC32.exe:*:Enabled:Symantec AntiVirus
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe" = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe:*:Enabled:Ipswitch WS_FTP Professional 2007 -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F2F77E4-4053-4108-B153-81F0B42EDCF4}" = WebIQ Technology Engine
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212D202D-487D-49C4-8A76-4D3BB91B8471}" = BOINC
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 26
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (HPWJA)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C400DF4-90E0-412C-843A-F5424402662F}" = DJBCP Codec Pack
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-0109-0409-0000-0060B0CE6BBA}" = AutoCAD LT 2002
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.41 .2
"{5D3E11CE-2C9A-44E3-A561-ED9BAC439E83}" = HP Web Jetadmin 10.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D49994F-2E35-4932-B9ED-D2F4EEBF91A2}" = QuickBooks Pro Timer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72A819E7-4146-B9EA-1292-C4A77F657B4E}" = eBay Desktop
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78F5131C-7C4F-49AA-AA32-B7B42E941BCF}" = SolidWorks 2009 SP04.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-2447-0000-A00000000003}" = Chinese Simplified Fonts Support For Adobe Reader X
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{AFFBB1A4-26E9-42D8-ACBB-B8B1ECF862DC}" = Actify SpinFire Reader
"{B10E8648-1EC1-4FE8-B7C9-18C70CD48172}" = SolidWorks eDrawings 2009
"{B197134C-2A98-4D8C-A55A-9A7809AF59EC}" = SolidWorks Explorer 2009 sp04.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD04643-5246-48AC-9D8C-F43A37BB8F36}" = WD Drive Manager (x86)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D198D2E7-B557-4404-A286-77F249625172}" = Nokia Internet Tablet Software Update Wizard
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}" = APC PowerChute Personal Edition 3.0
"{F6C0D92C-7EBC-4CEE-A0DD-BCE6ADB50E22}" = CADENAS PARTwebViewer
"{FA508751-94C7-4D6C-8418-B6FC3C43D1A7}" = DWGeditor
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"7-Zip" = 7-Zip 9.15 beta
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.3.1 Standard
"Adobe Acrobat 8 Standard_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnswerWorks" = AnswerWorks Runtime
"avast" = avast! Pro Antivirus
"BC2_is1" = Beyond Compare Version 2.5.3
"BurnAware Free_is1" = BurnAware Free 2.4.4
"CodeStuff Starter" = CodeStuff Starter
"com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1" = eBay Desktop
"eIMAGE Recovery" = eIMAGE Recovery
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MeshLab" = MeshLab 1.1.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Ogg Codecs" = Ogg Codecs 0.81.15562
"Parts&Vendors 6.0" = Parts&Vendors 6.0
"PoiEdit" = PoiEdit
"RealPlayer 12.0" = RealPlayer
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SolidWorks Installation Manager 20090-40401-1100-200" = SolidWorks 2009 SP04.1
"SpeedFan" = SpeedFan (remove only)
"TotalRecorder" = Total Recorder 8.0
"Tweak UI 2.10" = Tweak UI
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player
"Universal Algebra Calculator 2 (New Version)" = Universal Algebra Calculator 2 (New Version)

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/17/2009 3:47:55 PM | Computer Name = DJB7QB1-CDS | Source = avast! | ID = 33554522
Description =

Error - 4/1/2010 5:47:36 PM | Computer Name = DJB7QB1-CDS | Source = avast! | ID = 33554522
Description =

Error - 4/1/2010 5:47:42 PM | Computer Name = DJB7QB1-CDS | Source = avast! | ID = 33554522
Description =

Error - 5/3/2010 10:22:53 AM | Computer Name = DJB7QB1-CDS | Source = avast! | ID = 33554522
Description =

Error - 5/3/2010 10:22:56 AM | Computer Name = DJB7QB1-CDS | Source = avast! | ID = 33554522
Description =

Error - 5/3/2010 10:23:07 AM | Computer Name = DJB7QB1-CDS | Source = avast! | ID = 33554522
Description =

Error - 5/3/2010 10:24:19 AM | Computer Name = DJB7QB1-CDS | Source = avast! | ID = 33554522
Description =

Error - 5/3/2010 10:24:57 AM | Computer Name = DJB7QB1-CDS | Source = avast! | ID = 33554522
Description =

Error - 5/3/2010 10:24:59 AM | Computer Name = DJB7QB1-CDS | Source = avast! | ID = 33554522
Description =

Error - 5/3/2010 11:03:24 AM | Computer Name = DJB7QB1-CDS | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 12/5/2011 2:45:21 AM | Computer Name = DJB7QB1-CDS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 8.0.0.4325, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/5/2011 2:45:25 AM | Computer Name = DJB7QB1-CDS | Source = Application Hang | ID = 1001
Description = Fault bucket -1612583200.

Error - 12/6/2011 1:34:51 PM | Computer Name = DJB7QB1-CDS | Source = nlsX86cc | ID = 0
Description =

Error - 12/6/2011 7:01:42 PM | Computer Name = DJB7QB1-CDS | Source = WinMgmt | ID = 4
Description = Failed to load MOF C:\WINDOWS\SYSTEM32\WBEM\WINDOWSSEARCHENGINE.MOF
while recovering repository file.

Error - 12/6/2011 7:01:42 PM | Computer Name = DJB7QB1-CDS | Source = WinMgmt | ID = 4
Description = Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF
while recovering repository file.

Error - 12/6/2011 7:01:43 PM | Computer Name = DJB7QB1-CDS | Source = WinMgmt | ID = 4
Description = Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS
COMMUNICATION FOUNDATION\SERVICEMODEL.MOF while recovering repository file.

Error - 12/6/2011 7:01:43 PM | Computer Name = DJB7QB1-CDS | Source = WinMgmt | ID = 4
Description = Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF
while recovering repository file.

Error - 12/6/2011 7:01:46 PM | Computer Name = DJB7QB1-CDS | Source = WinMgmt | ID = 4
Description = Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF
while recovering repository file.

Error - 12/6/2011 7:01:46 PM | Computer Name = DJB7QB1-CDS | Source = WinMgmt | ID = 4
Description = Failed to load MOF C:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLMGMPROVIDERXPSP2UP.MOF
while recovering repository file.

Error - 12/6/2011 11:43:54 PM | Computer Name = DJB7QB1-CDS | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: Microsoft.PowerShell.ConsoleHost,Version=1.0.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35,ProcessorArchitecture=msil
. Error code = 0x80070020

[ OSession Events ]
Error - 4/6/2009 4:53:26 PM | Computer Name = DJB7QB1-CDS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 481
seconds with 480 seconds of active time. This session ended with a crash.

Error - 10/19/2009 7:58:00 PM | Computer Name = DJB7QB1-CDS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/10/2009 6:13:17 PM | Computer Name = DJB7QB1-CDS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19238
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 12/10/2009 6:36:23 PM | Computer Name = DJB7QB1-CDS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1280
seconds with 300 seconds of active time. This session ended with a crash.

Error - 5/6/2010 3:46:05 PM | Computer Name = DJB7QB1-CDS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11570
seconds with 120 seconds of active time. This session ended with a crash.

Error - 9/29/2011 2:29:32 PM | Computer Name = DJB7QB1-CDS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 83233
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/7/2011 4:02:10 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7000
Description = The Prosoft Data Backup PC3 Backup/Copy Engine service failed to start
due to the following error: %%2

Error - 12/7/2011 4:47:53 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7000
Description = The Prosoft Data Backup PC3 Backup/Copy Engine service failed to start
due to the following error: %%2

Error - 12/7/2011 5:08:09 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/7/2011 5:08:09 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The APC UPS Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/7/2011 5:08:09 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7031
Description = The SAS Core Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 12/7/2011 5:08:09 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/7/2011 5:08:10 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/7/2011 5:08:10 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The NLS Service service terminated unexpectedly. It has done this
1 time(s).

Error - 12/7/2011 5:08:10 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The WD Drive Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/7/2011 5:08:10 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The APC Data Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

Attached Thumbnails

  • Diskmgmt.jpg

  • 0

#4
Cstaffa
Posted 07 December 2011 - 04:27 AM

Cstaffa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I didn't realize that I hadn't cured the ACPI.sys problem on the first run of TDSSKiller, so I ran it again.


05:14:00.0562 0172 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
05:14:00.0734 0172 ============================================================
05:14:00.0734 0172 Current date / time: 2011/12/07 05:14:00.0734
05:14:00.0734 0172 SystemInfo:
05:14:00.0734 0172
05:14:00.0734 0172 OS Version: 5.1.2600 ServicePack: 3.0
05:14:00.0734 0172 Product type: Workstation
05:14:00.0734 0172 ComputerName: DJB7QB1-CDS
05:14:00.0734 0172 UserName: cds
05:14:00.0734 0172 Windows directory: C:\WINDOWS
05:14:00.0734 0172 System windows directory: C:\WINDOWS
05:14:00.0734 0172 Processor architecture: Intel x86
05:14:00.0734 0172 Number of processors: 2
05:14:00.0734 0172 Page size: 0x1000
05:14:00.0734 0172 Boot type: Normal boot
05:14:00.0734 0172 ============================================================
05:14:09.0843 0172 Initialize success
05:14:19.0171 2808 ============================================================
05:14:19.0171 2808 Scan started
05:14:19.0171 2808 Mode: Manual;
05:14:19.0171 2808 ============================================================
05:14:19.0531 2808 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
05:14:19.0546 2808 Aavmker4 - ok
05:14:19.0562 2808 Abiosdsk - ok
05:14:19.0562 2808 abp480n5 - ok
05:14:19.0671 2808 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:14:19.0671 2808 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
05:14:19.0671 2808 ACPI ( Virus.Win32.Rloader.a ) - infected
05:14:19.0671 2808 ACPI - detected Virus.Win32.Rloader.a (0)
05:14:19.0750 2808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
05:14:19.0750 2808 ACPIEC - ok
05:14:19.0765 2808 adpu160m - ok
05:14:19.0812 2808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
05:14:19.0812 2808 aec - ok
05:14:19.0890 2808 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
05:14:19.0890 2808 AFD - ok
05:14:19.0906 2808 Aha154x - ok
05:14:19.0953 2808 aic78u2 - ok
05:14:19.0953 2808 aic78xx - ok
05:14:19.0968 2808 AliIde - ok
05:14:19.0984 2808 amsint - ok
05:14:20.0031 2808 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
05:14:20.0031 2808 Arp1394 - ok
05:14:20.0031 2808 asc - ok
05:14:20.0062 2808 asc3350p - ok
05:14:20.0078 2808 asc3550 - ok
05:14:20.0125 2808 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
05:14:20.0140 2808 aswFsBlk - ok
05:14:20.0203 2808 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
05:14:20.0218 2808 aswMon2 - ok
05:14:20.0265 2808 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
05:14:20.0265 2808 aswRdr - ok
05:14:20.0343 2808 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
05:14:20.0359 2808 aswSnx - ok
05:14:20.0406 2808 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
05:14:20.0421 2808 aswSP - ok
05:14:20.0484 2808 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
05:14:20.0500 2808 aswTdi - ok
05:14:20.0562 2808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:14:20.0578 2808 AsyncMac - ok
05:14:20.0578 2808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
05:14:20.0578 2808 atapi - ok
05:14:20.0609 2808 Atdisk - ok
05:14:20.0656 2808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:14:20.0656 2808 Atmarpc - ok
05:14:20.0734 2808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
05:14:20.0734 2808 audstub - ok
05:14:20.0796 2808 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
05:14:20.0812 2808 b57w2k - ok
05:14:20.0890 2808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
05:14:20.0890 2808 Beep - ok
05:14:20.0968 2808 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
05:14:20.0968 2808 BrScnUsb - ok
05:14:20.0984 2808 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
05:14:20.0984 2808 BrSerIf - ok
05:14:21.0000 2808 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
05:14:21.0000 2808 BrUsbSer - ok
05:14:21.0031 2808 catchme - ok
05:14:21.0218 2808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
05:14:21.0218 2808 cbidf2k - ok
05:14:21.0250 2808 cd20xrnt - ok
05:14:21.0312 2808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
05:14:21.0312 2808 Cdaudio - ok
05:14:21.0328 2808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
05:14:21.0328 2808 Cdfs - ok
05:14:21.0359 2808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:14:21.0359 2808 Cdrom - ok
05:14:21.0421 2808 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
05:14:21.0421 2808 cercsr6 - ok
05:14:21.0437 2808 Changer - ok
05:14:21.0484 2808 CmdIde - ok
05:14:21.0515 2808 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
05:14:21.0515 2808 Compbatt - ok
05:14:21.0578 2808 Cpqarray - ok
05:14:21.0593 2808 dac2w2k - ok
05:14:21.0609 2808 dac960nt - ok
05:14:21.0625 2808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
05:14:21.0625 2808 Disk - ok
05:14:21.0687 2808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
05:14:21.0718 2808 dmboot - ok
05:14:21.0718 2808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
05:14:21.0734 2808 dmio - ok
05:14:21.0765 2808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
05:14:21.0765 2808 dmload - ok
05:14:21.0828 2808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
05:14:21.0828 2808 DMusic - ok
05:14:21.0843 2808 dpti2o - ok
05:14:21.0859 2808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
05:14:21.0859 2808 drmkaud - ok
05:14:21.0984 2808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
05:14:21.0984 2808 Fastfat - ok
05:14:22.0000 2808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
05:14:22.0000 2808 Fdc - ok
05:14:22.0046 2808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
05:14:22.0046 2808 Fips - ok
05:14:22.0078 2808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
05:14:22.0078 2808 Flpydisk - ok
05:14:22.0140 2808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
05:14:22.0140 2808 FltMgr - ok
05:14:22.0156 2808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:14:22.0156 2808 Fs_Rec - ok
05:14:22.0171 2808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:14:22.0171 2808 Ftdisk - ok
05:14:22.0187 2808 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
05:14:22.0187 2808 giveio - ok
05:14:22.0218 2808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:14:22.0234 2808 Gpc - ok
05:14:22.0265 2808 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
05:14:22.0265 2808 HDAudBus - ok
05:14:22.0328 2808 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
05:14:22.0328 2808 HidBatt - ok
05:14:22.0328 2808 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:14:22.0328 2808 hidusb - ok
05:14:22.0375 2808 hpn - ok
05:14:22.0437 2808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
05:14:22.0437 2808 HTTP - ok
05:14:22.0515 2808 i2omgmt - ok
05:14:22.0515 2808 i2omp - ok
05:14:22.0578 2808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:14:22.0578 2808 i8042prt - ok
05:14:22.0734 2808 iastor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
05:14:22.0734 2808 iastor - ok
05:14:22.0812 2808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
05:14:22.0812 2808 Imapi - ok
05:14:22.0828 2808 ini910u - ok
05:14:22.0843 2808 IntelIde - ok
05:14:22.0921 2808 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:14:22.0921 2808 intelppm - ok
05:14:22.0953 2808 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
05:14:22.0953 2808 Ip6Fw - ok
05:14:23.0015 2808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:14:23.0015 2808 IpFilterDriver - ok
05:14:23.0031 2808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:14:23.0046 2808 IpInIp - ok
05:14:23.0062 2808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:14:23.0062 2808 IpNat - ok
05:14:23.0078 2808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:14:23.0078 2808 IPSec - ok
05:14:23.0093 2808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
05:14:23.0093 2808 IRENUM - ok
05:14:23.0125 2808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:14:23.0125 2808 isapnp - ok
05:14:23.0140 2808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:14:23.0140 2808 Kbdclass - ok
05:14:23.0171 2808 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:14:23.0171 2808 kbdhid - ok
05:14:23.0203 2808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
05:14:23.0203 2808 kmixer - ok
05:14:23.0234 2808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
05:14:23.0234 2808 KSecDD - ok
05:14:23.0250 2808 l8042pr2 (2e5bf125406324d289de17ed9ab6e232) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
05:14:23.0250 2808 l8042pr2 - ok
05:14:23.0265 2808 lbrtfdc - ok
05:14:23.0281 2808 LKbdFlt2 (3f8d827943fc4489eb1e4cc03799b581) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
05:14:23.0281 2808 LKbdFlt2 - ok
05:14:23.0296 2808 LMouFlt2 (a24b919082a553f2d7da3a39aaaeb50b) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
05:14:23.0296 2808 LMouFlt2 - ok
05:14:23.0312 2808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
05:14:23.0312 2808 mnmdd - ok
05:14:23.0359 2808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
05:14:23.0359 2808 Modem - ok
05:14:23.0390 2808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:14:23.0390 2808 Mouclass - ok
05:14:23.0421 2808 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:14:23.0437 2808 mouhid - ok
05:14:23.0437 2808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
05:14:23.0437 2808 MountMgr - ok
05:14:23.0484 2808 mraid35x - ok
05:14:23.0500 2808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:14:23.0500 2808 MRxDAV - ok
05:14:23.0546 2808 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:14:23.0562 2808 MRxSmb - ok
05:14:23.0609 2808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
05:14:23.0609 2808 Msfs - ok
05:14:23.0625 2808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:14:23.0625 2808 MSKSSRV - ok
05:14:23.0656 2808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:14:23.0656 2808 MSPCLOCK - ok
05:14:23.0671 2808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
05:14:23.0671 2808 MSPQM - ok
05:14:23.0750 2808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:14:23.0750 2808 mssmbios - ok
05:14:23.0812 2808 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
05:14:23.0828 2808 Mup - ok
05:14:23.0953 2808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
05:14:23.0968 2808 NDIS - ok
05:14:24.0062 2808 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:14:24.0062 2808 NdisTapi - ok
05:14:24.0140 2808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:14:24.0140 2808 Ndisuio - ok
05:14:24.0203 2808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:14:24.0218 2808 NdisWan - ok
05:14:24.0250 2808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
05:14:24.0250 2808 NDProxy - ok
05:14:24.0265 2808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
05:14:24.0265 2808 NetBIOS - ok
05:14:24.0312 2808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
05:14:24.0312 2808 NetBT - ok
05:14:24.0406 2808 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
05:14:24.0406 2808 NIC1394 - ok
05:14:24.0468 2808 nmwcdnsu (be7fd9ca07e7d39f77c78ba5756930d9) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
05:14:24.0468 2808 nmwcdnsu - ok
05:14:24.0515 2808 nmwcdnsuc (94651f5808d3328d28ef967a9e853b8f) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
05:14:24.0515 2808 nmwcdnsuc - ok
05:14:24.0515 2808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
05:14:24.0515 2808 Npfs - ok
05:14:24.0562 2808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
05:14:24.0578 2808 Ntfs - ok
05:14:24.0640 2808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
05:14:24.0640 2808 Null - ok
05:14:25.0015 2808 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
05:14:25.0296 2808 nv - ok
05:14:25.0343 2808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:14:25.0359 2808 NwlnkFlt - ok
05:14:25.0359 2808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:14:25.0359 2808 NwlnkFwd - ok
05:14:25.0375 2808 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
05:14:25.0375 2808 ohci1394 - ok
05:14:25.0375 2808 oiaodjt - ok
05:14:25.0406 2808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
05:14:25.0406 2808 Parport - ok
05:14:25.0421 2808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
05:14:25.0421 2808 PartMgr - ok
05:14:25.0468 2808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
05:14:25.0468 2808 ParVdm - ok
05:14:25.0484 2808 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
05:14:25.0484 2808 PCI - ok
05:14:25.0484 2808 PCIDump - ok
05:14:25.0531 2808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
05:14:25.0531 2808 PCIIde - ok
05:14:25.0562 2808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
05:14:25.0562 2808 Pcmcia - ok
05:14:25.0578 2808 PDCOMP - ok
05:14:25.0593 2808 PDFRAME - ok
05:14:25.0609 2808 PDRELI - ok
05:14:25.0625 2808 PDRFRAME - ok
05:14:25.0625 2808 perc2 - ok
05:14:25.0640 2808 perc2hib - ok
05:14:25.0656 2808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:14:25.0656 2808 PptpMiniport - ok
05:14:25.0703 2808 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
05:14:25.0718 2808 PSched - ok
05:14:25.0765 2808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:14:25.0765 2808 Ptilink - ok
05:14:25.0781 2808 ql1080 - ok
05:14:25.0812 2808 Ql10wnt - ok
05:14:25.0828 2808 ql12160 - ok
05:14:25.0843 2808 ql1240 - ok
05:14:25.0859 2808 ql1280 - ok
05:14:25.0859 2808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:14:25.0859 2808 RasAcd - ok
05:14:25.0875 2808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:14:25.0875 2808 Rasl2tp - ok
05:14:25.0890 2808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:14:25.0890 2808 RasPppoe - ok
05:14:25.0937 2808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
05:14:25.0953 2808 Raspti - ok
05:14:25.0968 2808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:14:25.0968 2808 Rdbss - ok
05:14:26.0031 2808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:14:26.0031 2808 RDPCDD - ok
05:14:26.0062 2808 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:14:26.0062 2808 rdpdr - ok
05:14:26.0171 2808 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
05:14:26.0171 2808 RDPWD - ok
05:14:26.0265 2808 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
05:14:26.0265 2808 redbook - ok
05:14:26.0437 2808 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
05:14:26.0437 2808 SASDIFSV - ok
05:14:26.0500 2808 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
05:14:26.0500 2808 SASENUM - ok
05:14:26.0531 2808 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
05:14:26.0531 2808 SASKUTIL - ok
05:14:26.0578 2808 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
05:14:26.0593 2808 sbp2port - ok
05:14:26.0703 2808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:14:26.0703 2808 Secdrv - ok
05:14:26.0718 2808 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
05:14:26.0718 2808 serenum - ok
05:14:26.0750 2808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
05:14:26.0750 2808 Serial - ok
05:14:26.0796 2808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
05:14:26.0796 2808 Sfloppy - ok
05:14:26.0828 2808 Simbad - ok
05:14:26.0906 2808 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
05:14:26.0906 2808 SONYPVU1 - ok
05:14:26.0906 2808 Sparrow - ok
05:14:26.0953 2808 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
05:14:26.0953 2808 speedfan - ok
05:14:26.0984 2808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
05:14:27.0000 2808 splitter - ok
05:14:27.0031 2808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
05:14:27.0031 2808 sr - ok
05:14:27.0109 2808 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
05:14:27.0109 2808 Srv - ok
05:14:27.0203 2808 STHDA (9db5dbed65f2d74acd1d20a53898af79) C:\WINDOWS\system32\drivers\sthda.sys
05:14:27.0234 2808 STHDA - ok
05:14:27.0296 2808 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
05:14:27.0296 2808 StillCam - ok
05:14:27.0375 2808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
05:14:27.0390 2808 swenum - ok
05:14:27.0453 2808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
05:14:27.0453 2808 swmidi - ok
05:14:27.0484 2808 symc810 - ok
05:14:27.0484 2808 symc8xx - ok
05:14:27.0500 2808 sym_hi - ok
05:14:27.0515 2808 sym_u3 - ok
05:14:27.0531 2808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
05:14:27.0531 2808 sysaudio - ok
05:14:27.0656 2808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:14:27.0671 2808 Tcpip - ok
05:14:27.0750 2808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
05:14:27.0750 2808 TDPIPE - ok
05:14:27.0765 2808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
05:14:27.0765 2808 TDTCP - ok
05:14:27.0796 2808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
05:14:27.0796 2808 TermDD - ok
05:14:27.0828 2808 TosIde - ok
05:14:27.0890 2808 TotRec7 (cb847e385ad960d9070737e50aaa0d75) C:\WINDOWS\system32\drivers\TotRec7.sys
05:14:27.0890 2808 TotRec7 - ok
05:14:27.0906 2808 TotRec8 (f7937fc27cbaf6d5e8e05bd36b205012) C:\WINDOWS\system32\drivers\TotRec8.sys
05:14:27.0906 2808 TotRec8 - ok
05:14:27.0937 2808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
05:14:27.0937 2808 Udfs - ok
05:14:27.0953 2808 ultra - ok
05:14:28.0015 2808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
05:14:28.0015 2808 Update - ok
05:14:28.0109 2808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:14:28.0109 2808 usbccgp - ok
05:14:28.0125 2808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:14:28.0125 2808 usbehci - ok
05:14:28.0156 2808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:14:28.0156 2808 usbhub - ok
05:14:28.0203 2808 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
05:14:28.0203 2808 usbprint - ok
05:14:28.0265 2808 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:14:28.0265 2808 USBSTOR - ok
05:14:28.0328 2808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:14:28.0328 2808 usbuhci - ok
05:14:28.0343 2808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
05:14:28.0343 2808 VgaSave - ok
05:14:28.0359 2808 ViaIde - ok
05:14:28.0437 2808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
05:14:28.0437 2808 VolSnap - ok
05:14:28.0484 2808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:14:28.0484 2808 Wanarp - ok
05:14:28.0500 2808 WDC_SAM - ok
05:14:28.0500 2808 WDICA - ok
05:14:28.0515 2808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
05:14:28.0515 2808 wdmaud - ok
05:14:28.0625 2808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
05:14:28.0625 2808 WudfPf - ok
05:14:28.0703 2808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
05:14:28.0796 2808 \Device\Harddisk0\DR0 - ok
05:14:28.0796 2808 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk1\DR3
05:14:28.0796 2808 \Device\Harddisk1\DR3 - ok
05:14:28.0796 2808 Boot (0x1200) (3032963acac2bf7f4f552f8d9bffb68f) \Device\Harddisk0\DR0\Partition0
05:14:28.0796 2808 \Device\Harddisk0\DR0\Partition0 - ok
05:14:28.0812 2808 Boot (0x1200) (b40f1e4f607421c44f73728d4f424d27) \Device\Harddisk1\DR3\Partition0
05:14:28.0812 2808 \Device\Harddisk1\DR3\Partition0 - ok
05:14:28.0812 2808 ============================================================
05:14:28.0812 2808 Scan finished
05:14:28.0812 2808 ============================================================
05:14:28.0828 2228 Detected object count: 1
05:14:28.0828 2228 Actual detected object count: 1
05:14:49.0531 2228 Backup copy found, using it..
05:14:49.0562 2228 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
05:14:49.0562 2228 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
05:14:54.0796 2388 Deinitialize success
  • 0

#5
RKinner
Posted 07 December 2011 - 10:38 AM

RKinner

    Malware Expert

  • Expert
  • 19,773 posts
  • MVP
Doesn't matter about the order of the norton thing.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
Please copy and paste the log.

Run aswMBR again but this time DO NOT uncheck trace disk IO calls and post its log.


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#6
Cstaffa
Posted 07 December 2011 - 11:40 AM

Cstaffa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
It's very nice to be able to use google normally again. Thank you thank you.


11:46:50.0484 1896 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
11:46:50.0671 1896 ============================================================
11:46:50.0671 1896 Current date / time: 2011/12/07 11:46:50.0671
11:46:50.0671 1896 SystemInfo:
11:46:50.0671 1896
11:46:50.0671 1896 OS Version: 5.1.2600 ServicePack: 3.0
11:46:50.0671 1896 Product type: Workstation
11:46:50.0671 1896 ComputerName: DJB7QB1-CDS
11:46:50.0671 1896 UserName: cds
11:46:50.0671 1896 Windows directory: C:\WINDOWS
11:46:50.0671 1896 System windows directory: C:\WINDOWS
11:46:50.0671 1896 Processor architecture: Intel x86
11:46:50.0671 1896 Number of processors: 2
11:46:50.0671 1896 Page size: 0x1000
11:46:50.0671 1896 Boot type: Normal boot
11:46:50.0671 1896 ============================================================
11:46:51.0109 1896 Initialize success
11:47:37.0078 0552 ============================================================
11:47:37.0078 0552 Scan started
11:47:37.0078 0552 Mode: Manual; SigCheck; TDLFS;
11:47:37.0078 0552 ============================================================
11:47:37.0812 0552 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
11:47:37.0953 0552 Aavmker4 - ok
11:47:38.0000 0552 Abiosdsk - ok
11:47:38.0000 0552 abp480n5 - ok
11:47:38.0078 0552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:47:38.0796 0552 ACPI - ok
11:47:38.0984 0552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:47:39.0078 0552 ACPIEC - ok
11:47:39.0125 0552 adpu160m - ok
11:47:39.0171 0552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:47:39.0281 0552 aec - ok
11:47:39.0343 0552 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:47:39.0406 0552 AFD - ok
11:47:39.0406 0552 Aha154x - ok
11:47:39.0421 0552 aic78u2 - ok
11:47:39.0421 0552 aic78xx - ok
11:47:39.0437 0552 AliIde - ok
11:47:39.0437 0552 amsint - ok
11:47:39.0500 0552 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:47:39.0593 0552 Arp1394 - ok
11:47:39.0609 0552 asc - ok
11:47:39.0609 0552 asc3350p - ok
11:47:39.0625 0552 asc3550 - ok
11:47:39.0687 0552 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:47:39.0703 0552 aswFsBlk - ok
11:47:39.0765 0552 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
11:47:39.0765 0552 aswMon2 - ok
11:47:39.0812 0552 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
11:47:39.0828 0552 aswRdr - ok
11:47:39.0890 0552 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
11:47:39.0921 0552 aswSnx - ok
11:47:39.0968 0552 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
11:47:39.0984 0552 aswSP - ok
11:47:40.0031 0552 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
11:47:40.0031 0552 aswTdi - ok
11:47:40.0093 0552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:47:40.0218 0552 AsyncMac - ok
11:47:40.0218 0552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:47:40.0343 0552 atapi - ok
11:47:40.0343 0552 Atdisk - ok
11:47:40.0375 0552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:47:40.0484 0552 Atmarpc - ok
11:47:40.0546 0552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:47:40.0640 0552 audstub - ok
11:47:40.0703 0552 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:47:40.0750 0552 b57w2k - ok
11:47:40.0859 0552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:47:40.0953 0552 Beep - ok
11:47:41.0046 0552 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
11:47:41.0046 0552 BrScnUsb ( UnsignedFile.Multi.Generic ) - warning
11:47:41.0046 0552 BrScnUsb - detected UnsignedFile.Multi.Generic (1)
11:47:41.0187 0552 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
11:47:41.0203 0552 BrSerIf ( UnsignedFile.Multi.Generic ) - warning
11:47:41.0203 0552 BrSerIf - detected UnsignedFile.Multi.Generic (1)
11:47:41.0250 0552 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
11:47:41.0265 0552 BrUsbSer ( UnsignedFile.Multi.Generic ) - warning
11:47:41.0265 0552 BrUsbSer - detected UnsignedFile.Multi.Generic (1)
11:47:41.0281 0552 catchme - ok
11:47:41.0328 0552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:47:41.0437 0552 cbidf2k - ok
11:47:41.0437 0552 cd20xrnt - ok
11:47:41.0500 0552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:47:41.0593 0552 Cdaudio - ok
11:47:41.0656 0552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:47:41.0750 0552 Cdfs - ok
11:47:41.0765 0552 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:47:41.0875 0552 Cdrom - ok
11:47:41.0921 0552 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
11:47:41.0937 0552 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
11:47:41.0937 0552 cercsr6 - detected UnsignedFile.Multi.Generic (1)
11:47:41.0937 0552 Changer - ok
11:47:41.0953 0552 CmdIde - ok
11:47:41.0984 0552 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:47:42.0078 0552 Compbatt - ok
11:47:42.0093 0552 Cpqarray - ok
11:47:42.0093 0552 dac2w2k - ok
11:47:42.0109 0552 dac960nt - ok
11:47:42.0125 0552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:47:42.0234 0552 Disk - ok
11:47:42.0281 0552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:47:42.0437 0552 dmboot - ok
11:47:42.0468 0552 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:47:42.0578 0552 dmio - ok
11:47:42.0609 0552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:47:42.0734 0552 dmload - ok
11:47:42.0750 0552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:47:42.0843 0552 DMusic - ok
11:47:42.0906 0552 dpti2o - ok
11:47:42.0968 0552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:47:43.0062 0552 drmkaud - ok
11:47:43.0140 0552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:47:43.0234 0552 Fastfat - ok
11:47:43.0328 0552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:47:43.0421 0552 Fdc - ok
11:47:43.0468 0552 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:47:43.0562 0552 Fips - ok
11:47:43.0562 0552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:47:43.0656 0552 Flpydisk - ok
11:47:43.0734 0552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:47:43.0828 0552 FltMgr - ok
11:47:43.0890 0552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:47:43.0984 0552 Fs_Rec - ok
11:47:44.0015 0552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:47:44.0109 0552 Ftdisk - ok
11:47:44.0140 0552 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
11:47:44.0171 0552 giveio ( UnsignedFile.Multi.Generic ) - warning
11:47:44.0171 0552 giveio - detected UnsignedFile.Multi.Generic (1)
11:47:44.0187 0552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:47:44.0296 0552 Gpc - ok
11:47:44.0328 0552 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:47:44.0421 0552 HDAudBus - ok
11:47:44.0484 0552 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
11:47:44.0593 0552 HidBatt - ok
11:47:44.0625 0552 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:47:44.0718 0552 hidusb - ok
11:47:44.0734 0552 hpn - ok
11:47:44.0781 0552 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:47:44.0812 0552 HTTP - ok
11:47:44.0906 0552 i2omgmt - ok
11:47:44.0921 0552 i2omp - ok
11:47:44.0968 0552 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:47:45.0078 0552 i8042prt - ok
11:47:45.0140 0552 iastor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
11:47:45.0156 0552 iastor - ok
11:47:45.0187 0552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:47:45.0296 0552 Imapi - ok
11:47:45.0359 0552 ini910u - ok
11:47:45.0406 0552 IntelIde - ok
11:47:45.0468 0552 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:47:45.0562 0552 intelppm - ok
11:47:45.0593 0552 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:47:45.0687 0552 Ip6Fw - ok
11:47:45.0750 0552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:47:45.0843 0552 IpFilterDriver - ok
11:47:45.0875 0552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:47:45.0968 0552 IpInIp - ok
11:47:46.0015 0552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:47:46.0109 0552 IpNat - ok
11:47:46.0125 0552 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:47:46.0234 0552 IPSec - ok
11:47:46.0250 0552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:47:46.0312 0552 IRENUM - ok
11:47:46.0343 0552 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:47:46.0437 0552 isapnp - ok
11:47:46.0437 0552 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:47:46.0531 0552 Kbdclass - ok
11:47:46.0546 0552 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:47:46.0640 0552 kbdhid - ok
11:47:46.0656 0552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:47:46.0765 0552 kmixer - ok
11:47:46.0796 0552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:47:46.0859 0552 KSecDD - ok
11:47:46.0859 0552 l8042pr2 (2e5bf125406324d289de17ed9ab6e232) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
11:47:46.0937 0552 l8042pr2 - ok
11:47:47.0062 0552 lbrtfdc - ok
11:47:47.0109 0552 LKbdFlt2 (3f8d827943fc4489eb1e4cc03799b581) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
11:47:47.0125 0552 LKbdFlt2 - ok
11:47:47.0125 0552 LMouFlt2 (a24b919082a553f2d7da3a39aaaeb50b) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
11:47:47.0140 0552 LMouFlt2 - ok
11:47:47.0171 0552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:47:47.0265 0552 mnmdd - ok
11:47:47.0296 0552 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:47:47.0406 0552 Modem - ok
11:47:47.0468 0552 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:47:47.0562 0552 Mouclass - ok
11:47:47.0593 0552 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:47:47.0718 0552 mouhid - ok
11:47:47.0718 0552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:47:47.0812 0552 MountMgr - ok
11:47:47.0828 0552 mraid35x - ok
11:47:47.0890 0552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:47:47.0984 0552 MRxDAV - ok
11:47:48.0156 0552 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:47:48.0203 0552 MRxSmb - ok
11:47:48.0250 0552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:47:48.0343 0552 Msfs - ok
11:47:48.0359 0552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:47:48.0484 0552 MSKSSRV - ok
11:47:48.0484 0552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:47:48.0578 0552 MSPCLOCK - ok
11:47:48.0593 0552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:47:48.0687 0552 MSPQM - ok
11:47:48.0750 0552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:47:48.0843 0552 mssmbios - ok
11:47:48.0890 0552 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:47:48.0937 0552 Mup - ok
11:47:49.0000 0552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:47:49.0109 0552 NDIS - ok
11:47:49.0171 0552 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:47:49.0218 0552 NdisTapi - ok
11:47:49.0250 0552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:47:49.0343 0552 Ndisuio - ok
11:47:49.0359 0552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:47:49.0453 0552 NdisWan - ok
11:47:49.0484 0552 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:47:49.0531 0552 NDProxy - ok
11:47:49.0593 0552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:47:49.0703 0552 NetBIOS - ok
11:47:49.0734 0552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:47:49.0828 0552 NetBT - ok
11:47:49.0875 0552 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:47:49.0968 0552 NIC1394 - ok
11:47:50.0031 0552 nmwcdnsu (be7fd9ca07e7d39f77c78ba5756930d9) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
11:47:50.0093 0552 nmwcdnsu - ok
11:47:50.0109 0552 nmwcdnsuc (94651f5808d3328d28ef967a9e853b8f) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
11:47:50.0140 0552 nmwcdnsuc - ok
11:47:50.0250 0552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:47:50.0343 0552 Npfs - ok
11:47:50.0390 0552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:47:50.0500 0552 Ntfs - ok
11:47:50.0578 0552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:47:50.0671 0552 Null - ok
11:47:51.0031 0552 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:47:51.0593 0552 nv - ok
11:47:51.0656 0552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:47:51.0765 0552 NwlnkFlt - ok
11:47:51.0765 0552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:47:51.0859 0552 NwlnkFwd - ok
11:47:51.0875 0552 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:47:52.0000 0552 ohci1394 - ok
11:47:52.0015 0552 oiaodjt - ok
11:47:52.0031 0552 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:47:52.0140 0552 Parport - ok
11:47:52.0156 0552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:47:52.0265 0552 PartMgr - ok
11:47:52.0312 0552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:47:52.0406 0552 ParVdm - ok
11:47:52.0437 0552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:47:52.0546 0552 PCI - ok
11:47:52.0578 0552 PCIDump - ok
11:47:52.0609 0552 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:47:52.0718 0552 PCIIde - ok
11:47:52.0750 0552 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:47:52.0859 0552 Pcmcia - ok
11:47:52.0906 0552 PDCOMP - ok
11:47:52.0906 0552 PDFRAME - ok
11:47:52.0921 0552 PDRELI - ok
11:47:52.0921 0552 PDRFRAME - ok
11:47:52.0937 0552 perc2 - ok
11:47:52.0937 0552 perc2hib - ok
11:47:52.0984 0552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:47:53.0093 0552 PptpMiniport - ok
11:47:53.0156 0552 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:47:53.0250 0552 PSched - ok
11:47:53.0281 0552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:47:53.0375 0552 Ptilink - ok
11:47:53.0375 0552 ql1080 - ok
11:47:53.0390 0552 Ql10wnt - ok
11:47:53.0390 0552 ql12160 - ok
11:47:53.0406 0552 ql1240 - ok
11:47:53.0406 0552 ql1280 - ok
11:47:53.0421 0552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:47:53.0515 0552 RasAcd - ok
11:47:53.0546 0552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:47:53.0640 0552 Rasl2tp - ok
11:47:53.0656 0552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:47:53.0765 0552 RasPppoe - ok
11:47:53.0781 0552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:47:53.0875 0552 Raspti - ok
11:47:53.0921 0552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:47:54.0015 0552 Rdbss - ok
11:47:54.0078 0552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:47:54.0171 0552 RDPCDD - ok
11:47:54.0187 0552 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:47:54.0296 0552 rdpdr - ok
11:47:54.0359 0552 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:47:54.0406 0552 RDPWD - ok
11:47:54.0468 0552 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:47:54.0562 0552 redbook - ok
11:47:54.0718 0552 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:47:54.0734 0552 SASDIFSV - ok
11:47:54.0796 0552 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
11:47:54.0812 0552 SASENUM - ok
11:47:54.0828 0552 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
11:47:54.0828 0552 SASKUTIL - ok
11:47:54.0953 0552 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
11:47:55.0062 0552 sbp2port - ok
11:47:55.0140 0552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:47:55.0187 0552 Secdrv - ok
11:47:55.0218 0552 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:47:55.0328 0552 serenum - ok
11:47:55.0390 0552 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:47:55.0484 0552 Serial - ok
11:47:55.0500 0552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:47:55.0593 0552 Sfloppy - ok
11:47:55.0625 0552 Simbad - ok
11:47:55.0687 0552 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
11:47:55.0781 0552 SONYPVU1 - ok
11:47:55.0843 0552 Sparrow - ok
11:47:55.0890 0552 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
11:47:55.0921 0552 speedfan ( UnsignedFile.Multi.Generic ) - warning
11:47:55.0921 0552 speedfan - detected UnsignedFile.Multi.Generic (1)
11:47:55.0937 0552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:47:56.0031 0552 splitter - ok
11:47:56.0046 0552 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:47:56.0093 0552 sr - ok
11:47:56.0187 0552 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:47:56.0218 0552 Srv - ok
11:47:56.0312 0552 STHDA (9db5dbed65f2d74acd1d20a53898af79) C:\WINDOWS\system32\drivers\sthda.sys
11:47:56.0421 0552 STHDA - ok
11:47:56.0468 0552 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
11:47:56.0562 0552 StillCam - ok
11:47:56.0609 0552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:47:56.0718 0552 swenum - ok
11:47:56.0765 0552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:47:56.0875 0552 swmidi - ok
11:47:56.0906 0552 symc810 - ok
11:47:56.0921 0552 symc8xx - ok
11:47:56.0937 0552 sym_hi - ok
11:47:56.0937 0552 sym_u3 - ok
11:47:56.0953 0552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:47:57.0046 0552 sysaudio - ok
11:47:57.0093 0552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:47:57.0140 0552 Tcpip - ok
11:47:57.0203 0552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:47:57.0328 0552 TDPIPE - ok
11:47:57.0390 0552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:47:57.0500 0552 TDTCP - ok
11:47:57.0531 0552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:47:57.0625 0552 TermDD - ok
11:47:57.0640 0552 TosIde - ok
11:47:57.0687 0552 TotRec7 (cb847e385ad960d9070737e50aaa0d75) C:\WINDOWS\system32\drivers\TotRec7.sys
11:47:57.0703 0552 TotRec7 - ok
11:47:57.0781 0552 TotRec8 (f7937fc27cbaf6d5e8e05bd36b205012) C:\WINDOWS\system32\drivers\TotRec8.sys
11:47:57.0796 0552 TotRec8 - ok
11:47:57.0812 0552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:47:57.0921 0552 Udfs - ok
11:47:57.0921 0552 ultra - ok
11:47:57.0984 0552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:47:58.0078 0552 Update - ok
11:47:58.0140 0552 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:47:58.0250 0552 usbccgp - ok
11:47:58.0312 0552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:47:58.0421 0552 usbehci - ok
11:47:58.0500 0552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:47:58.0609 0552 usbhub - ok
11:47:58.0625 0552 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:47:58.0718 0552 usbprint - ok
11:47:58.0796 0552 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:47:58.0890 0552 USBSTOR - ok
11:47:58.0984 0552 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:47:59.0078 0552 usbuhci - ok
11:47:59.0093 0552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:47:59.0187 0552 VgaSave - ok
11:47:59.0203 0552 ViaIde - ok
11:47:59.0234 0552 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:47:59.0343 0552 VolSnap - ok
11:47:59.0375 0552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:47:59.0468 0552 Wanarp - ok
11:47:59.0484 0552 WDC_SAM - ok
11:47:59.0484 0552 WDICA - ok
11:47:59.0500 0552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:47:59.0609 0552 wdmaud - ok
11:47:59.0703 0552 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:47:59.0765 0552 WudfPf - ok
11:47:59.0796 0552 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:48:00.0000 0552 \Device\Harddisk0\DR0 - ok
11:48:00.0000 0552 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk1\DR3
11:48:00.0562 0552 \Device\Harddisk1\DR3 - ok
11:48:00.0562 0552 Boot (0x1200) (3032963acac2bf7f4f552f8d9bffb68f) \Device\Harddisk0\DR0\Partition0
11:48:00.0562 0552 \Device\Harddisk0\DR0\Partition0 - ok
11:48:00.0562 0552 Boot (0x1200) (b40f1e4f607421c44f73728d4f424d27) \Device\Harddisk1\DR3\Partition0
11:48:00.0562 0552 \Device\Harddisk1\DR3\Partition0 - ok
11:48:00.0562 0552 ============================================================
11:48:00.0562 0552 Scan finished
11:48:00.0562 0552 ============================================================
11:48:00.0703 3136 Detected object count: 6
11:48:00.0703 3136 Actual detected object count: 6
11:49:09.0609 3136 BrScnUsb ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:09.0609 3136 BrScnUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:09.0609 3136 BrSerIf ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:09.0609 3136 BrSerIf ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:09.0609 3136 BrUsbSer ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:09.0609 3136 BrUsbSer ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:09.0609 3136 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:09.0609 3136 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:09.0609 3136 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:09.0609 3136 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:09.0609 3136 speedfan ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:09.0609 3136 speedfan ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:19.0406 1948 Deinitialize success

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-07 11:51:27
-----------------------------
11:51:27.562 OS Version: Windows 5.1.2600 Service Pack 3
11:51:27.562 Number of processors: 2 586 0xF06
11:51:27.562 ComputerName: DJB7QB1-CDS UserName: cds
11:51:28.078 Initialize success
11:51:28.125 AVAST engine defs: 11120700
11:51:37.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:51:37.640 Disk 0 Vendor: WDC_WD80 10.0 Size: 76293MB BusType: 3
11:51:37.718 Disk 1 \Device\Harddisk1\DR3 -> \Device\Sbp2\WD&My Book&0&0090a9a3_599e8e1e_Instance00
11:51:37.718 Disk 1 Vendor: WD______ 1028 Size: 953869MB BusType: 4
11:51:37.750 Disk 0 MBR read successfully
11:51:37.750 Disk 0 MBR scan
11:51:37.750 Disk 0 Windows XP default MBR code
11:51:37.765 Disk 0 scanning sectors +156232125
11:51:37.843 Disk 0 scanning C:\WINDOWS\system32\drivers
11:51:56.593 Service scanning
11:51:57.500 Modules scanning
11:52:14.906 Disk 0 trace - called modules:
11:52:14.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:52:14.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9e0ab8]
11:52:14.968 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a9f9030]
11:52:15.484 AVAST engine scan C:\WINDOWS
11:52:38.125 AVAST engine scan C:\WINDOWS\system32
11:55:27.218 AVAST engine scan C:\WINDOWS\system32\drivers
11:55:55.203 AVAST engine scan C:\Documents and Settings\cds.DJB7QB1-CDS.000
11:57:35.890 File: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Sun\Java\Deployment\cache\6.0\58\13152fba-49ad1920 **INFECTED** Win32:FakeAlert-BOG [Trj]
12:09:35.796 AVAST engine scan C:\Documents and Settings\All Users
12:12:22.671 Scan finished successfully
12:14:21.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\MBR.dat"
12:14:21.750 The log file has been saved successfully to "C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\aswMBR3.txt"


Vino's Event Viewer v01c run on Windows XP in English
Report run at 07/12/2011 12:34:20 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/12/2011 12:24:12 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The APC Data Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 07/12/2011 12:24:12 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the APC Data Service service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows XP in English
Report run at 07/12/2011 12:35:30 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/12/2011 12:23:00 PM
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance HPWJA is not valid.

Log: 'Application' Date/Time: 07/12/2011 12:20:35 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user DJB7QB1-CDS\cds registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
  • 0

#7
Cstaffa
Posted 07 December 2011 - 11:56 AM

Cstaffa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I used avast on the infected java cache file. Everything looks nominal here. Thank you again.

C
  • 0

#8
RKinner
Posted 07 December 2011 - 03:58 PM

RKinner

    Malware Expert

  • Expert
  • 19,773 posts
  • MVP
APC Data Service is not working so probably causing a 30 second delay in startup. Uninstall APC PowerChute Personal Edition 3.0 (reinstall the latest version if you use it)

Not sure what is going on with SQL. Do you even use it? If not go into Services and change the Startup Type: to Disabled.

IF you use it then try:

Use Regedit to change the value of the key TcpDynamicPorts from 0 to 1433 at the following location:



HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1 \ MSSQLServer \ SuperSocketNetLib \ AdminConnection \ Tcp

This from a long thread on the problem: http://social.msdn.m...4-f1862969d938/

That's about all I see so I think we can clean up now.

We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP