Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TrojanDownloader infection - see my OTL logfile

Started by raftini , Dec 25 2011 09:18 PM

  • Please log in to reply

#1
raftini
Posted 25 December 2011 - 09:18 PM

raftini

    Member

  • Member
  • PipPip
  • 39 posts
Hi, 2 weeks ago we received virus through an email. Windows XP is running slow and the tower sometimes sounds like it's running at high speed. I think there's a Trojan downloader running.

Malwarebytes shows:
Trogan.Agent
Trogan.Zbot.CBCGen

MS Essentails shows:
TrojanDownloader:Win32/Tracur.AH
Virus:Win32/Sierfef.N
VirTool:JS/Obfuscator.CC

Below is my OTL log w / extras

Any help is appreciated.

Thank you

---

OTL logfile created on: 12/25/2011 6:32:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\terra\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 354.55 Mb Available Physical Memory | 34.69% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 28.90 Gb Free Space | 20.03% Space Free | Partition Type: NTFS
Drive G: | 931.48 Gb Total Space | 845.91 Gb Free Space | 90.81% Space Free | Partition Type: NTFS

Computer Name: DFTQDP91 | User Name: terra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/25 18:32:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\terra\My Documents\Downloads\OTL.exe
PRC - [2011/12/25 18:17:40 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\terra\Local Settings\temp\clclean.0001
PRC - [2011/11/12 16:01:39 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/13 09:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe
PRC - [2010/08/25 11:27:26 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/06/30 08:10:14 | 000,477,680 | ---- | M] () -- C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/12/04 11:15:10 | 000,927,984 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) -- C:\WINDOWS\system32\cryptainersrv.exe
PRC - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 19:45:08 | 000,742,400 | ---- | M] (IconRemover.com) -- C:\Program Files\Icon Remover\IconRemover.exe
PRC - [2006/03/20 05:55:06 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2005/09/15 07:47:22 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/03/22 22:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/25 18:17:40 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\terra\Local Settings\temp\clclean.0001.dir.0001\~df394b.tmp
MOD - [2011/11/12 16:01:38 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/11 18:59:54 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/14 15:28:36 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/14 12:57:51 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 12:57:35 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/14 12:56:42 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/10/14 12:56:41 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/14 12:56:40 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/10/14 12:56:39 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/14 12:56:39 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/10/14 12:56:33 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/10/14 12:56:31 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/14 12:56:31 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/14 12:56:29 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/10/14 12:56:27 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/04/04 18:35:52 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/04/04 18:35:51 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/04/04 18:35:50 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/04/04 18:35:50 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/04/04 18:35:46 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/04/04 18:35:46 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/04/04 18:35:46 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/04/04 18:35:46 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/04/04 18:35:46 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/04/04 18:35:46 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/04/04 18:35:45 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/04/04 18:35:45 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/04/04 18:35:45 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/11/21 06:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/09/13 09:02:00 | 003,153,904 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BEngine.dll
MOD - [2010/09/13 09:02:00 | 000,523,248 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\TRREngine.dll
MOD - [2010/09/13 09:02:00 | 000,107,504 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\Logging.dll
MOD - [2010/09/13 09:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe
MOD - [2010/08/25 11:27:26 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe
MOD - [2010/06/30 08:10:14 | 000,477,680 | ---- | M] () -- C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/05 11:43:04 | 000,094,208 | ---- | M] () -- C:\Program Files\Lexmark 1200 Series\ConvDIB.dll
MOD - [2006/01/18 20:33:38 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL
MOD - [2005/05/19 06:54:00 | 001,345,520 | ---- | M] () -- C:\WINDOWS\system32\CTMBHA.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/13 09:02:00 | 000,039,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/16 05:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2010/07/16 05:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2009/12/04 11:15:10 | 000,927,984 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cryptainersrv.exe -- (ssoftservice)
SRV - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2006/03/20 05:55:06 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2011/12/25 18:17:34 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{293E6FEB-1529-4607-A556-27E5D1D5A47E}\MpKsl90ca0740.sys -- (MpKsl90ca0740)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/02/03 19:36:32 | 000,097,784 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssoftnt4.sys -- (ssoftnt4)
DRV - [2009/06/02 00:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009/06/02 00:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009/06/02 00:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2005/08/04 02:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/06 19:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/05/25 20:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
DRV - [2005/03/25 14:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
DRV - [2005/01/10 22:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2005/01/10 22:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2003/11/17 19:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 19:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 19:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {fa8cb1bd-1442-439c-8225-b8b16983d9b7}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\terra\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\terra\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\terra\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\terra\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\terra\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 16:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/02 14:58:14 | 000,000,000 | ---D | M]

[2010/10/06 17:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\terra\Application Data\Mozilla\Extensions
[2011/12/17 18:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\terra\Application Data\Mozilla\Firefox\Profiles\ffuujbci.default\extensions
[2011/12/17 18:08:17 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\terra\Application Data\Mozilla\Firefox\Profiles\ffuujbci.default\extensions\{8d064688-d372-4e0f-b9cc-182bafc22be5}
[2011/11/12 16:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TERRA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FFUUJBCI.DEFAULT\EXTENSIONS\[email protected]
[2011/11/12 16:01:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/02 06:49:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/11 18:35:22 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/11/12 16:01:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 16:01:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\terra\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\terra\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\terra\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/12/17 18:18:24 | 000,438,419 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15104 more lines...
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Icon Remover] C:\Program Files\Icon Remover\IconRemover.exe (IconRemover.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1286416658140 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B1FBF5A-CDDD-43C4-9C8D-0852EDBDB5D8}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\terra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\terra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/25 17:02:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\terra\Recent
[2011/12/25 16:56:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\terra\IECompatCache
[2011/12/25 08:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terra\Desktop\New Folder
[2011/12/24 10:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terra\My Documents\Roxio
[2011/12/24 10:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terra\Desktop\Rkill
[2011/12/19 10:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terra\Desktop\FCP Tutorials
[2011/12/19 08:03:15 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011/12/10 15:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/10 08:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/10 08:18:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/12/09 17:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/09 17:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/09 17:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/03 19:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/05/21 07:27:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\terra\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/25 18:22:35 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/25 18:17:35 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/25 18:17:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/25 18:17:21 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/25 18:09:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/25 18:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/12/25 18:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/12/25 17:49:24 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204218621-3891720269-2823161818-1005UA.job
[2011/12/25 17:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/12/25 17:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/12/25 16:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/12/25 16:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/12/25 15:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/12/25 15:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/12/25 14:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/12/25 14:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/12/25 13:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/12/25 13:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/12/25 12:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/12/25 12:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/12/25 11:54:53 | 000,158,720 | ---- | M] () -- C:\Documents and Settings\terra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/25 11:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/12/25 11:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/12/25 10:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/12/25 10:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/12/25 09:49:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204218621-3891720269-2823161818-1005Core.job
[2011/12/25 09:16:04 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/12/25 09:16:04 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/12/25 09:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/12/25 09:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/12/25 08:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/12/25 08:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/12/25 07:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/12/25 07:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/12/24 22:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/12/24 22:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/12/24 21:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/12/24 21:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/12/24 20:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/12/24 20:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/12/24 19:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/12/24 19:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/12/24 17:54:58 | 005,673,136 | ---- | M] () -- C:\Documents and Settings\terra\Local Settings\Application Data\rx_image32.Cache
[2011/12/24 17:54:58 | 000,172,856 | ---- | M] () -- C:\Documents and Settings\terra\Local Settings\Application Data\rx_audio.Cache
[2011/12/24 10:05:46 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/24 06:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/12/24 06:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/12/24 05:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/12/24 05:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/12/24 04:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/12/24 04:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/12/24 03:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/12/24 03:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/12/24 02:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/12/24 02:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/12/24 01:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/12/24 01:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/12/23 14:05:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/21 09:38:12 | 000,000,316 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2011/12/21 00:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/12/21 00:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/12/20 23:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/12/20 23:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/12/19 09:17:41 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011/12/19 08:28:53 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/12/17 18:18:24 | 000,438,419 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/17 06:34:28 | 000,438,419 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111217-181824.backup
[2011/12/14 14:56:15 | 000,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/12/14 14:56:15 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\04C0844B0A.sys
[2011/12/13 18:42:10 | 000,361,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/11 10:09:48 | 000,438,109 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111217-063428.backup
[2011/12/10 16:02:25 | 000,004,165 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/12/10 15:35:32 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\terra\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/10 13:45:42 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\terra\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011/12/10 08:31:11 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/09 17:57:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/09 17:34:55 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\238Lgl5NB.dat
[2011/12/09 17:34:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\GH1T4XxrF.com.b
[2011/12/09 17:20:00 | 000,012,000 | -HS- | M] () -- C:\Documents and Settings\terra\Local Settings\Application Data\klkseh2u8osn0otj2lxs4a878h7k
[2011/12/09 17:20:00 | 000,012,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\klkseh2u8osn0otj2lxs4a878h7k
[2011/12/06 19:44:12 | 000,031,298 | ---- | M] () -- C:\Documents and Settings\terra\Desktop\how_to_win_friends_and_influence_people.pdf
[2011/11/27 16:32:34 | 000,000,100 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/11/26 15:43:42 | 000,066,155 | ---- | M] () -- C:\Documents and Settings\terra\My Documents\11-26-2011 03;43;42PM.PSD
[2011/11/26 15:41:38 | 000,066,698 | ---- | M] () -- C:\Documents and Settings\terra\My Documents\11-26-2011 03;41;37PM.PSD
[2011/11/26 15:36:11 | 005,302,266 | ---- | M] () -- C:\Documents and Settings\terra\My Documents\11-26-2011 03;36;11PM.PSD
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/24 10:41:24 | 000,172,856 | ---- | C] () -- C:\Documents and Settings\terra\Local Settings\Application Data\rx_audio.Cache
[2011/12/19 20:29:50 | 070,356,731 | ---- | C] () -- C:\Documents and Settings\terra\Desktop\VID00002.MP4
[2011/12/19 20:29:45 | 114,201,721 | ---- | C] () -- C:\Documents and Settings\terra\Desktop\VID00001.MP4
[2011/12/19 20:29:44 | 033,534,118 | ---- | C] () -- C:\Documents and Settings\terra\Desktop\VID00003.MP4
[2011/12/19 09:16:13 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/10 15:35:32 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\terra\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/10 13:45:42 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\terra\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011/12/10 08:36:01 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/10 08:30:51 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/09 17:57:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/09 17:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\GH1T4XxrF.com.b
[2011/12/09 17:32:59 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\238Lgl5NB.dat
[2011/12/09 17:32:57 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2011/12/09 17:32:57 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2011/12/09 17:32:57 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2011/12/09 17:32:57 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2011/12/09 17:32:56 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2011/12/09 17:32:56 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2011/12/09 17:32:56 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2011/12/09 17:32:56 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2011/12/09 17:32:56 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2011/12/09 17:32:56 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2011/12/09 17:32:56 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2011/12/09 17:32:56 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2011/12/09 17:32:56 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2011/12/09 17:32:56 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2011/12/09 17:32:56 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2011/12/09 17:32:56 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2011/12/09 17:32:56 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2011/12/09 17:32:56 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2011/12/09 17:32:56 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2011/12/09 17:32:56 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2011/12/09 17:32:55 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2011/12/09 17:32:55 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2011/12/09 17:32:55 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/12/09 17:32:55 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/12/09 17:32:55 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/12/09 17:32:55 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/12/09 17:32:55 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/12/09 17:32:55 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/12/09 17:32:55 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/12/09 17:32:55 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2011/12/09 17:32:55 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2011/12/09 17:32:55 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/12/09 17:32:55 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/12/09 17:32:55 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/12/09 17:32:55 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/12/09 17:32:55 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/12/09 17:32:55 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/12/09 17:32:54 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/12/09 17:32:54 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/12/09 17:32:54 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/12/09 17:32:54 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/12/09 17:32:54 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/12/09 17:32:54 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/12/09 17:32:54 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/12/09 17:32:54 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/12/09 17:32:54 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/12/09 17:32:54 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/12/09 17:32:54 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/12/09 17:20:02 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/09 05:45:17 | 000,012,000 | -HS- | C] () -- C:\Documents and Settings\terra\Local Settings\Application Data\klkseh2u8osn0otj2lxs4a878h7k
[2011/12/09 05:45:17 | 000,012,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\klkseh2u8osn0otj2lxs4a878h7k
[2011/12/06 19:44:42 | 000,031,298 | ---- | C] () -- C:\Documents and Settings\terra\Desktop\how_to_win_friends_and_influence_people.pdf
[2011/11/26 15:43:42 | 000,066,155 | ---- | C] () -- C:\Documents and Settings\terra\My Documents\11-26-2011 03;43;42PM.PSD
[2011/11/26 15:41:37 | 000,066,698 | ---- | C] () -- C:\Documents and Settings\terra\My Documents\11-26-2011 03;41;37PM.PSD
[2011/11/26 15:36:11 | 005,302,266 | ---- | C] () -- C:\Documents and Settings\terra\My Documents\11-26-2011 03;36;11PM.PSD
[2011/11/21 15:04:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/18 08:26:58 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\terra\Application Data\PFP120JPR.{PB
[2011/10/18 08:26:58 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\terra\Application Data\PFP120JCM.{PB
[2011/10/18 08:26:47 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/10/18 08:26:47 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\04C0844B0A.sys
[2011/09/03 14:18:01 | 005,673,136 | ---- | C] () -- C:\Documents and Settings\terra\Local Settings\Application Data\rx_image32.Cache
[2011/05/21 07:27:23 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\terra\Application Data\inst.exe
[2011/05/21 07:27:23 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\terra\Application Data\pcouffin.cat
[2011/05/21 07:27:22 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\terra\Application Data\pcouffin.inf
[2011/05/14 21:54:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/04 20:51:39 | 006,602,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/26 09:34:55 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/27 06:50:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/02/12 09:52:22 | 000,006,147 | ---- | C] () -- C:\WINDOWS\PCLICSB.DAT
[2011/02/12 09:52:22 | 000,000,258 | RH-- | C] () -- C:\WINDOWS\System32\LMF.DAT
[2011/01/08 11:02:18 | 000,000,990 | -HS- | C] () -- C:\Documents and Settings\terra\Application Data\systemfl.$dk
[2010/10/09 21:54:25 | 000,158,720 | ---- | C] () -- C:\Documents and Settings\terra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/06 18:42:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2010/10/06 17:13:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/10/06 17:09:18 | 000,000,316 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/10/06 17:09:17 | 000,000,100 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/10/06 16:29:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\terra\Local Settings\Application Data\fusioncache.dat
[2008/01/15 04:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/04/27 08:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2006/04/17 09:45:38 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\LEXPING.EXE
[2006/03/20 06:11:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/20 06:07:15 | 000,004,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/20 06:03:52 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/03/20 05:59:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/03/20 05:55:33 | 000,005,811 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/03/20 05:31:34 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
[2006/03/20 05:31:34 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/03/20 05:31:18 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/03/20 05:31:18 | 000,102,400 | ---- | C] () -- C:\WINDOWS\SETLANG.EXE
[2006/03/20 05:30:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/03/20 05:30:54 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/20 05:30:24 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/30 04:42:22 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2005/08/16 02:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 02:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 02:27:59 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 02:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 02:18:33 | 000,442,894 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 02:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 02:18:33 | 000,072,160 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 02:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 02:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 02:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 02:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 02:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 02:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 02:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 02:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 12:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2002/11/12 23:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2001/01/18 23:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE

========== LOP Check ==========

[2011/11/20 19:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artweaver
[2011/11/20 19:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artweaver Free
[2011/02/19 10:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bible Analyzer
[2005/08/16 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/03/26 09:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/15 22:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2011/05/28 07:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2011/09/03 13:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
[2011/10/20 18:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/07 19:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/05/21 21:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/09/03 13:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2006/03/20 06:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/06/13 16:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/03/29 16:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/12/09 18:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Add-in Express
[2011/11/20 19:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Artweaver Free
[2011/02/20 06:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Bible Analyzer
[2011/10/22 11:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/14 07:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\FileZilla
[2010/10/09 06:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Foxit
[2010/10/09 06:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Foxit Software
[2011/05/21 06:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\HandBrake
[2011/04/01 23:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Icon Remover
[2010/10/28 16:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Leadertech
[2011/07/15 22:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\MAGIX
[2011/03/23 19:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Notepad++
[2011/05/28 06:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Photodex
[2011/05/21 21:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Publish Providers
[2011/09/03 13:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Simple Star
[2011/05/23 17:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Sony
[2011/09/23 16:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\StreamTorrent
[2011/07/24 19:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\SynthMaker
[2011/12/25 18:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\uTorrent
[2011/11/27 19:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Vso
[2011/12/21 00:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/12/24 04:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/12/24 05:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/12/24 05:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/12/24 06:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/12/24 06:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/12/25 07:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/12/25 07:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/12/25 08:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/12/25 08:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/12/25 09:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/12/21 00:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/12/25 09:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/12/25 10:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/12/25 10:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/12/25 11:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/12/25 11:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/12/25 12:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/12/25 12:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/12/25 13:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/12/25 13:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2011/12/25 14:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/12/24 01:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/12/25 14:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/12/25 15:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/12/25 15:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/12/25 16:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/12/25 16:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/12/25 17:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/12/25 17:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/12/25 18:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/12/25 18:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/12/24 19:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/12/24 01:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/12/24 19:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/12/24 20:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/12/24 20:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/12/24 21:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/12/24 21:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/12/24 22:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/12/24 22:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/12/20 23:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/12/20 23:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/12/24 02:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/12/24 02:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/12/24 03:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/12/24 03:09:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/12/24 04:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011/12/25 18:22:35 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 12/25/2011 6:32:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\terra\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 354.55 Mb Available Physical Memory | 34.69% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 28.90 Gb Free Space | 20.03% Space Free | Partition Type: NTFS
Drive G: | 931.48 Gb Total Space | 845.91 Gb Free Space | 90.81% Space Free | Partition Type: NTFS

Computer Name: DFTQDP91 | User Name: terra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Documents and Settings\terra\My Documents\Downloads\Roxio Creator 2011 Pro Multilingual ISO+SP1\Roxio Creator 2011 Pro Multilingual\setup.exe" = C:\Documents and Settings\terra\My Documents\Downloads\Roxio Creator 2011 Pro Multilingual ISO+SP1\Roxio Creator 2011 Pro Multilingual\setup.exe:*:Enabled:Roxio Streamer Discovery Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Documents and Settings\terra\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\terra\My Documents\Downloads\Roxio Creator 2011 Pro Multilingual ISO+SP1\Roxio Creator 2011 Pro Multilingual\setup.exe" = C:\Documents and Settings\terra\My Documents\Downloads\Roxio Creator 2011 Pro Multilingual ISO+SP1\Roxio Creator 2011 Pro Multilingual\setup.exe:*:Enabled:Roxio Streamer Discovery Service
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Disabled:StreamTorrent Media Player


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011 Pro
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CDA026-3860-4C95-8233-34F3CEF121FB}" = Roxio Creator 2011 Pro
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{8E436940-A944-4D67-A45B-1876E23BB9C0}" = e-Sword
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5F1282-D6F8-4F04-B73E-D9286924E9AC}" = Roxio Creator 2011 Pro
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BD3EAE4D-862D-4D41-8BB5-F5C2CFFE6022}" = Roxio BackOnTrackPE
"{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}" = Roxio CinePlayer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BibleAnalyzer4" = Bible Analyzer 4.0
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.2.0
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"Edirol Super Quartet v1.52 TALiO" = Edirol Super Quartet v1.52 TALiO
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"FileZilla Client" = FileZilla Client 3.3.5.1
"FL Studio 10" = FL Studio 10
"Foxit Reader" = Foxit Reader
"Icon Remover_is1" = Icon Remover 1.4
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSNINST" = MSN
"Photo Viewer" = Photo Viewer 2.4
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"TurboTax 2010" = TurboTax 2010
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinISO_is1" = WinISO 5.3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/19/2011 2:40:37 PM | Computer Name = DFTQDP91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/19/2011 7:02:32 PM | Computer Name = DFTQDP91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/20/2011 10:32:02 AM | Computer Name = DFTQDP91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/21/2011 3:12:53 AM | Computer Name = DFTQDP91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/21/2011 11:26:03 AM | Computer Name = DFTQDP91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/23/2011 6:15:22 PM | Computer Name = DFTQDP91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/25/2011 11:01:03 AM | Computer Name = DFTQDP91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/25/2011 9:28:07 PM | Computer Name = DFTQDP91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 12/25/2011 10:00:25 PM | Computer Name = DFTQDP91 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 12/25/2011 10:27:42 PM | Computer Name = DFTQDP91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 12/25/2011 9:09:00 PM | Computer Name = DFTQDP91 | Source = Schedule | ID = 7901
Description = The At35.job command failed to start due to the following error: %%2147942402

Error - 12/25/2011 9:09:00 PM | Computer Name = DFTQDP91 | Source = Schedule | ID = 7901
Description = The At36.job command failed to start due to the following error: %%2147942402

Error - 12/25/2011 10:00:20 PM | Computer Name = DFTQDP91 | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147652496

Name:
Virus:Win32/Sirefef.N ID: 2147652496 Severity: Severe Category: Virus Path: file:_C:\System
Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP55\A0004529.sys

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: DFTQDP91\terra Process
Name: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Action: %%810 Action Status:
To see how to finish removing malware and other potentially unwanted software,
see the support article on the Microsoft Security website. Error Code: 0x800704ec

Error
description: Windows cannot open this program because it has been prevented by
a software restriction policy. For more information, open Event Viewer or contact
your system administrator. Signature Version: AV: 1.117.1674.0, AS: 1.117.1674.0,
NIS: 0.0.0.0 Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0

Error - 12/25/2011 10:00:20 PM | Computer Name = DFTQDP91 | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147652496

Name:
Virus:Win32/Sirefef.N ID: 2147652496 Severity: Severe Category: Virus Path: file:_C:\System
Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP55\A0004517.sys

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: DFTQDP91\terra Process
Name: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Action: %%810 Action Status:
To see how to finish removing malware and other potentially unwanted software,
see the support article on the Microsoft Security website. Error Code: 0x800704ec

Error
description: Windows cannot open this program because it has been prevented by
a software restriction policy. For more information, open Event Viewer or contact
your system administrator. Signature Version: AV: 1.117.1674.0, AS: 1.117.1674.0,
NIS: 0.0.0.0 Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0

Error - 12/25/2011 10:00:20 PM | Computer Name = DFTQDP91 | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147652496

Name:
Virus:Win32/Sirefef.N ID: 2147652496 Severity: Severe Category: Virus Path: file:_C:\System
Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP55\A0004500.sys

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: DFTQDP91\terra Process
Name: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Action: %%810 Action Status:
To see how to finish removing malware and other potentially unwanted software,
see the support article on the Microsoft Security website. Error Code: 0x800704ec

Error
description: Windows cannot open this program because it has been prevented by
a software restriction policy. For more information, open Event Viewer or contact
your system administrator. Signature Version: AV: 1.117.1674.0, AS: 1.117.1674.0,
NIS: 0.0.0.0 Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0

Error - 12/25/2011 10:00:20 PM | Computer Name = DFTQDP91 | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147652496

Name:
Virus:Win32/Sirefef.N ID: 2147652496 Severity: Severe Category: Virus Path: file:_C:\System
Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP54\A0004484.sys

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: DFTQDP91\terra Process
Name: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Action: %%810 Action Status:
To see how to finish removing malware and other potentially unwanted software,
see the support article on the Microsoft Security website. Error Code: 0x800704ec

Error
description: Windows cannot open this program because it has been prevented by
a software restriction policy. For more information, open Event Viewer or contact
your system administrator. Signature Version: AV: 1.117.1674.0, AS: 1.117.1674.0,
NIS: 0.0.0.0 Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0

Error - 12/25/2011 10:09:00 PM | Computer Name = DFTQDP91 | Source = Schedule | ID = 7901
Description = The At37.job command failed to start due to the following error: %%2147942402

Error - 12/25/2011 10:09:00 PM | Computer Name = DFTQDP91 | Source = Schedule | ID = 7901
Description = The At38.job command failed to start due to the following error: %%2147942402

Error - 12/25/2011 10:19:02 PM | Computer Name = DFTQDP91 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
12 service to connect.

Error - 12/25/2011 10:27:38 PM | Computer Name = DFTQDP91 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1674.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 25 December 2011 - 10:47 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Start, All PRograms, Accessories, Command Prompt. Type with an Enter after each line:

cd  \windows\tasks
del  at*.job

This should remove all of the malware tasks that may want to reinstall the malware when we remove it.



Combofix:
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

ComboFix will probably work better and faster in Safe Mode with Networking:
Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login. You can try it in regular mode if you like.


Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.


Run OTL, Quickscan and post the log.

Ron
  • 0

#3
raftini
Posted 26 December 2011 - 05:47 PM

raftini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi Ron, and Thank you. Here are the requested logs. (FYI Malwarebytes quick scan found nothing)

ComboFix 11-12-26.03 - terra 12/26/2011 15:06:57.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.599 [GMT -8:00]
Running from: c:\documents and settings\terra\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3ikz9yqx.default\extensions\{8d064688-d372-4e0f-b9cc-182bafc22be5}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3ikz9yqx.default\extensions\{8d064688-d372-4e0f-b9cc-182bafc22be5}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3ikz9yqx.default\extensions\{8d064688-d372-4e0f-b9cc-182bafc22be5}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3ikz9yqx.default\extensions\{8d064688-d372-4e0f-b9cc-182bafc22be5}\install.rdf
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\terra\Application Data\inst.exe
c:\documents and settings\terra\Application Data\Mozilla\Firefox\Profiles\ffuujbci.default\extensions\{8d064688-d372-4e0f-b9cc-182bafc22be5}
c:\documents and settings\terra\Application Data\Mozilla\Firefox\Profiles\ffuujbci.default\extensions\{8d064688-d372-4e0f-b9cc-182bafc22be5}\chrome.manifest
c:\documents and settings\terra\Application Data\Mozilla\Firefox\Profiles\ffuujbci.default\extensions\{8d064688-d372-4e0f-b9cc-182bafc22be5}\chrome\xulcache.jar
c:\documents and settings\terra\Application Data\Mozilla\Firefox\Profiles\ffuujbci.default\extensions\{8d064688-d372-4e0f-b9cc-182bafc22be5}\install.rdf
c:\windows\$NtUninstallKB43108$
c:\windows\$NtUninstallKB43108$\2896757965\@
c:\windows\$NtUninstallKB43108$\2896757965\bckfg.tmp
c:\windows\$NtUninstallKB43108$\2896757965\cfg.ini
c:\windows\$NtUninstallKB43108$\2896757965\Desktop.ini
c:\windows\$NtUninstallKB43108$\2896757965\keywords
c:\windows\$NtUninstallKB43108$\2896757965\kwrd.dll
c:\windows\$NtUninstallKB43108$\2896757965\L\pdmzmplg
c:\windows\$NtUninstallKB43108$\2896757965\lsflt7.ver
c:\windows\$NtUninstallKB43108$\2896757965\U\00000001.@
c:\windows\$NtUninstallKB43108$\2896757965\U\00000002.@
c:\windows\$NtUninstallKB43108$\2896757965\U\00000004.@
c:\windows\$NtUninstallKB43108$\2896757965\U\80000000.@
c:\windows\$NtUninstallKB43108$\2896757965\U\80000004.@
c:\windows\$NtUninstallKB43108$\2896757965\U\80000032.@
c:\windows\$NtUninstallKB43108$\994440629
c:\windows\kb913800.exe
.
Infected copy of c:\windows\system32\drivers\mqac.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))
.
.
2011-12-26 23:17 . 2011-12-26 23:17 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{293E6FEB-1529-4607-A556-27E5D1D5A47E}\offreg.dll
2011-12-26 00:56 . 2011-12-26 00:56 -------- d-sh--w- c:\documents and settings\terra\IECompatCache
2011-12-23 22:15 . 2011-11-30 10:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{293E6FEB-1529-4607-A556-27E5D1D5A47E}\mpengine.dll
2011-12-19 16:03 . 2011-12-19 17:17 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2011-12-11 00:13 . 2011-11-30 10:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-10 16:30 . 2011-12-10 16:31 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-10 16:18 . 2011-12-10 16:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-12-10 02:02 . 2011-12-10 02:02 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-10 01:20 . 2011-12-24 18:05 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-04 03:10 . 2011-12-04 03:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 16:28 . 2011-03-26 17:34 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-10 14:57 . 2005-08-16 10:18 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-23 13:25 . 2005-08-16 10:18 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 22:29 . 2010-10-09 04:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-12 02:59 . 2011-05-28 14:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2005-08-16 10:18 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2005-08-16 10:18 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2005-08-16 10:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-08-16 10:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 04:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-15 01:38 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2005-08-16 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2005-08-16 10:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-11-13 00:01 . 2011-03-24 00:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Icon Remover"="c:\program files\Icon Remover\IconRemover.exe" [2008-03-26 742400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184]
"Desktop Disc Tool"="c:\program files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2010-06-30 477680]
"CPMonitor"="c:\program files\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-20 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-03 00:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2006-02-23 01:00 49152 ----a-w- c:\dell\E-Center\GTB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-09 15:00 136176 ----atw- c:\documents and settings\terra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 12:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
2006-07-13 05:22 57344 ----a-w- c:\program files\Lexmark 1200 Series\lxczbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-13 01:05 1117184 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-03-20 14:00 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2004-12-22 23:40 24576 ----a-w- c:\windows\MIDIDEF.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-10-10 05:18 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2005-09-19 13:42 1159168 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\terra\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [9/3/2011 1:43 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [9/3/2011 1:43 PM 15856]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [9/3/2011 1:43 PM 25584]
R1 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [1/9/2011 10:56 AM 97784]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\App\SaibSVC.exe [6/2/2009 6:05 PM 457200]
R2 BOT4Service;BOT4Service;c:\program files\Roxio\BackOnTrack\App\BService.exe [8/30/2010 7:14 PM 39408]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/26/2011 5:23 AM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/26/2011 5:23 AM 22216]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/21/2011 7:27 AM 47360]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [4/1/2011 11:05 PM 11520]
S1 MpKslc7262cdd;MpKslc7262cdd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E1BAEEF-4127-4665-B377-11183AF18007}\MpKslc7262cdd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E1BAEEF-4127-4665-B377-11183AF18007}\MpKslc7262cdd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/5/2010 7:33 AM 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [7/16/2010 5:48 AM 354288]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/5/2010 7:33 AM 136176]
S3 RoxMediaDB13;RoxMediaDB13;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [7/16/2010 5:48 AM 1099248]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 15:33]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 15:33]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204218621-3891720269-2823161818-1005Core.job
- c:\documents and settings\terra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-09 15:00]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204218621-3891720269-2823161818-1005UA.job
- c:\documents and settings\terra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-09 15:00]
.
2011-12-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 23:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\terra\Application Data\Mozilla\Firefox\Profiles\ffuujbci.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-92542743.sys
MSConfigStartUp-DMXLauncher - c:\program files\Dell\Media Experience\DMXLauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-26 15:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2692)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\stsystra.exe
c:\windows\system32\Rundll32.exe
c:\docume~1\terra\LOCALS~1\Temp\clclean.0001
c:\windows\system32\cryptainersrv.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-12-26 15:23:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-26 23:23
.
Pre-Run: 30,770,683,904 bytes free
Post-Run: 31,306,616,832 bytes free
.
- - End Of File - - 197510489CB3592D30674848828EDA53

15:26:44.0640 4048 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
15:26:45.0093 4048 ============================================================
15:26:45.0093 4048 Current date / time: 2011/12/26 15:26:45.0093
15:26:45.0093 4048 SystemInfo:
15:26:45.0093 4048
15:26:45.0093 4048 OS Version: 5.1.2600 ServicePack: 3.0
15:26:45.0093 4048 Product type: Workstation
15:26:45.0093 4048 ComputerName: DFTQDP91
15:26:45.0093 4048 UserName: terra
15:26:45.0093 4048 Windows directory: C:\WINDOWS
15:26:45.0093 4048 System windows directory: C:\WINDOWS
15:26:45.0093 4048 Processor architecture: Intel x86
15:26:45.0093 4048 Number of processors: 2
15:26:45.0093 4048 Page size: 0x1000
15:26:45.0093 4048 Boot type: Normal boot
15:26:45.0093 4048 ============================================================
15:26:45.0718 4048 Initialize success
15:26:47.0984 3164 ============================================================
15:26:47.0984 3164 Scan started
15:26:47.0984 3164 Mode: Manual;
15:26:47.0984 3164 ============================================================
15:26:48.0656 3164 Scan interrupted by user!
15:26:48.0656 3164 Scan interrupted by user!
15:26:48.0656 3164 Scan interrupted by user!
15:26:48.0656 3164 ============================================================
15:26:48.0656 3164 Scan finished
15:26:48.0656 3164 ============================================================
15:26:48.0687 2620 Detected object count: 0
15:26:48.0687 2620 Actual detected object count: 0
15:26:55.0109 3504 ============================================================
15:26:55.0109 3504 Scan started
15:26:55.0109 3504 Mode: Manual;
15:26:55.0109 3504 ============================================================
15:26:55.0421 3504 Abiosdsk - ok
15:26:55.0453 3504 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:26:55.0453 3504 abp480n5 - ok
15:26:55.0500 3504 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:26:55.0500 3504 ACPI - ok
15:26:55.0546 3504 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:26:55.0546 3504 ACPIEC - ok
15:26:55.0578 3504 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:26:55.0578 3504 adpu160m - ok
15:26:55.0625 3504 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:26:55.0625 3504 aec - ok
15:26:55.0703 3504 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:26:55.0703 3504 AFD - ok
15:26:55.0734 3504 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:26:55.0734 3504 agp440 - ok
15:26:55.0750 3504 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:26:55.0750 3504 agpCPQ - ok
15:26:55.0781 3504 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:26:55.0781 3504 Aha154x - ok
15:26:55.0796 3504 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:26:55.0796 3504 aic78u2 - ok
15:26:55.0828 3504 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:26:55.0828 3504 aic78xx - ok
15:26:55.0843 3504 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:26:55.0843 3504 AliIde - ok
15:26:55.0875 3504 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:26:55.0875 3504 alim1541 - ok
15:26:55.0890 3504 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:26:55.0890 3504 amdagp - ok
15:26:55.0906 3504 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:26:55.0906 3504 amsint - ok
15:26:55.0921 3504 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:26:55.0921 3504 asc - ok
15:26:55.0937 3504 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:26:55.0937 3504 asc3350p - ok
15:26:55.0953 3504 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:26:55.0953 3504 asc3550 - ok
15:26:55.0984 3504 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:26:56.0000 3504 AsyncMac - ok
15:26:56.0031 3504 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:26:56.0031 3504 atapi - ok
15:26:56.0031 3504 Atdisk - ok
15:26:56.0125 3504 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:26:56.0171 3504 ati2mtag - ok
15:26:56.0203 3504 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:26:56.0203 3504 Atmarpc - ok
15:26:56.0234 3504 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:26:56.0234 3504 audstub - ok
15:26:56.0281 3504 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:26:56.0281 3504 Beep - ok
15:26:56.0296 3504 bvrp_pci - ok
15:26:56.0296 3504 catchme - ok
15:26:56.0328 3504 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:26:56.0328 3504 cbidf - ok
15:26:56.0343 3504 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:26:56.0343 3504 cbidf2k - ok
15:26:56.0343 3504 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:26:56.0343 3504 cd20xrnt - ok
15:26:56.0359 3504 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:26:56.0359 3504 Cdaudio - ok
15:26:56.0406 3504 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:26:56.0406 3504 Cdfs - ok
15:26:56.0421 3504 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:26:56.0421 3504 Cdrom - ok
15:26:56.0437 3504 Changer - ok
15:26:56.0484 3504 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:26:56.0484 3504 CmdIde - ok
15:26:56.0500 3504 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:26:56.0500 3504 Cpqarray - ok
15:26:56.0546 3504 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
15:26:56.0546 3504 ctsfm2k - ok
15:26:56.0562 3504 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
15:26:56.0578 3504 CTUSFSYN - ok
15:26:56.0578 3504 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:26:56.0578 3504 dac2w2k - ok
15:26:56.0593 3504 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:26:56.0593 3504 dac960nt - ok
15:26:56.0640 3504 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:26:56.0640 3504 Disk - ok
15:26:56.0703 3504 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:26:56.0734 3504 dmboot - ok
15:26:56.0734 3504 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:26:56.0750 3504 dmio - ok
15:26:56.0765 3504 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:26:56.0765 3504 dmload - ok
15:26:56.0796 3504 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:26:56.0796 3504 DMusic - ok
15:26:56.0843 3504 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:26:56.0843 3504 dpti2o - ok
15:26:56.0843 3504 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:26:56.0843 3504 drmkaud - ok
15:26:56.0875 3504 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:26:56.0875 3504 E100B - ok
15:26:56.0921 3504 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:26:56.0921 3504 Fastfat - ok
15:26:56.0953 3504 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:26:56.0953 3504 Fdc - ok
15:26:56.0984 3504 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:26:56.0984 3504 Fips - ok
15:26:57.0000 3504 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:26:57.0015 3504 Flpydisk - ok
15:26:57.0109 3504 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:26:57.0140 3504 FltMgr - ok
15:26:57.0234 3504 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:26:57.0234 3504 Fs_Rec - ok
15:26:57.0281 3504 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:26:57.0281 3504 Ftdisk - ok
15:26:57.0328 3504 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:26:57.0343 3504 Gpc - ok
15:26:57.0390 3504 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:26:57.0390 3504 HDAudBus - ok
15:26:57.0406 3504 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:26:57.0406 3504 HidUsb - ok
15:26:57.0453 3504 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:26:57.0453 3504 hpn - ok
15:26:57.0468 3504 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
15:26:57.0468 3504 HSFHWBS2 - ok
15:26:57.0531 3504 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
15:26:57.0562 3504 HSF_DP - ok
15:26:57.0625 3504 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:26:57.0640 3504 HTTP - ok
15:26:57.0687 3504 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:26:57.0687 3504 i2omgmt - ok
15:26:57.0718 3504 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:26:57.0718 3504 i2omp - ok
15:26:57.0734 3504 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:26:57.0734 3504 i8042prt - ok
15:26:57.0750 3504 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:26:57.0765 3504 Imapi - ok
15:26:57.0796 3504 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:26:57.0796 3504 ini910u - ok
15:26:57.0843 3504 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:26:57.0843 3504 IntelIde - ok
15:26:57.0875 3504 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:26:57.0875 3504 intelppm - ok
15:26:57.0906 3504 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:26:57.0906 3504 Ip6Fw - ok
15:26:57.0937 3504 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:26:57.0937 3504 IpFilterDriver - ok
15:26:57.0968 3504 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:26:57.0968 3504 IpInIp - ok
15:26:58.0000 3504 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:26:58.0000 3504 IpNat - ok
15:26:58.0015 3504 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:26:58.0015 3504 IPSec - ok
15:26:58.0046 3504 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:26:58.0046 3504 IRENUM - ok
15:26:58.0078 3504 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:26:58.0078 3504 isapnp - ok
15:26:58.0093 3504 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:26:58.0093 3504 Kbdclass - ok
15:26:58.0109 3504 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:26:58.0109 3504 kbdhid - ok
15:26:58.0140 3504 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:26:58.0140 3504 kmixer - ok
15:26:58.0156 3504 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:26:58.0156 3504 KSecDD - ok
15:26:58.0171 3504 lbrtfdc - ok
15:26:58.0203 3504 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
15:26:58.0203 3504 MBAMProtector - ok
15:26:58.0250 3504 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:26:58.0250 3504 mdmxsdk - ok
15:26:58.0281 3504 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:26:58.0281 3504 MHNDRV - ok
15:26:58.0312 3504 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:26:58.0312 3504 mnmdd - ok
15:26:58.0359 3504 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:26:58.0359 3504 Modem - ok
15:26:58.0359 3504 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:26:58.0375 3504 MODEMCSA - ok
15:26:58.0375 3504 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:26:58.0375 3504 Mouclass - ok
15:26:58.0421 3504 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:26:58.0421 3504 mouhid - ok
15:26:58.0437 3504 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:26:58.0437 3504 MountMgr - ok
15:26:58.0468 3504 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:26:58.0468 3504 MpFilter - ok
15:26:58.0609 3504 MpKslc7262cdd - ok
15:26:58.0640 3504 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:26:58.0640 3504 mraid35x - ok
15:26:58.0656 3504 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:26:58.0656 3504 MRxDAV - ok
15:26:58.0703 3504 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:26:58.0703 3504 MRxSmb - ok
15:26:58.0765 3504 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:26:58.0765 3504 Msfs - ok
15:26:58.0796 3504 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:26:58.0796 3504 MSKSSRV - ok
15:26:58.0843 3504 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:26:58.0843 3504 MSPCLOCK - ok
15:26:58.0859 3504 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:26:58.0859 3504 MSPQM - ok
15:26:58.0906 3504 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:26:58.0906 3504 mssmbios - ok
15:26:58.0937 3504 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:26:58.0937 3504 Mup - ok
15:26:58.0968 3504 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:26:58.0968 3504 NDIS - ok
15:26:59.0015 3504 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:26:59.0031 3504 NdisTapi - ok
15:26:59.0046 3504 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:26:59.0046 3504 Ndisuio - ok
15:26:59.0046 3504 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:26:59.0062 3504 NdisWan - ok
15:26:59.0109 3504 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:26:59.0109 3504 NDProxy - ok
15:26:59.0125 3504 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:26:59.0125 3504 NetBIOS - ok
15:26:59.0171 3504 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:26:59.0171 3504 NetBT - ok
15:26:59.0187 3504 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:26:59.0203 3504 Npfs - ok
15:26:59.0343 3504 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:26:59.0343 3504 Ntfs - ok
15:26:59.0375 3504 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:26:59.0375 3504 Null - ok
15:26:59.0671 3504 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:26:59.0734 3504 nv - ok
15:26:59.0765 3504 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:26:59.0765 3504 NwlnkFlt - ok
15:26:59.0765 3504 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:26:59.0781 3504 NwlnkFwd - ok
15:26:59.0812 3504 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
15:26:59.0812 3504 ossrv - ok
15:26:59.0843 3504 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:26:59.0843 3504 Parport - ok
15:26:59.0875 3504 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:26:59.0875 3504 PartMgr - ok
15:26:59.0906 3504 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:26:59.0906 3504 ParVdm - ok
15:26:59.0921 3504 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:26:59.0921 3504 PCI - ok
15:26:59.0921 3504 PCIDump - ok
15:26:59.0937 3504 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:26:59.0937 3504 PCIIde - ok
15:26:59.0968 3504 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:26:59.0968 3504 Pcmcia - ok
15:27:00.0000 3504 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
15:27:00.0000 3504 pcouffin - ok
15:27:00.0015 3504 PDCOMP - ok
15:27:00.0015 3504 PDFRAME - ok
15:27:00.0031 3504 PDRELI - ok
15:27:00.0031 3504 PDRFRAME - ok
15:27:00.0062 3504 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:27:00.0062 3504 perc2 - ok
15:27:00.0078 3504 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:27:00.0093 3504 perc2hib - ok
15:27:00.0140 3504 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:27:00.0140 3504 PptpMiniport - ok
15:27:00.0156 3504 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:27:00.0156 3504 PSched - ok
15:27:00.0156 3504 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:27:00.0156 3504 Ptilink - ok
15:27:00.0203 3504 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:27:00.0203 3504 PxHelp20 - ok
15:27:00.0234 3504 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:27:00.0234 3504 ql1080 - ok
15:27:00.0250 3504 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:27:00.0250 3504 Ql10wnt - ok
15:27:00.0265 3504 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:27:00.0265 3504 ql12160 - ok
15:27:00.0265 3504 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:27:00.0281 3504 ql1240 - ok
15:27:00.0281 3504 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:27:00.0281 3504 ql1280 - ok
15:27:00.0312 3504 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:27:00.0312 3504 RasAcd - ok
15:27:00.0359 3504 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:27:00.0375 3504 Rasl2tp - ok
15:27:00.0375 3504 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:27:00.0375 3504 RasPppoe - ok
15:27:00.0390 3504 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:27:00.0390 3504 Raspti - ok
15:27:00.0437 3504 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:27:00.0437 3504 Rdbss - ok
15:27:00.0453 3504 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:27:00.0453 3504 RDPCDD - ok
15:27:00.0468 3504 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:27:00.0468 3504 rdpdr - ok
15:27:00.0515 3504 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:27:00.0515 3504 RDPWD - ok
15:27:00.0531 3504 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:27:00.0531 3504 redbook - ok
15:27:00.0578 3504 SahdIa32 (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\WINDOWS\system32\Drivers\SahdIa32.sys
15:27:00.0578 3504 SahdIa32 - ok
15:27:00.0609 3504 SaibIa32 (7a5f65b16249af2bc9d18d815f5d7172) C:\WINDOWS\system32\Drivers\SaibIa32.sys
15:27:00.0609 3504 SaibIa32 - ok
15:27:00.0640 3504 SaibVd32 (e333c9515822de586a3ff759a0c9b7bf) C:\WINDOWS\system32\Drivers\SaibVd32.sys
15:27:00.0640 3504 SaibVd32 - ok
15:27:00.0703 3504 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:27:00.0703 3504 Secdrv - ok
15:27:00.0750 3504 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:27:00.0750 3504 serenum - ok
15:27:00.0765 3504 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:27:00.0781 3504 Serial - ok
15:27:00.0796 3504 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:27:00.0796 3504 Sfloppy - ok
15:27:00.0890 3504 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys
15:27:00.0921 3504 sigfilt - ok
15:27:00.0937 3504 Simbad - ok
15:27:00.0984 3504 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:27:00.0984 3504 sisagp - ok
15:27:01.0015 3504 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:27:01.0015 3504 Sparrow - ok
15:27:01.0031 3504 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:27:01.0031 3504 splitter - ok
15:27:01.0062 3504 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:27:01.0062 3504 sr - ok
15:27:01.0109 3504 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:27:01.0109 3504 Srv - ok
15:27:01.0140 3504 ssoftnt4 (a5752dba91e5f5da68a7697a07260a7a) C:\WINDOWS\system32\Drivers\ssoftnt4.sys
15:27:01.0140 3504 ssoftnt4 - ok
15:27:01.0203 3504 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys
15:27:01.0203 3504 STHDA - ok
15:27:01.0250 3504 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:27:01.0250 3504 swenum - ok
15:27:01.0312 3504 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:27:01.0312 3504 swmidi - ok
15:27:01.0359 3504 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:27:01.0359 3504 symc810 - ok
15:27:01.0359 3504 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:27:01.0375 3504 symc8xx - ok
15:27:01.0375 3504 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:27:01.0375 3504 sym_hi - ok
15:27:01.0390 3504 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:27:01.0390 3504 sym_u3 - ok
15:27:01.0421 3504 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:27:01.0421 3504 sysaudio - ok
15:27:01.0500 3504 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:27:01.0500 3504 Tcpip - ok
15:27:01.0546 3504 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:27:01.0546 3504 TDPIPE - ok
15:27:01.0562 3504 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:27:01.0562 3504 TDTCP - ok
15:27:01.0578 3504 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:27:01.0578 3504 TermDD - ok
15:27:01.0625 3504 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:27:01.0625 3504 TosIde - ok
15:27:01.0734 3504 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
15:27:01.0750 3504 TrueSight - ok
15:27:01.0828 3504 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:27:01.0828 3504 Udfs - ok
15:27:01.0875 3504 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:27:01.0875 3504 ultra - ok
15:27:01.0937 3504 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:27:01.0937 3504 Update - ok
15:27:01.0968 3504 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:27:01.0984 3504 usbccgp - ok
15:27:02.0000 3504 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:27:02.0000 3504 usbehci - ok
15:27:02.0015 3504 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:27:02.0015 3504 usbhub - ok
15:27:02.0031 3504 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:27:02.0031 3504 usbprint - ok
15:27:02.0046 3504 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:27:02.0046 3504 usbscan - ok
15:27:02.0046 3504 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:27:02.0046 3504 USBSTOR - ok
15:27:02.0078 3504 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:27:02.0078 3504 usbuhci - ok
15:27:02.0093 3504 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:27:02.0093 3504 VgaSave - ok
15:27:02.0140 3504 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:27:02.0140 3504 viaagp - ok
15:27:02.0156 3504 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:27:02.0156 3504 ViaIde - ok
15:27:02.0187 3504 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:27:02.0187 3504 VolSnap - ok
15:27:02.0218 3504 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:27:02.0218 3504 Wanarp - ok
15:27:02.0234 3504 wanatw - ok
15:27:02.0265 3504 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
15:27:02.0265 3504 WDC_SAM - ok
15:27:02.0281 3504 WDICA - ok
15:27:02.0296 3504 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:27:02.0296 3504 wdmaud - ok
15:27:02.0359 3504 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:27:02.0375 3504 winachsf - ok
15:27:02.0453 3504 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:27:02.0453 3504 WudfPf - ok
15:27:02.0484 3504 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:27:02.0484 3504 WudfRd - ok
15:27:02.0515 3504 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0
15:27:02.0546 3504 \Device\Harddisk0\DR0 - ok
15:27:02.0546 3504 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
15:27:02.0562 3504 \Device\Harddisk1\DR4 - ok
15:27:02.0578 3504 Boot (0x1200) (095db94a3c5bbfe17f4f855bde7bf845) \Device\Harddisk0\DR0\Partition0
15:27:02.0578 3504 \Device\Harddisk0\DR0\Partition0 - ok
15:27:02.0593 3504 Boot (0x1200) (1f0125d9e125daaf15eec61d85429c6c) \Device\Harddisk1\DR4\Partition0
15:27:02.0593 3504 \Device\Harddisk1\DR4\Partition0 - ok
15:27:02.0593 3504 ============================================================
15:27:02.0593 3504 Scan finished
15:27:02.0593 3504 ============================================================
15:27:02.0593 1416 Detected object count: 0
15:27:02.0593 1416 Actual detected object count: 0
15:27:51.0453 1116 ============================================================
15:27:51.0453 1116 Scan started
15:27:51.0453 1116 Mode: Manual; SigCheck; TDLFS;
15:27:51.0453 1116 ============================================================
15:27:52.0578 1116 Abiosdsk - ok
15:27:52.0625 1116 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:27:52.0984 1116 abp480n5 - ok
15:27:53.0140 1116 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:27:53.0359 1116 ACPI - ok
15:27:53.0390 1116 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:27:53.0578 1116 ACPIEC - ok
15:27:53.0609 1116 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:27:53.0812 1116 adpu160m - ok
15:27:53.0875 1116 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:27:54.0046 1116 aec - ok
15:27:54.0140 1116 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:27:54.0203 1116 AFD - ok
15:27:54.0390 1116 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:27:54.0562 1116 agp440 - ok
15:27:54.0828 1116 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:27:54.0984 1116 agpCPQ - ok
15:27:55.0265 1116 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:27:55.0359 1116 Aha154x - ok
15:27:55.0484 1116 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:27:55.0656 1116 aic78u2 - ok
15:27:55.0906 1116 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:27:56.0031 1116 aic78xx - ok
15:27:56.0234 1116 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:27:56.0390 1116 AliIde - ok
15:27:56.0625 1116 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:27:56.0781 1116 alim1541 - ok
15:27:57.0000 1116 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:27:57.0234 1116 amdagp - ok
15:27:57.0453 1116 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:27:57.0562 1116 amsint - ok
15:27:57.0781 1116 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:27:57.0984 1116 asc - ok
15:27:58.0265 1116 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:27:58.0359 1116 asc3350p - ok
15:27:58.0484 1116 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:27:58.0640 1116 asc3550 - ok
15:27:58.0890 1116 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:27:59.0062 1116 AsyncMac - ok
15:27:59.0281 1116 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:27:59.0406 1116 atapi - ok
15:27:59.0625 1116 Atdisk - ok
15:27:59.0968 1116 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:28:00.0125 1116 ati2mtag - ok
15:28:00.0390 1116 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:28:00.0546 1116 Atmarpc - ok
15:28:00.0843 1116 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:28:01.0000 1116 audstub - ok
15:28:01.0265 1116 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:28:01.0406 1116 Beep - ok
15:28:01.0593 1116 bvrp_pci - ok
15:28:01.0593 1116 catchme - ok
15:28:01.0750 1116 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:28:01.0906 1116 cbidf - ok
15:28:02.0203 1116 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:28:02.0312 1116 cbidf2k - ok
15:28:02.0609 1116 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:28:02.0703 1116 cd20xrnt - ok
15:28:02.0859 1116 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:28:03.0000 1116 Cdaudio - ok
15:28:03.0203 1116 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:28:03.0343 1116 Cdfs - ok
15:28:03.0625 1116 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:28:03.0765 1116 Cdrom - ok
15:28:03.0937 1116 Changer - ok
15:28:04.0125 1116 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:28:04.0296 1116 CmdIde - ok
15:28:04.0593 1116 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:28:04.0734 1116 Cpqarray - ok
15:28:05.0046 1116 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
15:28:05.0125 1116 ctsfm2k - ok
15:28:05.0281 1116 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
15:28:05.0328 1116 CTUSFSYN - ok
15:28:05.0578 1116 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:28:05.0765 1116 dac2w2k - ok
15:28:05.0984 1116 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:28:06.0140 1116 dac960nt - ok
15:28:06.0312 1116 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:28:06.0421 1116 Disk - ok
15:28:06.0734 1116 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:28:06.0906 1116 dmboot - ok
15:28:07.0140 1116 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:28:07.0296 1116 dmio - ok
15:28:07.0468 1116 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:28:07.0609 1116 dmload - ok
15:28:08.0062 1116 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:28:08.0343 1116 DMusic - ok
15:28:08.0500 1116 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:28:08.0625 1116 dpti2o - ok
15:28:08.0656 1116 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:28:08.0765 1116 drmkaud - ok
15:28:08.0812 1116 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:28:08.0859 1116 E100B - ok
15:28:08.0921 1116 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:28:09.0062 1116 Fastfat - ok
15:28:09.0093 1116 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:28:09.0203 1116 Fdc - ok
15:28:09.0234 1116 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:28:09.0359 1116 Fips - ok
15:28:09.0390 1116 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:28:09.0515 1116 Flpydisk - ok
15:28:09.0546 1116 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:28:09.0687 1116 FltMgr - ok
15:28:09.0718 1116 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:28:09.0843 1116 Fs_Rec - ok
15:28:09.0875 1116 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:28:10.0000 1116 Ftdisk - ok
15:28:10.0031 1116 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:28:10.0156 1116 Gpc - ok
15:28:10.0203 1116 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:28:10.0343 1116 HDAudBus - ok
15:28:10.0375 1116 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:28:10.0500 1116 HidUsb - ok
15:28:10.0546 1116 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:28:10.0656 1116 hpn - ok
15:28:10.0703 1116 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
15:28:10.0750 1116 HSFHWBS2 - ok
15:28:10.0796 1116 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
15:28:10.0843 1116 HSF_DP - ok
15:28:10.0890 1116 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:28:10.0953 1116 HTTP - ok
15:28:11.0046 1116 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:28:11.0171 1116 i2omgmt - ok
15:28:11.0187 1116 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:28:11.0312 1116 i2omp - ok
15:28:11.0328 1116 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:28:11.0453 1116 i8042prt - ok
15:28:11.0484 1116 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:28:11.0609 1116 Imapi - ok
15:28:11.0656 1116 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:28:11.0765 1116 ini910u - ok
15:28:11.0812 1116 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:28:11.0937 1116 IntelIde - ok
15:28:11.0984 1116 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:28:12.0093 1116 intelppm - ok
15:28:12.0125 1116 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:28:12.0250 1116 Ip6Fw - ok
15:28:12.0281 1116 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:28:12.0453 1116 IpFilterDriver - ok
15:28:12.0468 1116 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:28:12.0593 1116 IpInIp - ok
15:28:12.0625 1116 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:28:12.0765 1116 IpNat - ok
15:28:12.0781 1116 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:28:12.0906 1116 IPSec - ok
15:28:12.0937 1116 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:28:13.0062 1116 IRENUM - ok
15:28:13.0093 1116 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:28:13.0281 1116 isapnp - ok
15:28:13.0328 1116 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:28:13.0453 1116 Kbdclass - ok
15:28:13.0484 1116 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:28:13.0593 1116 kbdhid - ok
15:28:13.0625 1116 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:28:13.0750 1116 kmixer - ok
15:28:13.0796 1116 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:28:13.0828 1116 KSecDD - ok
15:28:13.0843 1116 lbrtfdc - ok
15:28:13.0875 1116 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
15:28:14.0171 1116 MBAMProtector - ok
15:28:14.0218 1116 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:28:14.0265 1116 mdmxsdk - ok
15:28:14.0281 1116 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:28:14.0296 1116 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
15:28:14.0296 1116 MHNDRV - detected UnsignedFile.Multi.Generic (1)
15:28:14.0312 1116 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:28:14.0437 1116 mnmdd - ok
15:28:14.0484 1116 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:28:14.0625 1116 Modem - ok
15:28:14.0656 1116 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:28:14.0796 1116 MODEMCSA - ok
15:28:14.0812 1116 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:28:14.0953 1116 Mouclass - ok
15:28:14.0984 1116 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:28:15.0125 1116 mouhid - ok
15:28:15.0156 1116 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:28:15.0281 1116 MountMgr - ok
15:28:15.0328 1116 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:28:15.0343 1116 MpFilter - ok
15:28:15.0484 1116 MpKslc7262cdd - ok
15:28:15.0515 1116 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:28:15.0656 1116 mraid35x - ok
15:28:15.0687 1116 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:28:15.0828 1116 MRxDAV - ok
15:28:15.0890 1116 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:28:15.0937 1116 MRxSmb - ok
15:28:15.0968 1116 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:28:16.0078 1116 Msfs - ok
15:28:16.0109 1116 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:28:16.0250 1116 MSKSSRV - ok
15:28:16.0265 1116 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:28:16.0375 1116 MSPCLOCK - ok
15:28:16.0390 1116 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:28:16.0515 1116 MSPQM - ok
15:28:16.0562 1116 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:28:16.0671 1116 mssmbios - ok
15:28:16.0703 1116 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:28:16.0750 1116 Mup - ok
15:28:16.0796 1116 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:28:16.0921 1116 NDIS - ok
15:28:16.0953 1116 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:28:17.0000 1116 NdisTapi - ok
15:28:17.0031 1116 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:28:17.0156 1116 Ndisuio - ok
15:28:17.0171 1116 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:28:17.0296 1116 NdisWan - ok
15:28:17.0328 1116 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:28:17.0359 1116 NDProxy - ok
15:28:17.0390 1116 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:28:17.0515 1116 NetBIOS - ok
15:28:17.0562 1116 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:28:17.0703 1116 NetBT - ok
15:28:17.0734 1116 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:28:17.0843 1116 Npfs - ok
15:28:17.0890 1116 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:28:18.0031 1116 Ntfs - ok
15:28:18.0078 1116 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:28:18.0203 1116 Null - ok
15:28:18.0281 1116 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:28:18.0437 1116 nv - ok
15:28:18.0453 1116 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:28:18.0578 1116 NwlnkFlt - ok
15:28:18.0578 1116 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:28:18.0703 1116 NwlnkFwd - ok
15:28:18.0750 1116 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
15:28:18.0781 1116 ossrv - ok
15:28:18.0812 1116 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:28:18.0937 1116 Parport - ok
15:28:18.0953 1116 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:28:19.0093 1116 PartMgr - ok
15:28:19.0109 1116 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:28:19.0250 1116 ParVdm - ok
15:28:19.0250 1116 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:28:19.0375 1116 PCI - ok
15:28:19.0390 1116 PCIDump - ok
15:28:19.0406 1116 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:28:19.0546 1116 PCIIde - ok
15:28:19.0578 1116 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:28:19.0703 1116 Pcmcia - ok
15:28:19.0750 1116 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
15:28:19.0765 1116 pcouffin ( UnsignedFile.Multi.Generic ) - warning
15:28:19.0765 1116 pcouffin - detected UnsignedFile.Multi.Generic (1)
15:28:19.0765 1116 PDCOMP - ok
15:28:19.0781 1116 PDFRAME - ok
15:28:19.0796 1116 PDRELI - ok
15:28:19.0796 1116 PDRFRAME - ok
15:28:19.0828 1116 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:28:19.0968 1116 perc2 - ok
15:28:19.0984 1116 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:28:20.0109 1116 perc2hib - ok
15:28:20.0171 1116 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:28:20.0296 1116 PptpMiniport - ok
15:28:20.0312 1116 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:28:20.0437 1116 PSched - ok
15:28:20.0437 1116 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:28:20.0562 1116 Ptilink - ok
15:28:20.0609 1116 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:28:20.0625 1116 PxHelp20 - ok
15:28:20.0640 1116 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:28:20.0781 1116 ql1080 - ok
15:28:20.0812 1116 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:28:20.0937 1116 Ql10wnt - ok
15:28:20.0937 1116 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:28:21.0062 1116 ql12160 - ok
15:28:21.0078 1116 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:28:21.0234 1116 ql1240 - ok
15:28:21.0234 1116 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:28:21.0359 1116 ql1280 - ok
15:28:21.0390 1116 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:28:21.0531 1116 RasAcd - ok
15:28:21.0578 1116 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:28:21.0703 1116 Rasl2tp - ok
15:28:21.0718 1116 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:28:21.0843 1116 RasPppoe - ok
15:28:21.0875 1116 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:28:22.0000 1116 Raspti - ok
15:28:22.0015 1116 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:28:22.0140 1116 Rdbss - ok
15:28:22.0171 1116 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:28:22.0312 1116 RDPCDD - ok
15:28:22.0343 1116 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:28:22.0453 1116 rdpdr - ok
15:28:22.0500 1116 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:28:22.0531 1116 RDPWD - ok
15:28:22.0562 1116 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:28:22.0703 1116 redbook - ok
15:28:22.0765 1116 SahdIa32 (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\WINDOWS\system32\Drivers\SahdIa32.sys
15:28:22.0765 1116 SahdIa32 - ok
15:28:22.0796 1116 SaibIa32 (7a5f65b16249af2bc9d18d815f5d7172) C:\WINDOWS\system32\Drivers\SaibIa32.sys
15:28:22.0812 1116 SaibIa32 - ok
15:28:22.0828 1116 SaibVd32 (e333c9515822de586a3ff759a0c9b7bf) C:\WINDOWS\system32\Drivers\SaibVd32.sys
15:28:22.0843 1116 SaibVd32 - ok
15:28:22.0890 1116 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:28:23.0015 1116 Secdrv - ok
15:28:23.0031 1116 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:28:23.0156 1116 serenum - ok
15:28:23.0203 1116 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:28:23.0343 1116 Serial - ok
15:28:23.0375 1116 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:28:23.0484 1116 Sfloppy - ok
15:28:23.0562 1116 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys
15:28:23.0656 1116 sigfilt - ok
15:28:23.0656 1116 Simbad - ok
15:28:23.0703 1116 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:28:23.0828 1116 sisagp - ok
15:28:23.0859 1116 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:28:23.0937 1116 Sparrow - ok
15:28:23.0968 1116 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:28:24.0093 1116 splitter - ok
15:28:24.0125 1116 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:28:24.0250 1116 sr - ok
15:28:24.0312 1116 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:28:24.0359 1116 Srv - ok
15:28:24.0406 1116 ssoftnt4 (a5752dba91e5f5da68a7697a07260a7a) C:\WINDOWS\system32\Drivers\ssoftnt4.sys
15:28:24.0421 1116 ssoftnt4 - ok
15:28:24.0468 1116 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys
15:28:24.0515 1116 STHDA - ok
15:28:24.0562 1116 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:28:24.0703 1116 swenum - ok
15:28:24.0734 1116 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:28:24.0875 1116 swmidi - ok
15:28:24.0906 1116 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:28:25.0046 1116 symc810 - ok
15:28:25.0046 1116 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:28:25.0171 1116 symc8xx - ok
15:28:25.0187 1116 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:28:25.0328 1116 sym_hi - ok
15:28:25.0343 1116 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:28:25.0453 1116 sym_u3 - ok
15:28:25.0500 1116 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:28:25.0640 1116 sysaudio - ok
15:28:25.0687 1116 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:28:25.0734 1116 Tcpip - ok
15:28:25.0750 1116 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:28:25.0875 1116 TDPIPE - ok
15:28:25.0890 1116 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:28:26.0031 1116 TDTCP - ok
15:28:26.0062 1116 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:28:26.0203 1116 TermDD - ok
15:28:26.0234 1116 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:28:26.0359 1116 TosIde - ok
15:28:26.0406 1116 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
15:28:26.0421 1116 TrueSight ( UnsignedFile.Multi.Generic ) - warning
15:28:26.0421 1116 TrueSight - detected UnsignedFile.Multi.Generic (1)
15:28:26.0468 1116 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:28:26.0609 1116 Udfs - ok
15:28:26.0609 1116 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:28:26.0671 1116 ultra - ok
15:28:26.0750 1116 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:28:26.0890 1116 Update - ok
15:28:26.0921 1116 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:28:27.0062 1116 usbccgp - ok
15:28:27.0093 1116 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:28:27.0234 1116 usbehci - ok
15:28:27.0265 1116 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:28:27.0390 1116 usbhub - ok
15:28:27.0406 1116 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:28:27.0546 1116 usbprint - ok
15:28:27.0546 1116 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:28:27.0671 1116 usbscan - ok
15:28:27.0687 1116 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:28:27.0812 1116 USBSTOR - ok
15:28:27.0828 1116 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:28:27.0968 1116 usbuhci - ok
15:28:27.0984 1116 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:28:28.0125 1116 VgaSave - ok
15:28:28.0171 1116 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:28:28.0296 1116 viaagp - ok
15:28:28.0328 1116 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:28:28.0453 1116 ViaIde - ok
15:28:28.0500 1116 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:28:28.0640 1116 VolSnap - ok
15:28:28.0781 1116 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:28:28.0953 1116 Wanarp - ok
15:28:29.0093 1116 wanatw - ok
15:28:29.0187 1116 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
15:28:29.0250 1116 WDC_SAM - ok
15:28:29.0281 1116 WDICA - ok
15:28:29.0359 1116 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:28:29.0515 1116 wdmaud - ok
15:28:29.0796 1116 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:28:30.0000 1116 winachsf - ok
15:28:30.0078 1116 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:28:31.0281 1116 WudfPf - ok
15:28:31.0312 1116 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:28:31.0359 1116 WudfRd - ok
15:28:31.0390 1116 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0
15:28:31.0484 1116 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:28:31.0484 1116 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:28:31.0500 1116 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
15:28:31.0625 1116 \Device\Harddisk1\DR4 - ok
15:28:31.0687 1116 Boot (0x1200) (095db94a3c5bbfe17f4f855bde7bf845) \Device\Harddisk0\DR0\Partition0
15:28:31.0703 1116 \Device\Harddisk0\DR0\Partition0 - ok
15:28:31.0718 1116 Boot (0x1200) (1f0125d9e125daaf15eec61d85429c6c) \Device\Harddisk1\DR4\Partition0
15:28:31.0718 1116 \Device\Harddisk1\DR4\Partition0 - ok
15:28:31.0718 1116 ============================================================
15:28:31.0718 1116 Scan finished
15:28:31.0718 1116 ============================================================
15:28:32.0156 1936 Detected object count: 4
15:28:32.0156 1936 Actual detected object count: 4
15:29:54.0234 1936 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:54.0234 1936 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:54.0234 1936 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:54.0234 1936 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:54.0250 1936 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:54.0250 1936 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:54.0250 1936 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:29:54.0250 1936 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:29:56.0875 3724 Deinitialize success



aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-26 15:31:43
-----------------------------
15:31:43.953 OS Version: Windows 5.1.2600 Service Pack 3
15:31:43.953 Number of processors: 2 586 0x403
15:31:43.953 ComputerName: DFTQDP91 UserName: terra
15:31:44.578 Initialize success
15:32:38.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
15:32:38.281 Disk 0 Vendor: ST3160828AS 8.04 Size: 152587MB BusType: 3
15:32:40.296 Disk 0 MBR read successfully
15:32:40.296 Disk 0 MBR scan
15:32:40.296 Disk 0 unknown MBR code
15:32:40.296 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
15:32:40.296 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147785 MB offset 96390
15:32:40.312 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 302760990
15:32:40.312 Disk 0 scanning sectors +312496380
15:32:40.375 Disk 0 scanning C:\WINDOWS\system32\drivers
15:32:46.687 Service scanning
15:32:47.703 Modules scanning
15:32:51.859 Scan finished successfully
15:33:15.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\terra\Desktop\MBR.dat"
15:33:15.187 The log file has been saved successfully to "C:\Documents and Settings\terra\Desktop\aswMBR.txt"
  • 0

#4
RKinner
Posted 26 December 2011 - 05:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Run TDSSKiller again as you did the second time.


\Device\Harddisk0\DR0 ( TDSS File System ) Change the SKIP to DELETE for this one.

then reboot and run it again. Make sure it doesn't show up again.

Run OTL, Quickscan and post the log.
  • 0

#5
raftini
Posted 26 December 2011 - 06:08 PM

raftini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Done.

Here it is:

OTL logfile created on: 12/26/2011 4:02:39 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\terra\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 478.70 Mb Available Physical Memory | 46.84% Memory free
2.40 Gb Paging File | 1.96 Gb Available in Paging File | 81.76% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 29.09 Gb Free Space | 20.16% Space Free | Partition Type: NTFS
Drive G: | 931.48 Gb Total Space | 845.91 Gb Free Space | 90.81% Space Free | Partition Type: NTFS

Computer Name: DFTQDP91 | User Name: terra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/26 15:59:05 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\terra\Local Settings\temp\clclean.0001
PRC - [2011/12/25 18:32:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\terra\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/13 09:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe
PRC - [2010/08/25 11:27:26 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/06/30 08:10:14 | 000,477,680 | ---- | M] () -- C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/12/04 11:15:10 | 000,927,984 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) -- C:\WINDOWS\system32\cryptainersrv.exe
PRC - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 19:45:08 | 000,742,400 | ---- | M] (IconRemover.com) -- C:\Program Files\Icon Remover\IconRemover.exe
PRC - [2006/03/20 05:55:06 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2005/09/15 07:47:22 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/03/22 22:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/26 15:59:05 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\terra\Local Settings\temp\clclean.0001.dir.0001\~df394b.tmp
MOD - [2011/10/14 15:28:36 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/14 12:57:51 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 12:57:35 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/14 12:56:42 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/10/14 12:56:41 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/14 12:56:40 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/10/14 12:56:39 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/14 12:56:39 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/10/14 12:56:33 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/10/14 12:56:31 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/14 12:56:31 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/14 12:56:29 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/10/14 12:56:27 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/04/04 18:35:52 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/04/04 18:35:51 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/04/04 18:35:50 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/04/04 18:35:50 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/04/04 18:35:46 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/04/04 18:35:46 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/04/04 18:35:46 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/04/04 18:35:46 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/04/04 18:35:46 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/04/04 18:35:46 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/04/04 18:35:45 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/04/04 18:35:45 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/04/04 18:35:45 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/11/21 06:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/09/13 09:02:00 | 003,153,904 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BEngine.dll
MOD - [2010/09/13 09:02:00 | 000,523,248 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\TRREngine.dll
MOD - [2010/09/13 09:02:00 | 000,107,504 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\Logging.dll
MOD - [2010/09/13 09:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe
MOD - [2010/08/25 11:27:26 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe
MOD - [2010/06/30 08:10:14 | 000,477,680 | ---- | M] () -- C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/23 13:45:41 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/05 11:43:04 | 000,094,208 | ---- | M] () -- C:\Program Files\Lexmark 1200 Series\ConvDIB.dll
MOD - [2006/01/18 20:33:38 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL
MOD - [2005/05/19 06:54:00 | 001,345,520 | ---- | M] () -- C:\WINDOWS\system32\CTMBHA.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/13 09:02:00 | 000,039,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/16 05:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2010/07/16 05:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2009/12/04 11:15:10 | 000,927,984 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cryptainersrv.exe -- (ssoftservice)
SRV - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2006/03/20 05:55:06 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2011/12/26 15:59:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EA178C5A-5977-4E31-8483-39559025E9BB}\MpKsl5e83121d.sys -- (MpKsl5e83121d)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/02/03 19:36:32 | 000,097,784 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssoftnt4.sys -- (ssoftnt4)
DRV - [2009/06/02 00:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009/06/02 00:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009/06/02 00:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2005/08/04 02:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/06 19:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/05/25 20:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
DRV - [2005/03/25 14:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
DRV - [2005/01/10 22:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2005/01/10 22:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2003/11/17 19:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 19:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 19:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {fa8cb1bd-1442-439c-8225-b8b16983d9b7}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\terra\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\terra\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\terra\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\terra\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\terra\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 16:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/02 14:58:14 | 000,000,000 | ---D | M]

[2010/10/06 17:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\terra\Application Data\Mozilla\Extensions
[2011/12/17 18:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\terra\Application Data\Mozilla\Firefox\Profiles\ffuujbci.default\extensions
[2011/11/12 16:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TERRA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FFUUJBCI.DEFAULT\EXTENSIONS\[email protected]
[2011/11/12 16:01:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/02 06:49:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/11 18:35:22 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/11/12 16:01:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 16:01:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\terra\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\terra\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\terra\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\terra\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/12/26 15:17:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Icon Remover] C:\Program Files\Icon Remover\IconRemover.exe (IconRemover.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1286416658140 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B1FBF5A-CDDD-43C4-9C8D-0852EDBDB5D8}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\terra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\terra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 15:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/26 15:39:16 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/26 15:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/26 15:31:12 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\terra\Desktop\aswMBR.exe
[2011/12/26 15:26:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/26 15:25:55 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\terra\Desktop\TDSSKiller.exe
[2011/12/26 15:00:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/26 15:00:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/26 15:00:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/26 15:00:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/26 14:59:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/26 14:55:38 | 004,352,855 | R--- | C] (Swearware) -- C:\Documents and Settings\terra\Desktop\ComboFix.exe
[2011/12/26 08:14:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\terra\Recent
[2011/12/25 18:32:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\terra\Desktop\OTL.exe
[2011/12/25 16:56:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\terra\IECompatCache
[2011/12/25 08:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terra\Desktop\New Folder
[2011/12/24 10:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terra\My Documents\Roxio
[2011/12/24 10:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terra\Desktop\Rkill
[2011/12/19 10:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terra\Desktop\FCP Tutorials
[2011/12/19 08:03:15 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011/12/10 15:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/10 08:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/10 08:18:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/12/09 17:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/09 17:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/09 17:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/03 19:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/05/21 07:27:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\terra\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/26 16:04:09 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/26 15:59:05 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/26 15:58:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/26 15:58:52 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/26 15:49:14 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204218621-3891720269-2823161818-1005UA.job
[2011/12/26 15:31:18 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\terra\Desktop\aswMBR.exe
[2011/12/26 15:17:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/26 14:55:50 | 004,352,855 | R--- | M] (Swearware) -- C:\Documents and Settings\terra\Desktop\ComboFix.exe
[2011/12/26 14:09:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/26 09:49:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204218621-3891720269-2823161818-1005Core.job
[2011/12/25 18:32:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\terra\Desktop\OTL.exe
[2011/12/25 11:54:53 | 000,158,720 | ---- | M] () -- C:\Documents and Settings\terra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/25 09:16:04 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/12/25 09:16:04 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/12/24 17:54:58 | 005,673,136 | ---- | M] () -- C:\Documents and Settings\terra\Local Settings\Application Data\rx_image32.Cache
[2011/12/24 17:54:58 | 000,172,856 | ---- | M] () -- C:\Documents and Settings\terra\Local Settings\Application Data\rx_audio.Cache
[2011/12/24 10:05:46 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\terra\Desktop\TDSSKiller.exe
[2011/12/23 14:05:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/21 09:38:12 | 000,000,316 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2011/12/19 09:17:41 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011/12/19 08:28:53 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/12/17 06:34:28 | 000,438,419 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111217-181824.backup
[2011/12/14 14:56:15 | 000,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/12/14 14:56:15 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\04C0844B0A.sys
[2011/12/13 18:42:10 | 000,361,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/11 10:09:48 | 000,438,109 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111217-063428.backup
[2011/12/10 16:02:25 | 000,004,165 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/12/10 15:35:32 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\terra\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/10 13:45:42 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\terra\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011/12/10 08:31:11 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/09 17:57:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/09 17:34:55 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\238Lgl5NB.dat
[2011/12/09 17:34:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\GH1T4XxrF.com.b
[2011/12/09 17:20:00 | 000,012,000 | -HS- | M] () -- C:\Documents and Settings\terra\Local Settings\Application Data\klkseh2u8osn0otj2lxs4a878h7k
[2011/12/09 17:20:00 | 000,012,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\klkseh2u8osn0otj2lxs4a878h7k
[2011/12/06 19:44:12 | 000,031,298 | ---- | M] () -- C:\Documents and Settings\terra\Desktop\how_to_win_friends_and_influence_people.pdf
[2011/11/27 16:32:34 | 000,000,100 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/26 15:05:21 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/26 15:00:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/26 15:00:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/26 15:00:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/26 15:00:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/26 15:00:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/24 10:41:24 | 000,172,856 | ---- | C] () -- C:\Documents and Settings\terra\Local Settings\Application Data\rx_audio.Cache
[2011/12/19 20:29:50 | 070,356,731 | ---- | C] () -- C:\Documents and Settings\terra\Desktop\VID00002.MP4
[2011/12/19 20:29:45 | 114,201,721 | ---- | C] () -- C:\Documents and Settings\terra\Desktop\VID00001.MP4
[2011/12/19 20:29:44 | 033,534,118 | ---- | C] () -- C:\Documents and Settings\terra\Desktop\VID00003.MP4
[2011/12/10 15:35:32 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\terra\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/10 13:45:42 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\terra\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011/12/10 08:36:01 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/10 08:30:51 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/09 17:57:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/09 17:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\GH1T4XxrF.com.b
[2011/12/09 17:32:59 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\238Lgl5NB.dat
[2011/12/09 17:20:02 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/09 05:45:17 | 000,012,000 | -HS- | C] () -- C:\Documents and Settings\terra\Local Settings\Application Data\klkseh2u8osn0otj2lxs4a878h7k
[2011/12/09 05:45:17 | 000,012,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\klkseh2u8osn0otj2lxs4a878h7k
[2011/12/06 19:44:42 | 000,031,298 | ---- | C] () -- C:\Documents and Settings\terra\Desktop\how_to_win_friends_and_influence_people.pdf
[2011/11/21 15:04:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/18 08:26:58 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\terra\Application Data\PFP120JPR.{PB
[2011/10/18 08:26:58 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\terra\Application Data\PFP120JCM.{PB
[2011/10/18 08:26:47 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/10/18 08:26:47 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\04C0844B0A.sys
[2011/09/03 14:18:01 | 005,673,136 | ---- | C] () -- C:\Documents and Settings\terra\Local Settings\Application Data\rx_image32.Cache
[2011/05/21 07:27:23 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\terra\Application Data\pcouffin.cat
[2011/05/21 07:27:22 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\terra\Application Data\pcouffin.inf
[2011/05/14 21:54:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/04 20:51:39 | 006,602,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/26 09:34:55 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/27 06:50:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/02/12 09:52:22 | 000,006,147 | ---- | C] () -- C:\WINDOWS\PCLICSB.DAT
[2011/02/12 09:52:22 | 000,000,258 | RH-- | C] () -- C:\WINDOWS\System32\LMF.DAT
[2011/01/08 11:02:18 | 000,000,990 | -HS- | C] () -- C:\Documents and Settings\terra\Application Data\systemfl.$dk
[2010/10/09 21:54:25 | 000,158,720 | ---- | C] () -- C:\Documents and Settings\terra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/06 18:42:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2010/10/06 17:13:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/10/06 17:09:18 | 000,000,316 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/10/06 17:09:17 | 000,000,100 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/10/06 16:29:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\terra\Local Settings\Application Data\fusioncache.dat
[2008/01/15 04:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/04/27 08:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2006/04/17 09:45:38 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\LEXPING.EXE
[2006/03/20 06:11:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/20 06:07:15 | 000,004,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/20 06:03:52 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/03/20 05:59:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/03/20 05:55:33 | 000,005,811 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/03/20 05:31:34 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
[2006/03/20 05:31:34 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/03/20 05:31:18 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/03/20 05:31:18 | 000,102,400 | ---- | C] () -- C:\WINDOWS\SETLANG.EXE
[2006/03/20 05:30:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/03/20 05:30:54 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/20 05:30:24 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/30 04:42:22 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2005/08/16 02:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 02:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 02:27:59 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 02:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 02:18:33 | 000,442,894 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 02:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 02:18:33 | 000,072,160 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 02:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 02:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 02:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 02:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 02:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 02:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 02:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 02:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 12:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2002/11/12 23:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2001/01/18 23:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE

========== LOP Check ==========

[2011/11/20 19:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artweaver
[2011/11/20 19:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artweaver Free
[2011/02/19 10:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bible Analyzer
[2005/08/16 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/03/26 09:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/15 22:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2011/05/28 07:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2011/09/03 13:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
[2011/10/20 18:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/07 19:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/05/21 21:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/09/03 13:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2006/03/20 06:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/06/13 16:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/03/29 16:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/12/09 18:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Add-in Express
[2011/11/20 19:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Artweaver Free
[2011/02/20 06:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Bible Analyzer
[2011/10/22 11:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/14 07:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\FileZilla
[2010/10/09 06:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Foxit
[2010/10/09 06:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Foxit Software
[2011/05/21 06:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\HandBrake
[2011/04/01 23:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Icon Remover
[2010/10/28 16:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Leadertech
[2011/07/15 22:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\MAGIX
[2011/03/23 19:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Notepad++
[2011/05/28 06:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Photodex
[2011/05/21 21:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Publish Providers
[2011/09/03 13:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Simple Star
[2011/05/23 17:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Sony
[2011/09/23 16:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\StreamTorrent
[2011/07/24 19:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\SynthMaker
[2011/12/25 18:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\uTorrent
[2011/11/27 19:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terra\Application Data\Vso
[2011/12/26 16:04:09 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

#6
RKinner
Posted 26 December 2011 - 06:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I assume TDSSKiller was able to get rid of \Device\Harddisk0\DR0 ( TDSS File System )


Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {fa8cb1bd-1442-439c-8225-b8b16983d9b7}:1.0
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
[2011/12/09 17:20:00 | 000,012,000 | -HS- | M] () -- C:\Documents and Settings\terra\Local Settings\Application Data\klkseh2u8osn0otj2lxs4a878h7k
[2011/12/09 17:20:00 | 000,012,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\klkseh2u8osn0otj2lxs4a878h7k
[2011/12/09 17:34:55 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\238Lgl5NB.dat
[2011/12/09 17:34:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\GH1T4XxrF.com.b

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\terra\Local Settings\Application Data\klkseh2u8osn0otj2lxs4a878h7k
C:\Documents and Settings\All Users\Application Data\klkseh2u8osn0otj2lxs4a878h7k
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#7
raftini
Posted 26 December 2011 - 07:43 PM

raftini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Yes, TDSSKiller was able to get rid of \Device\Harddisk0\DR0. Thanks

========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
Prefs.js: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {fa8cb1bd-1442-439c-8225-b8b16983d9b7}:1.0 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\terra\Local Settings\Application Data\klkseh2u8osn0otj2lxs4a878h7k moved successfully.
C:\Documents and Settings\All Users\Application Data\klkseh2u8osn0otj2lxs4a878h7k moved successfully.
C:\Documents and Settings\All Users\Application Data\238Lgl5NB.dat moved successfully.
C:\WINDOWS\system32\GH1T4XxrF.com.b moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\terra\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\terra\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\terra\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\terra\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\terra\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\terra\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\terra\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\terra\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\terra\Local Settings\Application Data\klkseh2u8osn0otj2lxs4a878h7k not found.
File\Folder C:\Documents and Settings\All Users\Application Data\klkseh2u8osn0otj2lxs4a878h7k not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 405 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 27733 bytes

User: terra
->Flash cache emptied: 2836609 bytes

Total Flash Files Cleaned = 3.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

User: terra
->Java cache emptied: 1550038 bytes

Total Java Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12262011_173048

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/12/2011 5:40:34 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/12/2011 5:38:41 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/12/2011 5:41:24 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#8
RKinner
Posted 26 December 2011 - 08:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The only thing left is an error from Roxio Creator 2011 Pro. Something called Roxio Hard Drive Watcher 12 service doesn't seem to be working right.

You can test it: Start, Run, services.msc, OK Then find Roxio Hard Drive Watcher 12 and try to Start it. If it won't start what error message does it give? I don't think you really need it for anything so you can right click on the service and select Properties then change the Startup Type to Disabled and OK. Then it won't bother you any more. (It is causing a 30 second delay in booting)

That's about all I see unless you are still having problems so I think we can clean up now.

We need to clean up System Restore.

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
raftini
Posted 27 December 2011 - 10:07 PM

raftini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Ron, I will follow your suggestions and see how things run over the next week or so. Thank you very much!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP