Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Win32.Generic!BT froze computer

Started by Dr_hfuhruhurr , Jan 21 2012 09:44 AM

  • Please log in to reply

#1
Dr_hfuhruhurr
Posted 21 January 2012 - 09:44 AM

Dr_hfuhruhurr

    Member

  • Member
  • PipPip
  • 30 posts
, having some trouble with my laptop. I've a Packard Bell EasyNote running Windows XP SP3, last night had a warning from Microsoft Security Essentials about the above infection, I ran a scan and it all looked clean. This morning it was very slow, so I scanned with AdAware, SpyBot and trial versions of first Vipre and then Nod32, all clean. By now I can only boot in safe mode as it will freeze within seconds of loading the desktop icons in normal mode. In safe mode I scanned with Malwarebytes and SpyBot and they were clean but I still can't boot normally. I tried System Restore but it has been turned off. I can't access the internet with it so I downloaded OTL on my phone and transferred it across by usb. I've copied the log back across but it's formatted pretty poorly, the foreign character were there on the original log though. Apologies for legibility and massive thanks in advance. I've had to attach the .txt file as my phone couldn't handle copy and paste of such magnitude. If this isn't ok, let me know.

OTL logfile created on: 21/01/2012 14:29:12 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.11 Mb Total Physical Memory | 786.14 Mb Available Physical Memory | 77.52% Memory free
2.38 Gb Paging File | 2.32 Gb Available in Paging File | 97.27% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.23 Gb Total Space | 58.82 Gb Free Space | 41.65% Space Free | Partition Type: NTFS

Computer Name: 107863980132 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/20 15:37:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/01/20 17:33:29 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/05/25 09:41:54 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2005/10/20 06:15:00 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- (USBDeviceService)
SRV - [2005/01/31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/04/08 08:38:26 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2001/11/12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Stopped] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/06/22 18:01:52 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/06/09 23:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2006/11/07 06:34:36 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/28 14:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/04/19 16:50:08 | 000,788,224 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006/04/04 03:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/31 16:27:06 | 001,155,672 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/18 18:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/11/28 10:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2004/12/06 12:00:00 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/12/06 11:00:00 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/08/15 12:56:50 | 000,138,402 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glausb.sys -- (lanusb)
DRV - [2003/03/05 08:44:02 | 000,002,127 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MyPort.sys -- (MyPort)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...03&gct=&gc=1&q=

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 11:46:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/30 19:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/20 19:56:22 | 000,000,000 | ---D | M]

[2010/04/23 15:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/01/20 16:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lsc6gzkg.default\extensions
[2011/12/04 20:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/07 11:46:40 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/21 16:02:32 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/27 17:58:06 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/01/07 11:46:34 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/07 11:46:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/07 11:46:34 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/07 11:46:34 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/07 11:46:34 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/01/20 16:49:07 | 000,439,468 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: റ⌊匠慴瑲漠⁦湥牴敩⁳湩敳...several pages of Chinese...整⁤祢匠祰潢⁴敓牡档☠䐠獥牴祯਍
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{114F6ADA-835E-46A1-9436-8D201983FE5D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\APPS\DESKTOP\DESKTOP.HTM
O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\DESKTOP.HTM
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 11:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2012/01/21 10:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GFI Software
[2012/01/21 08:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/01/20 19:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/20 19:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2012/01/20 19:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/20 18:40:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/20 17:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/01/20 17:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/01/20 17:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/01/20 15:37:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/18 19:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\GFI Software
[2011/12/29 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/29 10:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/12/29 06:28:01 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2009/12/29 06:28:01 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2009/12/29 06:28:01 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2009/12/29 06:28:01 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2009/12/29 06:28:01 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2009/12/29 06:28:01 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/12/29 06:28:01 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2009/12/29 06:28:01 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2009/12/29 06:28:00 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2009/12/29 06:28:00 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2009/12/29 06:28:00 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2009/12/29 06:27:59 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2009/12/29 06:27:59 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2009/12/29 06:27:59 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2009/12/29 06:27:59 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe

========== Files - Modified Within 30 Days ==========

[2012/01/21 14:26:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 11:27:50 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/21 11:26:56 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit_.INI
[2012/01/21 11:02:21 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/21 10:00:54 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Master CD_DVD Creator.job
[2012/01/21 09:54:03 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4025548750-2202908060-4122310945-1005UA.job
[2012/01/21 09:53:18 | 000,376,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/21 08:34:15 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012/01/21 08:34:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/21 08:33:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/20 18:54:04 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4025548750-2202908060-4122310945-1005Core.job
[2012/01/20 18:50:06 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/20 17:25:46 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/01/20 16:49:07 | 000,439,468 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/20 16:27:14 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/20 16:26:16 | 000,446,418 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/20 16:26:16 | 000,073,744 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/20 15:37:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/07 11:24:39 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\lxdd
[2011/12/29 10:27:53 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/01/20 17:26:32 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/20 17:25:46 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/01/20 16:27:14 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 10:27:53 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/08 21:48:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2011/11/09 18:36:49 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2011/11/07 10:04:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/14 20:52:49 | 000,008,116 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\35167750x7sg4jfxvc404ek86gs3u382721
[2011/05/05 19:55:24 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/02/05 19:04:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/25 07:41:01 | 000,002,863 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2010/08/25 07:40:50 | 000,002,894 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2010/08/25 07:40:41 | 000,002,996 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2010/08/25 07:40:30 | 000,002,830 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2010/08/25 07:40:09 | 000,002,993 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2010/08/25 07:40:03 | 000,002,865 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2010/08/25 07:39:56 | 000,002,873 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2010/08/25 07:37:40 | 000,010,999 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/08/25 07:37:27 | 000,243,064 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/08/25 07:37:27 | 000,014,639 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/06/22 21:07:31 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/22 21:04:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/23 09:06:47 | 000,008,208 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3507643951
[2010/04/23 06:49:38 | 000,008,200 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Ih48cYUD
[2010/01/09 05:28:21 | 000,090,152 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/29 06:29:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2009/12/29 06:29:54 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/12/29 06:29:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2009/12/29 06:29:06 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2009/12/29 06:29:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2009/12/29 06:28:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/12/29 06:28:01 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/12/29 06:28:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2009/12/27 11:02:09 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/12/18 09:34:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/12/09 19:10:48 | 000,005,021 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2009/12/08 17:56:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/06 22:57:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2009/12/06 20:46:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI
[2009/12/01 11:20:26 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/12/01 10:18:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\AppRun.exe
[2009/12/01 10:18:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\Restart.exe
[2009/12/01 10:18:54 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2009/12/01 10:17:56 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2009/12/01 10:17:56 | 000,160,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp_.bin
[2009/12/01 10:17:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2009/12/01 10:17:56 | 000,017,020 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2009/01/25 21:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 23:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/11/07 07:03:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/07 06:42:34 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2006/11/07 06:37:57 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/07 06:35:29 | 000,007,596 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2006/11/07 06:33:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/07 06:16:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2006/11/07 06:16:08 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2006/03/23 14:24:10 | 000,006,399 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/12 11:23:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/06 11:00:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2004/09/10 15:50:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/09/10 15:42:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/09/10 15:32:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/10 15:24:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/10 15:22:38 | 000,376,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/10 14:57:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/10 14:57:27 | 000,446,418 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/09/10 14:57:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/10 14:57:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/10 14:57:26 | 000,073,744 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/09/10 14:57:25 | 000,004,613 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/10 14:57:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/10 14:57:22 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/10 14:57:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/10 14:57:12 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/10 14:57:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/10 14:56:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/05 08:44:00 | 000,002,127 | ---- | C] () -- C:\WINDOWS\System32\drivers\MyPort.sys

========== LOP Check ==========

[2012/01/21 10:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GFI Software
[2012/01/21 11:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2009/12/01 11:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/06/22 21:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2012/01/20 19:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/12/02 19:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2011/12/22 11:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2011/04/10 13:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mLg31001gLcDe31001
[2009/11/26 23:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2011/05/05 20:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/11/26 23:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/11/26 23:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/11/26 23:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/12 09:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/12/03 20:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/04/11 07:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/01 11:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/01/21 11:27:50 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/01/21 10:00:54 | 000,000,226 | ---- | M] () -- C:\WINDOWS\Tasks\Master CD_DVD Creator.job
[2010/01/19 01:20:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\shutdown.job

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.txt   484.18KB   162 downloads

  • 0

Advertisements

#2
RKinner
Posted 21 January 2012 - 11:09 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
See if you can boot into Safe Mode with Networking then:

Copy the text in the code box by highlighting and Ctrl + c 


:OTL
[2011/05/14 20:52:49 | 000,008,116 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\35167750x7sg4jfxvc404ek86gs3u382721
[2011/05/05 19:55:24 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/23 09:06:47 | 000,008,208 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3507643951
[2010/04/23 06:49:38 | 000,008,200 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Ih48cYUD

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\Todd\Local Settings\Application Data\*.exe
net start dhcp /c
net start afd /c
net start tcpip /c
net start netbt /c
net start ipsec /c
ipconfig /c
nslookup f1.com /c
tracert -d 8.8.8.8 /c
    
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Can you get into regular mode now?

Ron
  • 0

#3
Dr_hfuhruhurr
Posted 21 January 2012 - 11:45 AM

Dr_hfuhruhurr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Ron, thanks for looking into this, very much appreciated. The Safe Mode with Networking allowed me to connect, so i ran the fix on OTL. After reboot I started fine in normal mode but I can't find the new OTL log anywhere on my computer? Should I scan again?
  • 0

#4
RKinner
Posted 21 January 2012 - 11:49 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If you are connecting we probably don't need the log. Let's continue with:

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls (allow the Avast option)
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#5
Dr_hfuhruhurr
Posted 21 January 2012 - 01:00 PM

Dr_hfuhruhurr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Ron, I ran Combofix, it warned about Rootkit.ZeroAccess infection, rebooted after a while, seemed to have finished, but the computer froze as the Notepad log appeared. I tried rebooting and it started freezing as the icons launched again. I can only work in Safe Mode now. Shall I continue with the TDSSKiller and aswMBR.exe in safe mode? Here's the Combofix.txt log:
ComboFix 12-01-21.02 - User 21/01/2012 18:22:29.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.568 [GMT 0:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Application Data\EurekaLog
c:\documents and settings\User\Application Data\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 18:22 . 2012-01-21 18:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-01-21 17:31 . 2012-01-21 17:31 -------- d-----w- C:\_OTL
2012-01-21 11:26 . 2012-01-21 11:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ulead Systems
2012-01-21 10:14 . 2012-01-21 10:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\GFI Software
2012-01-21 08:19 . 2012-01-21 08:19 -------- d-----w- c:\program files\VS Revo Group
2012-01-20 19:56 . 2012-01-20 19:56 -------- d-----w- c:\program files\ESET
2012-01-20 19:56 . 2012-01-20 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-01-20 17:20 . 2012-01-20 17:20 -------- d-----w- c:\program files\Lavasoft
2012-01-20 17:20 . 2012-01-20 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-01-18 19:52 . 2012-01-18 19:52 -------- d-----w- c:\program files\GFI Software
2012-01-07 11:46 . 2012-01-07 11:46 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-07 11:46 . 2012-01-07 11:46 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-07 11:46 . 2012-01-07 11:46 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-07 11:46 . 2012-01-07 11:46 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-29 10:25 . 2011-12-29 10:25 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 15:24 . 2010-04-23 11:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 17:56 . 2011-12-04 17:56 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-12-04 17:56 . 2011-12-04 17:56 1998168 ----a-w- c:\windows\system32\d3dx9_43.dll
2011-11-30 21:04 . 2011-05-21 06:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-09-10 14:57 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-09-10 14:57 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-09-10 14:57 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-08 21:46 . 2004-09-10 15:26 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-11-04 19:20 . 2004-09-10 14:57 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-09-10 14:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-09-10 14:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-09-10 14:57 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-09-10 14:57 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-09-10 14:57 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-09-10 14:57 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-09-10 14:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-09-10 14:57 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-01-07 11:46 . 2011-05-06 18:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-06 88363]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
TalkTalk Diagnostic Reporting Tool.exe [2010-9-8 728024]
_uninst_99208715.lnk - c:\documents and settings\User\Local Settings\temp\_uninst_99208715.bat [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\apps\\skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\MediaMonkey\\VisHelper.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25499:TCP"= 25499:TCP:utorrent
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [04/08/2011 09:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [04/08/2011 09:20 103112]
R2 MyPort;Myport;c:\windows\system32\drivers\MyPort.sys [05/03/2003 08:44 2127]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/01/2010 07:43 47360]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [09/11/2011 18:36 7040]
S1 gfppapfa;gfppapfa;\??\c:\windows\system32\drivers\gfppapfa.sys --> c:\windows\system32\drivers\gfppapfa.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [25/09/2010 08:49 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 18:01 21248]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [20/06/2010 20:15 9472]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 17:33]
.
2011-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 21:18]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 21:18]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025548750-2202908060-4122310945-1005Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 21:18]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025548750-2202908060-4122310945-1005UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 21:18]
.
2012-01-21 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 15:26]
.
2010-01-19 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2004-09-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ecrsiagn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - http:/www.google.co.uk/search?hl=en-GB&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-16772922.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 18:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,f5,a4,4e,74,08,ad,48,86,f7,e8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,f5,a4,4e,74,08,ad,48,86,f7,e8,\
.
[HKEY_USERS\S-1-5-21-4025548750-2202908060-4122310945-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{17841D80-6155-AAB0-A6EF-5E5959A3A69D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-01-21 18:41:22
ComboFix-quarantined-files.txt 2012-01-21 18:41
.
Pre-Run: 61,844,086,784 bytes free
Post-Run: 62,029,574,144 bytes free
.
- - End Of File - - B7B9D64986FCCD2049D8ABEDC2F9765E
  • 0

#6
RKinner
Posted 21 January 2012 - 02:26 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I didn't see ZeroAccess in your OTL log and there is none of it in the CF log so I'm not sure what CF is talking about.



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

SecCenter::
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\gfppapfa.sys
c:\windows\system32\drivers\SBREdrv.sys
c:\documents and settings\User\Local Settings\temp\_uninst_99208715.bat
c:\documents and settings\User\Start Menu\Programs\Startup\TalkTalk Diagnostic Reporting Tool.exe
c:\documents and settings\User\Start Menu\Programs\Startup\_uninst_99208715.lnk

Driver::
gfppapfa
SBRE

RootKit::
c:\windows\system32\drivers\gfppapfa.sys

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


Go on with the other steps if you haven't already. Safe Mode with Networking is fine if that is all it will do.

Ron
  • 0

#7
Dr_hfuhruhurr
Posted 21 January 2012 - 04:09 PM

Dr_hfuhruhurr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi, I ran ComboFix with the .txt file - it warned about the rootkit again, and the computer froze again after the log appeared, in normal mode. After this I ran TDSS twice then aswMBR and then OTL with the copied custom scans. I'll post the logs in that order. Thanks again.
ComboFix 12-01-21.02 - User 21/01/2012 21:18:30.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.520 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
FILE ::
"c:\documents and settings\User\Local Settings\temp\_uninst_99208715.bat"
"c:\documents and settings\User\Start Menu\Programs\Startup\_uninst_99208715.lnk"
"c:\documents and settings\User\Start Menu\Programs\Startup\TalkTalk Diagnostic Reporting Tool.exe"
"c:\windows\system32\drivers\gfppapfa.sys"
"c:\windows\system32\drivers\SBREdrv.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Start Menu\Programs\Startup\_uninst_99208715.lnk
c:\documents and settings\User\Start Menu\Programs\Startup\TalkTalk Diagnostic Reporting Tool.exe
.
Infected copy of c:\windows\system32\drivers\mqac.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SBRE
-------\Service_gfppapfa
-------\Service_SBRE
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 18:22 . 2012-01-21 18:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-01-21 17:31 . 2012-01-21 17:31 -------- d-----w- C:\_OTL
2012-01-21 11:26 . 2012-01-21 11:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ulead Systems
2012-01-21 10:14 . 2012-01-21 10:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\GFI Software
2012-01-21 08:19 . 2012-01-21 08:19 -------- d-----w- c:\program files\VS Revo Group
2012-01-20 19:56 . 2012-01-20 19:56 -------- d-----w- c:\program files\ESET
2012-01-20 19:56 . 2012-01-20 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-01-20 17:20 . 2012-01-20 17:20 -------- d-----w- c:\program files\Lavasoft
2012-01-20 17:20 . 2012-01-20 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-01-18 19:52 . 2012-01-18 19:52 -------- d-----w- c:\program files\GFI Software
2012-01-07 11:46 . 2012-01-07 11:46 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-07 11:46 . 2012-01-07 11:46 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-07 11:46 . 2012-01-07 11:46 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-07 11:46 . 2012-01-07 11:46 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-29 10:25 . 2011-12-29 10:25 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 15:24 . 2010-04-23 11:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 17:56 . 2011-12-04 17:56 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-12-04 17:56 . 2011-12-04 17:56 1998168 ----a-w- c:\windows\system32\d3dx9_43.dll
2011-11-30 21:04 . 2011-05-21 06:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-09-10 14:57 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-09-10 14:57 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-09-10 14:57 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-08 21:46 . 2004-09-10 15:26 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-11-04 19:20 . 2004-09-10 14:57 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-09-10 14:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-09-10 14:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-09-10 14:57 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-09-10 14:57 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-09-10 14:57 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-09-10 14:57 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-09-10 14:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-09-10 14:57 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-01-07 11:46 . 2011-05-06 18:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot@2012-01-21_18.36.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-09-10 14:57 . 2008-04-13 18:39 92544 c:\windows\system32\drivers\mqac.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-06 88363]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\apps\\skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\MediaMonkey\\VisHelper.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25499:TCP"= 25499:TCP:utorrent
.
2;2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 136176]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
R2 MyPort;MyPort; [x]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 136176]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-22 21248]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2012-01-20 2152152]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-01-12 47360]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2005-11-28 7040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 17:33]
.
2011-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 21:18]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 21:18]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025548750-2202908060-4122310945-1005Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 21:18]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025548750-2202908060-4122310945-1005UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 21:18]
.
2012-01-21 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 15:26]
.
2010-01-19 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2004-09-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ecrsiagn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - http:/www.google.co.uk/search?hl=en-GB&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 21:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,f5,a4,4e,74,08,ad,48,86,f7,e8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,f5,a4,4e,74,08,ad,48,86,f7,e8,\
.
[HKEY_USERS\S-1-5-21-4025548750-2202908060-4122310945-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{17841D80-6155-AAB0-A6EF-5E5959A3A69D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2908)
c:\windows\system32\WININET.dll
c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\AGRSMMSG.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
.
**************************************************************************
.
Completion time: 2012-01-21 21:34:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-21 21:34
ComboFix2.txt 2012-01-21 18:41
.
Pre-Run: 61,941,256,192 bytes free
Post-Run: 61,924,696,064 bytes free
.
- - End Of File - - 7622319FF3F2C632E02CB401F7A45D09



########################################################################################
21:40:54.0906 1448 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
21:40:55.0140 1448 ============================================================
21:40:55.0140 1448 Current date / time: 2012/01/21 21:40:55.0140
21:40:55.0140 1448 SystemInfo:
21:40:55.0140 1448
21:40:55.0140 1448 OS Version: 5.1.2600 ServicePack: 3.0
21:40:55.0140 1448 Product type: Workstation
21:40:55.0140 1448 ComputerName: 107863980132
21:40:55.0140 1448 UserName: Administrator
21:40:55.0140 1448 Windows directory: C:\WINDOWS
21:40:55.0140 1448 System windows directory: C:\WINDOWS
21:40:55.0140 1448 Processor architecture: Intel x86
21:40:55.0140 1448 Number of processors: 2
21:40:55.0140 1448 Page size: 0x1000
21:40:55.0140 1448 Boot type: Safe boot with network
21:40:55.0140 1448 ============================================================
21:41:00.0437 1448 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:41:00.0734 1448 Initialize success
21:41:13.0125 1664 ============================================================
21:41:13.0125 1664 Scan started
21:41:13.0125 1664 Mode: Manual;
21:41:13.0125 1664 ============================================================
21:41:14.0187 1664 Abiosdsk - ok
21:41:14.0265 1664 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:41:14.0281 1664 abp480n5 - ok
21:41:14.0421 1664 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:41:14.0437 1664 ACPI - ok
21:41:14.0593 1664 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:41:14.0593 1664 ACPIEC - ok
21:41:14.0671 1664 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:41:14.0671 1664 adpu160m - ok
21:41:14.0750 1664 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:41:14.0750 1664 aec - ok
21:41:14.0812 1664 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:41:14.0812 1664 AFD - ok
21:41:14.0906 1664 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:41:14.0984 1664 AgereSoftModem - ok
21:41:15.0015 1664 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:41:15.0015 1664 agp440 - ok
21:41:15.0031 1664 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:41:15.0031 1664 agpCPQ - ok
21:41:15.0078 1664 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:41:15.0078 1664 Aha154x - ok
21:41:15.0093 1664 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:41:15.0093 1664 aic78u2 - ok
21:41:15.0125 1664 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:41:15.0125 1664 aic78xx - ok
21:41:15.0156 1664 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:41:15.0156 1664 AliIde - ok
21:41:15.0171 1664 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:41:15.0187 1664 alim1541 - ok
21:41:15.0203 1664 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:41:15.0203 1664 amdagp - ok
21:41:15.0218 1664 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:41:15.0218 1664 amsint - ok
21:41:15.0296 1664 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:41:15.0296 1664 Arp1394 - ok
21:41:15.0312 1664 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:41:15.0312 1664 asc - ok
21:41:15.0375 1664 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:41:15.0375 1664 asc3350p - ok
21:41:15.0406 1664 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:41:15.0406 1664 asc3550 - ok
21:41:15.0437 1664 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
21:41:15.0437 1664 ASCTRM - ok
21:41:15.0500 1664 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:41:15.0500 1664 AsyncMac - ok
21:41:15.0515 1664 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:41:15.0515 1664 atapi - ok
21:41:15.0531 1664 Atdisk - ok
21:41:15.0578 1664 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:41:15.0578 1664 Atmarpc - ok
21:41:15.0640 1664 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:41:15.0640 1664 audstub - ok
21:41:15.0687 1664 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:41:15.0703 1664 Beep - ok
21:41:15.0812 1664 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:41:15.0812 1664 BthEnum - ok
21:41:15.0890 1664 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:41:15.0890 1664 BthPan - ok
21:41:15.0984 1664 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
21:41:15.0984 1664 BTHPORT - ok
21:41:16.0015 1664 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
21:41:16.0015 1664 BTHUSB - ok
21:41:16.0078 1664 Cam5603D (d09ee7f110448865dc56baa750090631) C:\WINDOWS\system32\Drivers\BisonCam.sys
21:41:16.0125 1664 Cam5603D - ok
21:41:16.0125 1664 catchme - ok
21:41:16.0156 1664 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:41:16.0156 1664 cbidf - ok
21:41:16.0171 1664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:41:16.0171 1664 cbidf2k - ok
21:41:16.0187 1664 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:41:16.0187 1664 CCDECODE - ok
21:41:16.0218 1664 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:41:16.0218 1664 cd20xrnt - ok
21:41:16.0265 1664 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:41:16.0265 1664 Cdaudio - ok
21:41:16.0281 1664 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:41:16.0281 1664 Cdfs - ok
21:41:16.0296 1664 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:41:16.0296 1664 Cdrom - ok
21:41:16.0312 1664 Changer - ok
21:41:16.0390 1664 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:41:16.0390 1664 CmBatt - ok
21:41:16.0437 1664 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:41:16.0437 1664 CmdIde - ok
21:41:16.0453 1664 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:41:16.0453 1664 Compbatt - ok
21:41:16.0500 1664 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:41:16.0500 1664 Cpqarray - ok
21:41:16.0531 1664 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:41:16.0531 1664 dac2w2k - ok
21:41:16.0546 1664 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:41:16.0562 1664 dac960nt - ok
21:41:16.0593 1664 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:41:16.0593 1664 Disk - ok
21:41:16.0671 1664 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:41:16.0718 1664 dmboot - ok
21:41:16.0734 1664 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:41:16.0734 1664 dmio - ok
21:41:16.0750 1664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:41:16.0750 1664 dmload - ok
21:41:16.0796 1664 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:41:16.0796 1664 DMusic - ok
21:41:16.0828 1664 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:41:16.0828 1664 dpti2o - ok
21:41:16.0859 1664 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:41:16.0859 1664 drmkaud - ok
21:41:16.0890 1664 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
21:41:16.0906 1664 dvd43llh - ok
21:41:16.0953 1664 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
21:41:16.0953 1664 eamon - ok
21:41:17.0031 1664 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:41:17.0031 1664 ehdrv - ok
21:41:17.0093 1664 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
21:41:17.0093 1664 epfwtdir - ok
21:41:17.0156 1664 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:41:17.0156 1664 Fastfat - ok
21:41:17.0203 1664 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:41:17.0203 1664 Fdc - ok
21:41:17.0234 1664 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:41:17.0234 1664 Fips - ok
21:41:17.0250 1664 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:41:17.0250 1664 Flpydisk - ok
21:41:17.0312 1664 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:41:17.0312 1664 FltMgr - ok
21:41:17.0390 1664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:41:17.0390 1664 Fs_Rec - ok
21:41:17.0406 1664 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:41:17.0406 1664 Ftdisk - ok
21:41:17.0468 1664 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:41:17.0468 1664 GEARAspiWDM - ok
21:41:17.0500 1664 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:41:17.0515 1664 Gpc - ok
21:41:17.0578 1664 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:41:17.0578 1664 HDAudBus - ok
21:41:17.0609 1664 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:41:17.0609 1664 HidUsb - ok
21:41:17.0687 1664 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:41:17.0687 1664 hpn - ok
21:41:17.0718 1664 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
21:41:17.0734 1664 HTCAND32 - ok
21:41:17.0765 1664 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
21:41:17.0765 1664 htcnprot - ok
21:41:17.0812 1664 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:41:17.0828 1664 HTTP - ok
21:41:17.0906 1664 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:41:17.0906 1664 i2omgmt - ok
21:41:17.0937 1664 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:41:17.0937 1664 i2omp - ok
21:41:17.0984 1664 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:41:17.0984 1664 i8042prt - ok
21:41:18.0078 1664 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:41:18.0125 1664 ialm - ok
21:41:18.0203 1664 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:41:18.0203 1664 Imapi - ok
21:41:18.0281 1664 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:41:18.0281 1664 ini910u - ok
21:41:18.0296 1664 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:41:18.0296 1664 IntelIde - ok
21:41:18.0359 1664 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:41:18.0359 1664 intelppm - ok
21:41:18.0390 1664 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:41:18.0390 1664 Ip6Fw - ok
21:41:18.0406 1664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:41:18.0406 1664 IpFilterDriver - ok
21:41:18.0453 1664 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:41:18.0453 1664 IpInIp - ok
21:41:18.0484 1664 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:41:18.0484 1664 IpNat - ok
21:41:18.0515 1664 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:41:18.0515 1664 IPSec - ok
21:41:18.0546 1664 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:41:18.0546 1664 IRENUM - ok
21:41:18.0593 1664 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:41:18.0593 1664 isapnp - ok
21:41:18.0609 1664 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:41:18.0625 1664 Kbdclass - ok
21:41:18.0640 1664 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:41:18.0640 1664 kbdhid - ok
21:41:18.0687 1664 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:41:18.0687 1664 kmixer - ok
21:41:18.0718 1664 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:41:18.0718 1664 KSecDD - ok
21:41:18.0921 1664 lanusb (73f6efd2a2315af34f7872559686c471) C:\WINDOWS\system32\DRIVERS\glausb.sys
21:41:19.0015 1664 lanusb - ok
21:41:19.0156 1664 lbrtfdc - ok
21:41:19.0437 1664 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:41:19.0437 1664 MHNDRV - ok
21:41:19.0593 1664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:41:19.0609 1664 mnmdd - ok
21:41:19.0765 1664 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:41:19.0781 1664 Modem - ok
21:41:19.0937 1664 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:41:19.0953 1664 Mouclass - ok
21:41:20.0171 1664 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:41:20.0187 1664 mouhid - ok
21:41:20.0531 1664 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:41:20.0546 1664 MountMgr - ok
21:41:20.0796 1664 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:41:20.0812 1664 mraid35x - ok
21:41:21.0078 1664 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:41:21.0093 1664 MRxDAV - ok
21:41:21.0218 1664 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:41:21.0328 1664 MRxSmb - ok
21:41:21.0453 1664 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:41:21.0468 1664 Msfs - ok
21:41:21.0546 1664 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:41:21.0546 1664 MSKSSRV - ok
21:41:21.0625 1664 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:41:21.0625 1664 MSPCLOCK - ok
21:41:21.0656 1664 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:41:21.0656 1664 MSPQM - ok
21:41:21.0718 1664 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:41:21.0718 1664 mssmbios - ok
21:41:21.0750 1664 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:41:21.0765 1664 MSTEE - ok
21:41:21.0859 1664 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:41:21.0859 1664 Mup - ok
21:41:21.0953 1664 MyPort (cfb081fecb3473ac3ea93db1802b7ac7) C:\WINDOWS\system32\drivers\MyPort.sys
21:41:21.0953 1664 MyPort - ok
21:41:22.0031 1664 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:41:22.0078 1664 NABTSFEC - ok
21:41:22.0125 1664 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:41:22.0140 1664 NDIS - ok
21:41:22.0171 1664 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:41:22.0187 1664 NdisIP - ok
21:41:22.0250 1664 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:41:22.0250 1664 NdisTapi - ok
21:41:22.0312 1664 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:41:22.0328 1664 Ndisuio - ok
21:41:22.0343 1664 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:41:22.0359 1664 NdisWan - ok
21:41:22.0390 1664 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:41:22.0390 1664 NDProxy - ok
21:41:22.0421 1664 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:41:22.0437 1664 NetBIOS - ok
21:41:22.0500 1664 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:41:22.0546 1664 NetBT - ok
21:41:22.0843 1664 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
21:41:22.0968 1664 NETw3x32 - ok
21:41:23.0078 1664 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:41:23.0093 1664 NIC1394 - ok
21:41:23.0187 1664 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:41:23.0187 1664 Npfs - ok
21:41:23.0281 1664 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:41:23.0453 1664 Ntfs - ok
21:41:23.0515 1664 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:41:23.0515 1664 Null - ok
21:41:23.0609 1664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:41:23.0609 1664 NwlnkFlt - ok
21:41:23.0640 1664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:41:23.0656 1664 NwlnkFwd - ok
21:41:23.0687 1664 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:41:23.0687 1664 ohci1394 - ok
21:41:23.0734 1664 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:41:23.0750 1664 Parport - ok
21:41:23.0781 1664 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:41:23.0781 1664 PartMgr - ok
21:41:23.0843 1664 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:41:23.0859 1664 ParVdm - ok
21:41:23.0953 1664 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:41:23.0984 1664 PCI - ok
21:41:24.0046 1664 PCIDump - ok
21:41:24.0062 1664 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:41:24.0078 1664 PCIIde - ok
21:41:24.0125 1664 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:41:24.0125 1664 Pcmcia - ok
21:41:24.0203 1664 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
21:41:24.0218 1664 pcouffin - ok
21:41:24.0265 1664 PDCOMP - ok
21:41:24.0296 1664 PDFRAME - ok
21:41:24.0312 1664 PDRELI - ok
21:41:24.0343 1664 PDRFRAME - ok
21:41:24.0390 1664 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:41:24.0406 1664 perc2 - ok
21:41:24.0421 1664 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:41:24.0421 1664 perc2hib - ok
21:41:24.0500 1664 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
21:41:24.0500 1664 pnetmdm - ok
21:41:24.0531 1664 PPPoEWin - ok
21:41:24.0609 1664 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:41:24.0609 1664 PptpMiniport - ok
21:41:24.0640 1664 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:41:24.0640 1664 Processor - ok
21:41:24.0671 1664 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:41:24.0687 1664 PSched - ok
21:41:24.0703 1664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:41:24.0703 1664 Ptilink - ok
21:41:24.0734 1664 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:41:24.0734 1664 PxHelp20 - ok
21:41:24.0796 1664 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:41:24.0796 1664 ql1080 - ok
21:41:24.0828 1664 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:41:24.0828 1664 Ql10wnt - ok
21:41:24.0843 1664 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:41:24.0843 1664 ql12160 - ok
21:41:24.0875 1664 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:41:24.0875 1664 ql1240 - ok
21:41:24.0906 1664 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:41:24.0906 1664 ql1280 - ok
21:41:24.0921 1664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:41:24.0921 1664 RasAcd - ok
21:41:25.0015 1664 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:41:25.0015 1664 Rasl2tp - ok
21:41:25.0031 1664 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:41:25.0031 1664 RasPppoe - ok
21:41:25.0062 1664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:41:25.0078 1664 Raspti - ok
21:41:25.0093 1664 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:41:25.0109 1664 Rdbss - ok
21:41:25.0140 1664 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:41:25.0140 1664 RDPCDD - ok
21:41:25.0218 1664 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:41:25.0234 1664 rdpdr - ok
21:41:25.0312 1664 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:41:25.0328 1664 RDPWD - ok
21:41:25.0375 1664 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:41:25.0390 1664 redbook - ok
21:41:25.0531 1664 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:41:25.0546 1664 RFCOMM - ok
21:41:25.0640 1664 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:41:25.0656 1664 ROOTMODEM - ok
21:41:25.0781 1664 RTL8023xp (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:41:25.0781 1664 RTL8023xp - ok
21:41:25.0953 1664 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:41:25.0953 1664 Secdrv - ok
21:41:26.0000 1664 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:41:26.0015 1664 Serial - ok
21:41:26.0078 1664 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:41:26.0093 1664 Sfloppy - ok
21:41:26.0109 1664 Simbad - ok
21:41:26.0218 1664 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:41:26.0234 1664 sisagp - ok
21:41:26.0328 1664 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:41:26.0343 1664 SLIP - ok
21:41:26.0359 1664 SNP2STD - ok
21:41:26.0421 1664 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:41:26.0421 1664 Sparrow - ok
21:41:26.0468 1664 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:41:26.0484 1664 splitter - ok
21:41:26.0531 1664 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:41:26.0531 1664 sr - ok
21:41:26.0640 1664 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:41:26.0765 1664 Srv - ok
21:41:26.0843 1664 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
21:41:26.0843 1664 StarOpen - ok
21:41:27.0125 1664 STHDA (6b166d929f0e2d78fea1acddc5221f4c) C:\WINDOWS\system32\drivers\sthda.sys
21:41:27.0421 1664 STHDA - ok
21:41:27.0546 1664 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:41:27.0546 1664 streamip - ok
21:41:27.0593 1664 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:41:27.0593 1664 swenum - ok
21:41:27.0703 1664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:41:27.0703 1664 swmidi - ok
21:41:27.0906 1664 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:41:27.0906 1664 symc810 - ok
21:41:28.0000 1664 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:41:28.0015 1664 symc8xx - ok
21:41:28.0156 1664 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:41:28.0171 1664 sym_hi - ok
21:41:28.0312 1664 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:41:28.0328 1664 sym_u3 - ok
21:41:28.0437 1664 SynTP (f02ac372911f034b56182dc4bd6cb3af) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:41:28.0484 1664 SynTP - ok
21:41:28.0578 1664 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:41:28.0578 1664 sysaudio - ok
21:41:28.0734 1664 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:41:28.0859 1664 Tcpip - ok
21:41:28.0921 1664 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:41:28.0953 1664 TDPIPE - ok
21:41:29.0093 1664 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:41:29.0093 1664 TDTCP - ok
21:41:29.0234 1664 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:41:29.0234 1664 TermDD - ok
21:41:29.0437 1664 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
21:41:29.0437 1664 tifm21 - ok
21:41:29.0609 1664 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:41:29.0609 1664 TosIde - ok
21:41:29.0828 1664 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:41:29.0843 1664 Udfs - ok
21:41:29.0890 1664 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:41:29.0890 1664 ultra - ok
21:41:30.0015 1664 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:41:30.0031 1664 Update - ok
21:41:30.0156 1664 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:41:30.0156 1664 USBAAPL - ok
21:41:30.0203 1664 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:41:30.0203 1664 usbccgp - ok
21:41:30.0265 1664 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:41:30.0265 1664 usbehci - ok
21:41:30.0312 1664 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:41:30.0312 1664 usbhub - ok
21:41:30.0359 1664 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:41:30.0359 1664 usbohci - ok
21:41:30.0421 1664 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:41:30.0421 1664 usbprint - ok
21:41:30.0468 1664 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:41:30.0468 1664 usbscan - ok
21:41:30.0515 1664 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:41:30.0515 1664 USBSTOR - ok
21:41:30.0546 1664 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:41:30.0546 1664 usbuhci - ok
21:41:30.0578 1664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:41:30.0578 1664 VgaSave - ok
21:41:30.0640 1664 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:41:30.0687 1664 viaagp - ok
21:41:30.0703 1664 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:41:30.0703 1664 ViaIde - ok
21:41:30.0718 1664 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:41:30.0734 1664 VolSnap - ok
21:41:30.0843 1664 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys
21:41:30.0921 1664 w39n51 - ok
21:41:30.0953 1664 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:41:30.0953 1664 Wanarp - ok
21:41:31.0015 1664 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
21:41:31.0015 1664 wanatw - ok
21:41:31.0062 1664 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:41:31.0078 1664 Wdf01000 - ok
21:41:31.0093 1664 WDICA - ok
21:41:31.0140 1664 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:41:31.0140 1664 wdmaud - ok
21:41:31.0250 1664 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
21:41:31.0250 1664 WinUSB - ok
21:41:31.0328 1664 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
21:41:31.0328 1664 WpdUsb - ok
21:41:31.0375 1664 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:41:31.0375 1664 WS2IFSL - ok
21:41:31.0421 1664 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:41:31.0437 1664 WSTCODEC - ok
21:41:31.0515 1664 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:41:31.0531 1664 WudfPf - ok
21:41:31.0593 1664 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:41:31.0625 1664 WudfRd - ok
21:41:31.0671 1664 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
21:41:31.0671 1664 X10Hid - ok
21:41:31.0796 1664 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
21:41:32.0218 1664 \Device\Harddisk0\DR0 - ok
21:41:32.0265 1664 Boot (0x1200) (91b9e5448b2577141c18dac5eabfe4ce) \Device\Harddisk0\DR0\Partition0
21:41:32.0265 1664 \Device\Harddisk0\DR0\Partition0 - ok
21:41:32.0265 1664 ============================================================
21:41:32.0265 1664 Scan finished
21:41:32.0265 1664 ============================================================
21:41:32.0281 1644 Detected object count: 0
21:41:32.0281 1644 Actual detected object count: 0
21:42:25.0703 1776 ============================================================
21:42:25.0703 1776 Scan started
21:42:25.0703 1776 Mode: Manual; SigCheck; TDLFS;
21:42:25.0703 1776 ============================================================
21:42:25.0953 1776 Abiosdsk - ok
21:42:26.0000 1776 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:42:26.0187 1776 abp480n5 - ok
21:42:26.0390 1776 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:42:26.0531 1776 ACPI - ok
21:42:26.0578 1776 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:42:26.0671 1776 ACPIEC - ok
21:42:26.0718 1776 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:42:26.0843 1776 adpu160m - ok
21:42:26.0937 1776 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:42:27.0062 1776 aec - ok
21:42:27.0109 1776 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:42:27.0140 1776 AFD - ok
21:42:27.0234 1776 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:42:27.0359 1776 AgereSoftModem - ok
21:42:27.0421 1776 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:42:27.0546 1776 agp440 - ok
21:42:27.0562 1776 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:42:27.0671 1776 agpCPQ - ok
21:42:27.0687 1776 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:42:27.0765 1776 Aha154x - ok
21:42:27.0765 1776 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:42:27.0890 1776 aic78u2 - ok
21:42:27.0937 1776 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:42:28.0031 1776 aic78xx - ok
21:42:28.0062 1776 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:42:28.0171 1776 AliIde - ok
21:42:28.0203 1776 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:42:28.0328 1776 alim1541 - ok
21:42:28.0343 1776 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:42:28.0468 1776 amdagp - ok
21:42:28.0500 1776 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:42:28.0546 1776 amsint - ok
21:42:28.0593 1776 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:42:28.0718 1776 Arp1394 - ok
21:42:28.0750 1776 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:42:28.0875 1776 asc - ok
21:42:28.0890 1776 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:42:28.0953 1776 asc3350p - ok
21:42:28.0953 1776 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:42:29.0062 1776 asc3550 - ok
21:42:29.0093 1776 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
21:42:29.0125 1776 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
21:42:29.0125 1776 ASCTRM - detected UnsignedFile.Multi.Generic (1)
21:42:29.0203 1776 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:42:29.0328 1776 AsyncMac - ok
21:42:29.0375 1776 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:42:29.0484 1776 atapi - ok
21:42:29.0500 1776 Atdisk - ok
21:42:29.0546 1776 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:42:29.0656 1776 Atmarpc - ok
21:42:29.0687 1776 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:42:29.0812 1776 audstub - ok
21:42:29.0843 1776 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:42:29.0968 1776 Beep - ok
21:42:30.0046 1776 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:42:30.0156 1776 BthEnum - ok
21:42:30.0187 1776 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:42:30.0312 1776 BthPan - ok
21:42:30.0375 1776 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
21:42:30.0437 1776 BTHPORT - ok
21:42:30.0484 1776 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
21:42:30.0609 1776 BTHUSB - ok
21:42:30.0718 1776 Cam5603D (d09ee7f110448865dc56baa750090631) C:\WINDOWS\system32\Drivers\BisonCam.sys
21:42:30.0812 1776 Cam5603D - ok
21:42:30.0828 1776 catchme - ok
21:42:30.0859 1776 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:42:30.0984 1776 cbidf - ok
21:42:31.0000 1776 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:42:31.0093 1776 cbidf2k - ok
21:42:31.0140 1776 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:42:31.0281 1776 CCDECODE - ok
21:42:31.0296 1776 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:42:31.0343 1776 cd20xrnt - ok
21:42:31.0375 1776 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:42:31.0500 1776 Cdaudio - ok
21:42:31.0546 1776 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:42:31.0656 1776 Cdfs - ok
21:42:31.0687 1776 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:42:31.0796 1776 Cdrom - ok
21:42:31.0812 1776 Changer - ok
21:42:31.0875 1776 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:42:31.0984 1776 CmBatt - ok
21:42:32.0046 1776 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:42:32.0156 1776 CmdIde - ok
21:42:32.0187 1776 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:42:32.0281 1776 Compbatt - ok
21:42:32.0328 1776 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:42:32.0453 1776 Cpqarray - ok
21:42:32.0500 1776 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:42:32.0609 1776 dac2w2k - ok
21:42:32.0625 1776 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:42:32.0734 1776 dac960nt - ok
21:42:32.0781 1776 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:42:32.0890 1776 Disk - ok
21:42:33.0203 1776 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:42:33.0375 1776 dmboot - ok
21:42:33.0562 1776 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:42:33.0687 1776 dmio - ok
21:42:33.0765 1776 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:42:33.0890 1776 dmload - ok
21:42:33.0968 1776 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:42:34.0109 1776 DMusic - ok
21:42:34.0140 1776 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:42:34.0250 1776 dpti2o - ok
21:42:34.0281 1776 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:42:34.0390 1776 drmkaud - ok
21:42:34.0453 1776 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
21:42:34.0468 1776 dvd43llh ( UnsignedFile.Multi.Generic ) - warning
21:42:34.0468 1776 dvd43llh - detected UnsignedFile.Multi.Generic (1)
21:42:34.0531 1776 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
21:42:34.0578 1776 eamon - ok
21:42:34.0625 1776 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:42:34.0625 1776 ehdrv - ok
21:42:34.0671 1776 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
21:42:34.0687 1776 epfwtdir - ok
21:42:34.0765 1776 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:42:34.0859 1776 Fastfat - ok
21:42:34.0906 1776 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:42:35.0031 1776 Fdc - ok
21:42:35.0062 1776 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:42:35.0187 1776 Fips - ok
21:42:35.0218 1776 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:42:35.0328 1776 Flpydisk - ok
21:42:35.0390 1776 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:42:35.0515 1776 FltMgr - ok
21:42:35.0578 1776 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:42:35.0687 1776 Fs_Rec - ok
21:42:35.0703 1776 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:42:35.0828 1776 Ftdisk - ok
21:42:35.0890 1776 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:42:35.0890 1776 GEARAspiWDM - ok
21:42:35.0921 1776 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:42:36.0062 1776 Gpc - ok
21:42:36.0125 1776 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:42:36.0234 1776 HDAudBus - ok
21:42:36.0265 1776 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:42:36.0375 1776 HidUsb - ok
21:42:36.0437 1776 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:42:36.0531 1776 hpn - ok
21:42:36.0578 1776 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
21:42:36.0671 1776 HTCAND32 - ok
21:42:36.0703 1776 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
21:42:36.0750 1776 htcnprot - ok
21:42:36.0812 1776 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:42:36.0859 1776 HTTP - ok
21:42:36.0921 1776 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:42:37.0031 1776 i2omgmt - ok
21:42:37.0062 1776 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:42:37.0187 1776 i2omp - ok
21:42:37.0234 1776 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:42:37.0343 1776 i8042prt - ok
21:42:37.0437 1776 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:42:37.0578 1776 ialm - ok
21:42:37.0640 1776 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:42:37.0750 1776 Imapi - ok
21:42:37.0812 1776 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:42:37.0921 1776 ini910u - ok
21:42:37.0937 1776 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:42:38.0062 1776 IntelIde - ok
21:42:38.0109 1776 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:42:38.0203 1776 intelppm - ok
21:42:38.0250 1776 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:42:38.0359 1776 Ip6Fw - ok
21:42:38.0390 1776 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:42:38.0515 1776 IpFilterDriver - ok
21:42:38.0546 1776 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:42:38.0656 1776 IpInIp - ok
21:42:38.0687 1776 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:42:38.0781 1776 IpNat - ok
21:42:38.0828 1776 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:42:38.0937 1776 IPSec - ok
21:42:38.0968 1776 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:42:39.0031 1776 IRENUM - ok
21:42:39.0062 1776 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:42:39.0156 1776 isapnp - ok
21:42:39.0203 1776 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:42:39.0328 1776 Kbdclass - ok
21:42:39.0359 1776 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:42:39.0453 1776 kbdhid - ok
21:42:39.0484 1776 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:42:39.0609 1776 kmixer - ok
21:42:39.0656 1776 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:42:39.0781 1776 KSecDD - ok
21:42:39.0843 1776 lanusb (73f6efd2a2315af34f7872559686c471) C:\WINDOWS\system32\DRIVERS\glausb.sys
21:42:39.0875 1776 lanusb - ok
21:42:39.0890 1776 lbrtfdc - ok
21:42:40.0015 1776 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:42:40.0031 1776 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
21:42:40.0031 1776 MHNDRV - detected UnsignedFile.Multi.Generic (1)
21:42:40.0062 1776 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:42:40.0171 1776 mnmdd - ok
21:42:40.0265 1776 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:42:40.0375 1776 Modem - ok
21:42:40.0453 1776 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:42:40.0562 1776 Mouclass - ok
21:42:40.0609 1776 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:42:40.0734 1776 mouhid - ok
21:42:40.0765 1776 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:42:40.0890 1776 MountMgr - ok
21:42:40.0906 1776 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:42:41.0000 1776 mraid35x - ok
21:42:41.0031 1776 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:42:41.0156 1776 MRxDAV - ok
21:42:41.0218 1776 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:42:41.0296 1776 MRxSmb - ok
21:42:41.0312 1776 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:42:41.0421 1776 Msfs - ok
21:42:41.0453 1776 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:42:41.0578 1776 MSKSSRV - ok
21:42:41.0609 1776 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:42:41.0734 1776 MSPCLOCK - ok
21:42:41.0765 1776 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:42:41.0890 1776 MSPQM - ok
21:42:41.0937 1776 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:42:42.0046 1776 mssmbios - ok
21:42:42.0078 1776 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:42:42.0203 1776 MSTEE - ok
21:42:42.0250 1776 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:42:42.0281 1776 Mup - ok
21:42:42.0328 1776 MyPort (cfb081fecb3473ac3ea93db1802b7ac7) C:\WINDOWS\system32\drivers\MyPort.sys
21:42:42.0328 1776 MyPort ( UnsignedFile.Multi.Generic ) - warning
21:42:42.0328 1776 MyPort - detected UnsignedFile.Multi.Generic (1)
21:42:42.0390 1776 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:42:42.0500 1776 NABTSFEC - ok
21:42:42.0546 1776 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:42:42.0671 1776 NDIS - ok
21:42:42.0703 1776 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:42:42.0828 1776 NdisIP - ok
21:42:42.0859 1776 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:42:42.0875 1776 NdisTapi - ok
21:42:42.0921 1776 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:42:43.0046 1776 Ndisuio - ok
21:42:43.0078 1776 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:42:43.0203 1776 NdisWan - ok
21:42:43.0250 1776 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:42:43.0281 1776 NDProxy - ok
21:42:43.0312 1776 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:42:43.0437 1776 NetBIOS - ok
21:42:43.0484 1776 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:42:43.0578 1776 NetBT - ok
21:42:43.0734 1776 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
21:42:43.0859 1776 NETw3x32 - ok
21:42:43.0906 1776 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:42:44.0031 1776 NIC1394 - ok
21:42:44.0078 1776 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:42:44.0203 1776 Npfs - ok
21:42:44.0250 1776 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:42:44.0359 1776 Ntfs - ok
21:42:44.0390 1776 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:42:44.0500 1776 Null - ok
21:42:44.0531 1776 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:42:44.0640 1776 NwlnkFlt - ok
21:42:44.0656 1776 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:42:44.0765 1776 NwlnkFwd - ok
21:42:44.0828 1776 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:42:44.0953 1776 ohci1394 - ok
21:42:44.0984 1776 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:42:45.0109 1776 Parport - ok
21:42:45.0125 1776 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:42:45.0234 1776 PartMgr - ok
21:42:45.0281 1776 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:42:45.0390 1776 ParVdm - ok
21:42:45.0437 1776 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:42:45.0546 1776 PCI - ok
21:42:45.0562 1776 PCIDump - ok
21:42:45.0593 1776 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:42:45.0687 1776 PCIIde - ok
21:42:45.0703 1776 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:42:45.0812 1776 Pcmcia - ok
21:42:45.0875 1776 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
21:42:45.0875 1776 pcouffin ( UnsignedFile.Multi.Generic ) - warning
21:42:45.0875 1776 pcouffin - detected UnsignedFile.Multi.Generic (1)
21:42:45.0890 1776 PDCOMP - ok
21:42:45.0906 1776 PDFRAME - ok
21:42:45.0937 1776 PDRELI - ok
21:42:45.0953 1776 PDRFRAME - ok
21:42:45.0968 1776 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:42:46.0078 1776 perc2 - ok
21:42:46.0109 1776 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:42:46.0218 1776 perc2hib - ok
21:42:46.0296 1776 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
21:42:46.0296 1776 pnetmdm ( UnsignedFile.Multi.Generic ) - warning
21:42:46.0296 1776 pnetmdm - detected UnsignedFile.Multi.Generic (1)
21:42:46.0312 1776 PPPoEWin - ok
21:42:46.0375 1776 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:42:46.0500 1776 PptpMiniport - ok
21:42:46.0531 1776 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:42:46.0656 1776 Processor - ok
21:42:46.0671 1776 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:42:46.0796 1776 PSched - ok
21:42:46.0843 1776 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:42:46.0968 1776 Ptilink - ok
21:42:47.0000 1776 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:42:47.0000 1776 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
21:42:47.0000 1776 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
21:42:47.0015 1776 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:42:47.0125 1776 ql1080 - ok
21:42:47.0140 1776 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:42:47.0265 1776 Ql10wnt - ok
21:42:47.0671 1776 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:42:47.0781 1776 ql12160 - ok
21:42:47.0812 1776 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:42:47.0937 1776 ql1240 - ok
21:42:47.0984 1776 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:42:48.0093 1776 ql1280 - ok
21:42:48.0125 1776 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:42:48.0234 1776 RasAcd - ok
21:42:48.0296 1776 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:42:48.0406 1776 Rasl2tp - ok
21:42:48.0453 1776 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:42:48.0546 1776 RasPppoe - ok
21:42:48.0578 1776 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:42:48.0703 1776 Raspti - ok
21:42:48.0765 1776 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:42:48.0890 1776 Rdbss - ok
21:42:48.0921 1776 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:42:49.0031 1776 RDPCDD - ok
21:42:49.0078 1776 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:42:49.0203 1776 rdpdr - ok
21:42:49.0265 1776 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:42:49.0281 1776 RDPWD - ok
21:42:49.0343 1776 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:42:49.0453 1776 redbook - ok
21:42:49.0546 1776 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:42:49.0656 1776 RFCOMM - ok
21:42:49.0718 1776 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:42:49.0828 1776 ROOTMODEM - ok
21:42:49.0906 1776 RTL8023xp (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:42:49.0984 1776 RTL8023xp - ok
21:42:50.0062 1776 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:42:50.0109 1776 Secdrv - ok
21:42:50.0156 1776 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:42:50.0265 1776 Serial - ok
21:42:50.0328 1776 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:42:50.0421 1776 Sfloppy - ok
21:42:50.0453 1776 Simbad - ok
21:42:50.0515 1776 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:42:50.0640 1776 sisagp - ok
21:42:50.0687 1776 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:42:50.0796 1776 SLIP - ok
21:42:50.0828 1776 SNP2STD - ok
21:42:50.0875 1776 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:42:50.0937 1776 Sparrow - ok
21:42:50.0953 1776 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:42:51.0078 1776 splitter - ok
21:42:51.0109 1776 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:42:51.0156 1776 sr - ok
21:42:51.0234 1776 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:42:51.0328 1776 Srv - ok
21:42:51.0375 1776 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
21:42:51.0406 1776 StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:42:51.0406 1776 StarOpen - detected UnsignedFile.Multi.Generic (1)
21:42:51.0500 1776 STHDA (6b166d929f0e2d78fea1acddc5221f4c) C:\WINDOWS\system32\drivers\sthda.sys
21:42:51.0609 1776 STHDA - ok
21:42:51.0671 1776 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:42:51.0781 1776 streamip - ok
21:42:51.0812 1776 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:42:51.0921 1776 swenum - ok
21:42:51.0953 1776 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:42:52.0062 1776 swmidi - ok
21:42:52.0125 1776 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:42:52.0234 1776 symc810 - ok
21:42:52.0250 1776 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:42:52.0375 1776 symc8xx - ok
21:42:52.0390 1776 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:42:52.0484 1776 sym_hi - ok
21:42:52.0500 1776 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:42:52.0609 1776 sym_u3 - ok
21:42:52.0671 1776 SynTP (f02ac372911f034b56182dc4bd6cb3af) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:42:52.0718 1776 SynTP - ok
21:42:52.0765 1776 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:42:52.0875 1776 sysaudio - ok
21:42:52.0953 1776 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:42:53.0046 1776 Tcpip - ok
21:42:53.0093 1776 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:42:53.0203 1776 TDPIPE - ok
21:42:53.0234 1776 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:42:53.0359 1776 TDTCP - ok
21:42:53.0390 1776 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:42:53.0500 1776 TermDD - ok
21:42:53.0578 1776 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
21:42:53.0609 1776 tifm21 - ok
21:42:53.0671 1776 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:42:53.0796 1776 TosIde - ok
21:42:53.0859 1776 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:42:53.0968 1776 Udfs - ok
21:42:54.0000 1776 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:42:54.0046 1776 ultra - ok
21:42:54.0140 1776 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:42:54.0265 1776 Update - ok
21:42:54.0343 1776 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:42:54.0406 1776 USBAAPL - ok
21:42:54.0453 1776 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:42:54.0578 1776 usbccgp - ok
21:42:54.0625 1776 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:42:54.0734 1776 usbehci - ok
21:42:54.0765 1776 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:42:54.0890 1776 usbhub - ok
21:42:54.0921 1776 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:42:55.0031 1776 usbohci - ok
21:42:55.0078 1776 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:42:55.0203 1776 usbprint - ok
21:42:55.0234 1776 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:42:55.0343 1776 usbscan - ok
21:42:55.0406 1776 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:42:55.0531 1776 USBSTOR - ok
21:42:55.0562 1776 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:42:55.0656 1776 usbuhci - ok
21:42:55.0687 1776 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:42:55.0812 1776 VgaSave - ok
21:42:55.0875 1776 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:42:55.0984 1776 viaagp - ok
21:42:56.0015 1776 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:42:56.0140 1776 ViaIde - ok
21:42:56.0171 1776 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:42:56.0265 1776 VolSnap - ok
21:42:56.0375 1776 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys
21:42:56.0515 1776 w39n51 - ok
21:42:56.0562 1776 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:42:56.0687 1776 Wanarp - ok
21:42:56.0734 1776 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
21:42:56.0781 1776 wanatw - ok
21:42:56.0828 1776 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:42:56.0859 1776 Wdf01000 - ok
21:42:56.0875 1776 WDICA - ok
21:42:56.0921 1776 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:42:57.0046 1776 wdmaud - ok
21:42:57.0125 1776 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
21:42:57.0140 1776 WinUSB - ok
21:42:57.0203 1776 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
21:42:57.0250 1776 WpdUsb - ok
21:42:57.0296 1776 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:42:57.0406 1776 WS2IFSL - ok
21:42:57.0453 1776 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:42:57.0578 1776 WSTCODEC - ok
21:42:57.0656 1776 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:42:57.0687 1776 WudfPf - ok
21:42:57.0718 1776 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:42:57.0750 1776 WudfRd - ok
21:42:57.0843 1776 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
21:42:57.0859 1776 X10Hid - ok
21:42:57.0968 1776 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
21:42:58.0187 1776 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:42:58.0187 1776 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:42:58.0203 1776 Boot (0x1200) (91b9e5448b2577141c18dac5eabfe4ce) \Device\Harddisk0\DR0\Partition0
21:42:58.0203 1776 \Device\Harddisk0\DR0\Partition0 - ok
21:42:58.0203 1776 ============================================================
21:42:58.0203 1776 Scan finished
21:42:58.0203 1776 ============================================================
21:42:58.0328 1756 Detected object count: 9
21:42:58.0328 1756 Actual detected object count: 9
21:43:43.0187 1756 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
21:43:43.0187 1756 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:43:43.0187 1756 dvd43llh ( UnsignedFile.Multi.Generic ) - skipped by user
21:43:43.0187 1756 dvd43llh ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:43:43.0203 1756 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:43:43.0203 1756 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:43:43.0203 1756 MyPort ( UnsignedFile.Multi.Generic ) - skipped by user
21:43:43.0203 1756 MyPort ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:43:43.0203 1756 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
21:43:43.0203 1756 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:43:43.0218 1756 pnetmdm ( UnsignedFile.Multi.Generic ) - skipped by user
21:43:43.0218 1756 pnetmdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:43:43.0218 1756 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
21:43:43.0218 1756 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:43:43.0234 1756 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:43:43.0234 1756 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:43:43.0234 1756 \Device\Harddisk0\DR0\TDLFS - deleted
21:43:43.0234 1756 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
21:43:47.0296 1432 Deinitialize success

########################################################################################

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-21 21:43:55
-----------------------------
21:43:55.015 OS Version: Windows 5.1.2600 Service Pack 3
21:43:55.015 Number of processors: 2 586 0xF06
21:43:55.031 ComputerName: 107863980132 UserName:
21:43:55.468 Initialize success
21:50:28.468 AVAST engine defs: 12012101
21:50:52.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:50:52.015 Disk 0 Vendor: ST9160821A 3.ALA Size: 152627MB BusType: 3
21:50:52.109 Disk 0 MBR read successfully
21:50:52.125 Disk 0 MBR scan
21:50:52.140 Disk 0 Windows XP default MBR code
21:50:52.156 Disk 0 Partition 1 00 1B Hidd FAT32 MSWIN4.1 7993 MB offset 63
21:50:52.187 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 144624 MB offset 16370235
21:50:52.203 Disk 0 scanning sectors +312560640
21:50:52.265 Disk 0 scanning C:\WINDOWS\system32\drivers
21:51:02.343 Service scanning
21:51:04.718 Modules scanning
21:51:09.437 AVAST engine scan C:\WINDOWS
21:51:17.234 AVAST engine scan C:\WINDOWS\system32
21:53:16.250 AVAST engine scan C:\WINDOWS\system32\drivers
21:53:32.515 AVAST engine scan C:\Documents and Settings\Administrator
21:53:47.046 AVAST engine scan C:\Documents and Settings\All Users
21:54:33.718 Scan finished successfully
21:55:08.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
21:55:08.890 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


########################################################################################

OTL logfile created on: 21/01/2012 21:57:53 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.11 Mb Total Physical Memory | 637.95 Mb Available Physical Memory | 62.91% Memory free
2.38 Gb Paging File | 2.23 Gb Available in Paging File | 93.72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.23 Gb Total Space | 58.60 Gb Free Space | 41.49% Space Free | Partition Type: NTFS

Computer Name: 107863980132 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/20 17:33:30 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/01/20 17:33:29 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012/01/20 15:37:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/20 17:33:44 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2012/01/20 17:33:40 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2012/01/20 17:27:32 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/12/23 07:12:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/20 17:33:29 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/05/25 09:41:54 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2005/10/20 06:15:00 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- (USBDeviceService)
SRV - [2005/01/31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/04/08 08:38:26 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2001/11/12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Stopped] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/06/22 18:01:52 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/06/09 23:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2006/11/07 06:34:36 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/28 14:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/04/19 16:50:08 | 000,788,224 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006/04/04 03:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/31 16:27:06 | 001,155,672 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/18 18:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/11/28 10:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2004/12/06 12:00:00 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/12/06 11:00:00 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/08/15 12:56:50 | 000,138,402 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glausb.sys -- (lanusb)
DRV - [2003/03/05 08:44:02 | 000,002,127 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MyPort.sys -- (MyPort)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...03&gct=&gc=1&q=

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 11:46:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/30 19:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/20 19:56:22 | 000,000,000 | ---D | M]

[2010/04/23 15:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/01/20 16:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lsc6gzkg.default\extensions
[2011/12/04 20:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/07 11:46:40 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/21 16:02:32 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/27 17:58:06 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/01/07 11:46:34 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/07 11:46:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/07 11:46:34 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/07 11:46:34 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/07 11:46:34 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/01/21 21:30:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{114F6ADA-835E-46A1-9436-8D201983FE5D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\APPS\DESKTOP\DESKTOP.HTM
O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\DESKTOP.HTM
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 21:28:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/21 21:08:36 | 000,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.svs
[2012/01/21 21:04:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012/01/21 21:04:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/01/21 21:01:00 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/01/21 21:00:49 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/01/21 21:00:33 | 004,388,509 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/01/21 21:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/01/21 18:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2012/01/21 18:05:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/21 18:05:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/21 18:05:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/21 18:05:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/21 18:04:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/21 17:31:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/21 17:23:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/01/21 11:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2012/01/21 10:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GFI Software
[2012/01/21 08:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/01/20 19:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/20 19:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2012/01/20 19:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/20 18:40:21 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/20 17:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/01/20 17:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/01/20 17:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/01/20 15:37:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/18 19:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\GFI Software
[2011/12/29 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/29 10:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/12/29 06:28:01 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2009/12/29 06:28:01 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2009/12/29 06:28:01 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2009/12/29 06:28:01 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2009/12/29 06:28:01 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2009/12/29 06:28:01 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/12/29 06:28:01 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2009/12/29 06:28:01 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2009/12/29 06:28:00 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2009/12/29 06:28:00 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2009/12/29 06:28:00 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2009/12/29 06:27:59 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2009/12/29 06:27:59 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2009/12/29 06:27:59 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2009/12/29 06:27:59 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe

========== Files - Modified Within 30 Days ==========

[2012/01/21 21:55:08 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/01/21 21:40:20 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/21 21:39:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 21:34:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/21 21:30:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/21 21:30:24 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/21 21:29:09 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012/01/21 21:01:18 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/01/21 21:00:59 | 004,388,509 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/01/21 21:00:54 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/01/21 18:54:03 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4025548750-2202908060-4122310945-1005UA.job
[2012/01/21 18:54:03 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4025548750-2202908060-4122310945-1005Core.job
[2012/01/21 18:00:02 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Master CD_DVD Creator.job
[2012/01/21 17:31:13 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Wireless Network Connection.lnk
[2012/01/21 11:26:56 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit_.INI
[2012/01/21 09:53:18 | 000,376,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/21 08:33:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/20 18:50:06 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/20 17:25:46 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/01/20 16:27:14 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/20 16:26:16 | 000,446,418 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/20 16:26:16 | 000,073,744 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/20 15:37:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/07 11:24:39 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\lxdd
[2011/12/29 10:27:53 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/01/21 21:55:08 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/01/21 18:05:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/21 18:05:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/21 18:05:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/21 18:05:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/21 18:05:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/21 17:31:13 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Wireless Network Connection.lnk
[2012/01/20 17:26:32 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/20 17:25:46 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/01/20 16:27:14 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 10:27:53 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/08 21:48:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2011/11/09 18:36:49 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2011/11/07 10:04:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/05 19:04:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/25 07:41:01 | 000,002,863 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2010/08/25 07:40:50 | 000,002,894 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2010/08/25 07:40:41 | 000,002,996 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2010/08/25 07:40:30 | 000,002,830 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2010/08/25 07:40:09 | 000,002,993 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2010/08/25 07:40:03 | 000,002,865 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2010/08/25 07:39:56 | 000,002,873 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2010/08/25 07:37:40 | 000,010,999 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/08/25 07:37:27 | 000,243,064 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/08/25 07:37:27 | 000,014,639 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/06/22 21:07:31 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/22 21:04:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/09 05:28:21 | 000,090,152 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/29 06:29:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2009/12/29 06:29:54 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/12/29 06:29:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2009/12/29 06:29:06 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2009/12/29 06:29:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2009/12/29 06:28:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/12/29 06:28:01 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/12/29 06:28:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2009/12/27 11:02:09 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/12/18 09:34:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/12/09 19:10:48 | 000,005,021 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2009/12/08 17:56:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/06 22:57:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2009/12/06 20:46:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI
[2009/12/01 11:20:26 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/12/01 10:18:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\AppRun.exe
[2009/12/01 10:18:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\Restart.exe
[2009/12/01 10:18:54 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2009/12/01 10:17:56 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2009/12/01 10:17:56 | 000,160,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp_.bin
[2009/12/01 10:17:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2009/12/01 10:17:56 | 000,017,020 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2009/01/25 21:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 23:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/11/07 07:03:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/07 06:42:34 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2006/11/07 06:37:57 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/07 06:35:29 | 000,007,596 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2006/11/07 06:33:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/07 06:16:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2006/11/07 06:16:08 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2006/03/23 14:24:10 | 000,006,399 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/12 11:23:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/06 11:00:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2004/09/10 15:50:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/09/10 15:42:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/09/10 15:32:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/10 15:24:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/10 15:22:38 | 000,376,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/10 14:57:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/10 14:57:27 | 000,446,418 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/09/10 14:57:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/10 14:57:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/10 14:57:26 | 000,073,744 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/09/10 14:57:25 | 000,004,613 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/10 14:57:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/10 14:57:22 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/10 14:57:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/10 14:57:12 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/10 14:57:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/10 14:56:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/05 08:44:00 | 000,002,127 | ---- | C] () -- C:\WINDOWS\System32\drivers\MyPort.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/07/15 16:30:46 | 000,028,672 | R--- | M] (Microsoft Corporation) -- C:\setupSNK.exe

< %SYSTEMDRIVE%\*.exe >
[2009/07/15 16:30:46 | 000,028,672 | R--- | M] (Microsoft Corporation) -- C:\setupSNK.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/01/21 17:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/01/21 10:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GFI Software
[2009/11/26 23:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2012/01/21 17:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/04/23 11:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/01/21 21:40:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/04/23 15:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/11/26 23:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2012/01/21 11:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2009/11/26 23:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver


< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/10 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/03/08 06:03:18 | 000,038,000 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/07 11:46:34 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/07 11:46:34 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/07 11:46:34 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/07 11:46:39 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/07 11:46:39 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/07 11:46:39 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/03/08 06:03:18 | 000,038,000 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/07 11:46:34 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/07 11:46:34 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/07 11:46:34 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/07 11:46:39 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/07 11:46:39 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/07 11:46:39 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

########################################################################################

OTL Extras logfile created on: 21/01/2012 21:57:53 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.11 Mb Total Physical Memory | 637.95 Mb Available Physical Memory | 62.91% Memory free
2.38 Gb Paging File | 2.23 Gb Available in Paging File | 93.72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.23 Gb Total Space | 58.60 Gb Free Space | 41.49% Space Free | Partition Type: NTFS

Computer Name: 107863980132 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"25499:TCP" = 25499:TCP:*:Enabled:utorrent

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\aol.exe" = %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm -- (Last.fm)
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:2500 Series Server -- ( )
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Device Monitor Application -- ()
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()
"C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\MediaMonkey\VisHelper.exe" = C:\Program Files\MediaMonkey\VisHelper.exe:*:Enabled:VisHelper -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: -- (Lexmark International, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{5A065EA0-0EEC-4E94-A2A0-40812576C122}" = Ulead PhotoImpact 10 SE
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8537ABE9-DCE4-4149-A0B4-9926E449AD01}" = ESET NOD32 Antivirus
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0 SE DVD
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.47 (March 12, 2011) version v2011.build.47
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F36964-39FD-414B-8ACD-647BF5BDB1EE}" = Radio Downloader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D64A57BC-40D6-47B1-A5FB-B52F52681294}" = Spectaculator 7.0.1
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.2.336
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"ControlSkype 1.0_is1" = ControlSkype
"ControlSkype 1.4_is1" = ControlSkype
"CutePDF Writer Installation" = CutePDF Writer 2.8
"dBpoweramp [Arrange Audio] Codec" = dBpoweramp [Arrange Audio] Codec
"dBpoweramp [Audio Info] Codec" = dBpoweramp [Audio Info] Codec
"dBpoweramp [Channel Split] Codec" = dBpoweramp [Channel Split] Codec
"dBpoweramp [ID Tag Update] Codec" = dBpoweramp [ID Tag Update] Codec
"dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec
"dBpoweramp [ReplayGain] Codec" = dBpoweramp [ReplayGain] Codec
"dBpoweramp [Tag From Filename] Codec" = dBpoweramp [Tag From Filename] Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Defraggler" = Defraggler
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.6.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Foxit Reader" = Foxit Reader
"G-Force" = G-Force
"HandBrake" = HandBrake 0.9.5
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.27091
"Lexmark 2500 Series" = Lexmark 2500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MediaMonkey_is1" = MediaMonkey 4.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.93
"Slawdog Smart Shutdown" = Slawdog Smart Shutdown
"Speccy" = Speccy
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeraCopy_is1" = TeraCopy 2.01
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Unlocker" = Unlocker 1.8.9
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"VolumeLogic1" = Volume Logic Plug-in for iTunes (remove only)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware™
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/01/2012 12:29:36 | Computer Name = 107863980132 | Source = ESENT | ID = 490
Description = svchost (1584) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 20/01/2012 12:29:36 | Computer Name = 107863980132 | Source = ESENT | ID = 439
Description = Catalog Database (1584) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
-1032.

Error - 20/01/2012 12:29:37 | Computer Name = 107863980132 | Source = ESENT | ID = 473
Description = Catalog Database (1584) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
was partially detached. Error -1032 encountered updating database headers.

Error - 20/01/2012 15:56:13 | Computer Name = 107863980132 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 20/01/2012 16:20:50 | Computer Name = 107863980132 | Source = ESENT | ID = 485
Description = wuauclt (3808) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 20/01/2012 16:20:50 | Computer Name = 107863980132 | Source = ESENT | ID = 485
Description = wuauclt (3808) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 20/01/2012 16:20:50 | Computer Name = 107863980132 | Source = ESENT | ID = 486
Description = wuauclt (3596) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" failed with system
error 183 (0x000000b7): "Cannot create a file when that file already exists. ".
The move file operation will fail with error -1022 (0xfffffc02).

Error - 20/01/2012 16:20:50 | Computer Name = 107863980132 | Source = ESENT | ID = 413
Description = wuauclt (3596) Unable to create a new logfile because the database
cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured,
or corrupted. Error -1022.

Error - 20/01/2012 16:20:50 | Computer Name = 107863980132 | Source = ESENT | ID = 492
Description = wuauclt (3596) The logfile sequence in "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\"
has been halted due to a fatal error. No further updates are possible for the
databases that use this logfile sequence. Please correct the problem and restart
or restore from backup.

Error - 20/01/2012 16:32:44 | Computer Name = 107863980132 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 20/01/2012 12:29:36 | Computer Name = 107863980132 | Source = ESENT | ID = 490
Description = svchost (1584) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 20/01/2012 12:29:36 | Computer Name = 107863980132 | Source = ESENT | ID = 439
Description = Catalog Database (1584) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
-1032.

Error - 20/01/2012 12:29:37 | Computer Name = 107863980132 | Source = ESENT | ID = 473
Description = Catalog Database (1584) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
was partially detached. Error -1032 encountered updating database headers.

Error - 20/01/2012 15:56:13 | Computer Name = 107863980132 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 20/01/2012 16:20:50 | Computer Name = 107863980132 | Source = ESENT | ID = 485
Description = wuauclt (3808) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 20/01/2012 16:20:50 | Computer Name = 107863980132 | Source = ESENT | ID = 485
Description = wuauclt (3808) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 20/01/2012 16:20:50 | Computer Name = 107863980132 | Source = ESENT | ID = 486
Description = wuauclt (3596) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" failed with system
error 183 (0x000000b7): "Cannot create a file when that file already exists. ".
The move file operation will fail with error -1022 (0xfffffc02).

Error - 20/01/2012 16:20:50 | Computer Name = 107863980132 | Source = ESENT | ID = 413
Description = wuauclt (3596) Unable to create a new logfile because the database
cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured,
or corrupted. Error -1022.

Error - 20/01/2012 16:20:50 | Computer Name = 107863980132 | Source = ESENT | ID = 492
Description = wuauclt (3596) The logfile sequence in "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\"
has been halted due to a fatal error. No further updates are possible for the
databases that use this logfile sequence. Please correct the problem and restart
or restore from backup.

Error - 20/01/2012 16:32:44 | Computer Name = 107863980132 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 21/01/2012 17:36:56 | Computer Name = 107863980132 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the CryptSvc service.

Error - 21/01/2012 17:36:56 | Computer Name = 107863980132 | Source = Service Control Manager | ID = 7000
Description = The CryptSvc service failed to start due to the following error: %%1053

Error - 21/01/2012 17:36:56 | Computer Name = 107863980132 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 21/01/2012 17:36:56 | Computer Name = 107863980132 | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 21/01/2012 17:36:56 | Computer Name = 107863980132 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.

Error - 21/01/2012 17:36:56 | Computer Name = 107863980132 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.

Error - 21/01/2012 17:37:52 | Computer Name = 107863980132 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.

Error - 21/01/2012 17:40:14 | Computer Name = 107863980132 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ehdrv Fips intelppm

Error - 21/01/2012 17:40:18 | Computer Name = 107863980132 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 21/01/2012 17:41:45 | Computer Name = 107863980132 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >
  • 0

#8
RKinner
Posted 21 January 2012 - 05:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I see your final OTL was done in Safe Mode with Networking. If you still cannot get into regular mode:


You are running an odd version of ad-aware. Appears it may have its own anti-virus. Please uninstall it for now.

Start Run, msconfig, OK
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. If it helps then go back and check/uncheck half of the items each
time until you find the culprit.
  • 0

#9
Dr_hfuhruhurr
Posted 22 January 2012 - 12:28 PM

Dr_hfuhruhurr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Ron, sorry for the delay, had to go to work. I managed to eventually uninstall AdAware using Revo. I've tried rebooting with the settings in msconfig you suggested but I still froze/ cursor delay of 30 seconds in normal mode. Should I go on trying checking/unchecking even though this happened with everything bar Microsoft services unchecked? Thanks
  • 0

#10
RKinner
Posted 22 January 2012 - 12:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
No point if it didn't let you boot. Try unhiding Microsoft Services and see if you can boot with them unchecked. (Some of them can not really be turned off)
  • 0

Advertisements

#11
Dr_hfuhruhurr
Posted 22 January 2012 - 01:49 PM

Dr_hfuhruhurr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I've tried rebooting with all the above and all the Microsoft Services unchecked, with the exception of 3, which it wouldn't let me deselect and it still froze as soon as the desktop loaded up in normal mode.
  • 0

#12
RKinner
Posted 22 January 2012 - 02:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Run Combofix again. Is it still complaining of ZeroAccess?

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot into regular mode and let it crash then boot into Safe Mode with Networking and

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#13
Dr_hfuhruhurr
Posted 22 January 2012 - 03:16 PM

Dr_hfuhruhurr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Ok, I ran ComboFix and it flashed up the warnings about Rootkit.ZeroAccess again, the two logs from Event Viewer are as follows:
Vino's Event Viewer v01c run on Windows XP in English
Report run at 22/01/2012 21:14:53

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/01/2012 21:13:57
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: ehdrv Fips intelppm

Log: 'System' Date/Time: 22/01/2012 21:12:50
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 22/01/2012 21:11:16
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 22/01/2012 21:11:16
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the Browser service.

Log: 'System' Date/Time: 22/01/2012 21:11:03
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.

Log: 'System' Date/Time: 22/01/2012 21:07:01
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/01/2012 21:12:30
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0018DEB979FC. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 22/01/2012 21:12:27
Type: warning Category: 0
Event: 3 Source: ACPIEC
\Device\ACPIEC: The embedded controller (EC) hardware returned data when none was requested. This may indicate that the BIOS is incorectly trying to access the EC without syncronizing with the OS. The data is being ignored.


Vino's Event Viewer v01c run on Windows XP in English
Report run at 22/01/2012 21:15:55

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/01/2012 21:09:20
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

And here's the ComboFix log:
ComboFix 12-01-21.02 - User 22/01/2012 20:44:07.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.678 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET7.tmp
c:\windows\system32\SET8.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-22 20:42 . 2012-01-22 20:42 -------- d-----w- c:\windows\LastGood
2012-01-21 18:22 . 2012-01-21 18:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-01-21 17:31 . 2012-01-21 17:31 -------- d-----w- C:\_OTL
2012-01-21 11:26 . 2012-01-21 11:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ulead Systems
2012-01-21 10:14 . 2012-01-21 10:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\GFI Software
2012-01-21 08:19 . 2012-01-21 08:19 -------- d-----w- c:\program files\VS Revo Group
2012-01-20 19:56 . 2012-01-22 20:31 -------- d-----w- c:\program files\ESET
2012-01-20 19:56 . 2012-01-22 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-01-20 17:20 . 2012-01-22 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-01-18 19:52 . 2012-01-18 19:52 -------- d-----w- c:\program files\GFI Software
2012-01-07 11:46 . 2012-01-07 11:46 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-07 11:46 . 2012-01-07 11:46 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-07 11:46 . 2012-01-07 11:46 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-07 11:46 . 2012-01-07 11:46 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-29 10:25 . 2011-12-29 10:25 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 15:24 . 2010-04-23 11:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 17:56 . 2011-12-04 17:56 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-12-04 17:56 . 2011-12-04 17:56 1998168 ----a-w- c:\windows\system32\d3dx9_43.dll
2011-11-30 21:04 . 2011-05-21 06:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-09-10 14:57 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-09-10 14:57 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-09-10 14:57 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-08 21:46 . 2004-09-10 15:26 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-11-04 19:20 . 2004-09-10 14:57 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-09-10 14:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-09-10 14:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-09-10 14:57 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-09-10 14:57 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-09-10 14:57 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-09-10 14:57 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-09-10 14:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-09-10 14:57 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-07 11:46 . 2011-05-06 18:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-21_18.36.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-09-10 14:57 . 2008-04-13 18:39 92544 c:\windows\system32\drivers\mqac.sys
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-12-06 11:00 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-23 12:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-23 12:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 12:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 16:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 16:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 01:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-08-01 16:07 729177 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=2 (0x2)
"USBDeviceService"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"PassThru Service"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMSAccessU"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"lxdd_device"=2 (0x2)
"lxddCATSCustConnectService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"ekrn"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\apps\\skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\MediaMonkey\\VisHelper.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25499:TCP"= 25499:TCP:utorrent
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [04/08/2011 09:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [04/08/2011 09:20 103112]
R2 MyPort;Myport;c:\windows\system32\drivers\MyPort.sys [05/03/2003 08:44 2127]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/01/2010 07:43 47360]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [09/11/2011 18:36 7040]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [25/09/2010 08:49 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 18:01 21248]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [20/06/2010 20:15 9472]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 21:18]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 21:18]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025548750-2202908060-4122310945-1005Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 21:18]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025548750-2202908060-4122310945-1005UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 21:18]
.
2012-01-21 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 15:26]
.
2010-01-19 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2004-09-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ecrsiagn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - http:/www.google.co.uk/search?hl=en-GB&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Lavasoft Ad-Aware Service
MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-22 20:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,f5,a4,4e,74,08,ad,48,86,f7,e8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,f5,a4,4e,74,08,ad,48,86,f7,e8,\
.
[HKEY_USERS\S-1-5-21-4025548750-2202908060-4122310945-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{17841D80-6155-AAB0-A6EF-5E5959A3A69D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-01-22 20:57:09
ComboFix-quarantined-files.txt 2012-01-22 20:57
ComboFix2.txt 2012-01-21 21:37
ComboFix3.txt 2012-01-21 18:41
.
Pre-Run: 62,145,867,776 bytes free
Post-Run: 62,231,695,360 bytes free
.
- - End Of File - - 28589648E8B748508A7CE02C2D7A5286
  • 0

#14
RKinner
Posted 22 January 2012 - 04:09 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I've posted in our internal Combofix forum. Perhaps the Combofix designer will have an idea why it keeps talking about zeroaccess.
Let's uninstall Combofix and then download it again.

copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

Pause your anti-virus.

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Save it to your desktop but rename it this time to george.exe

Then run george.exe.

For your regular mode problem see if you can boot into regular mode if you tell it from the Safe Mode menu:

Enable VGA Mode:

(This option starts Windows in 640 x 480 mode by using the current video driver (not Vga.sys). This mode is useful if the display is configured for a setting that the monitor cannot display. )
  • 0

#15
Dr_hfuhruhurr
Posted 23 January 2012 - 01:25 PM

Dr_hfuhruhurr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Ron, I downloaded ComboFix again and renamed it before running. I've tried uninstalling ESET antivirus but it flashed up warnings about it being active at the start of the ComboFix scan, is there anyway I can insure it's definitely gone (I can't see it in Task Manager). Still freezing in normal mode with VGA display I'm afraid. Here's the ComboFix log:
ComboFix 12-01-23.02 - User 23/01/2012 19:04:48.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.689 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\george.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-23 19:05 . 2012-01-23 19:05 -------- d-----w- c:\windows\LastGood
2012-01-21 17:31 . 2012-01-21 17:31 -------- d-----w- C:\_OTL
2012-01-21 11:26 . 2012-01-21 11:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ulead Systems
2012-01-21 10:14 . 2012-01-21 10:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\GFI Software
2012-01-21 08:19 . 2012-01-21 08:19 -------- d-----w- c:\program files\VS Revo Group
2012-01-20 19:56 . 2012-01-22 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-01-20 17:20 . 2012-01-22 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-01-18 19:52 . 2012-01-18 19:52 -------- d-----w- c:\program files\GFI Software
2012-01-07 11:46 . 2012-01-07 11:46 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-07 11:46 . 2012-01-07 11:46 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-07 11:46 . 2012-01-07 11:46 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-07 11:46 . 2012-01-07 11:46 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-29 10:25 . 2011-12-29 10:25 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 15:24 . 2010-04-23 11:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 17:56 . 2011-12-04 17:56 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-12-04 17:56 . 2011-12-04 17:56 1998168 ----a-w- c:\windows\system32\d3dx9_43.dll
2011-11-30 21:04 . 2011-05-21 06:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-09-10 14:57 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-09-10 14:57 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-09-10 14:57 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-08 21:46 . 2004-09-10 15:26 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-11-04 19:20 . 2004-09-10 14:57 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-09-10 14:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-09-10 14:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-09-10 14:57 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-09-10 14:57 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-09-10 14:57 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-09-10 14:57 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-09-10 14:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-07 11:46 . 2011-05-06 18:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-12-06 11:00 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-23 12:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-23 12:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 12:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 16:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 16:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 01:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-08-01 16:07 729177 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=2 (0x2)
"USBDeviceService"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"PassThru Service"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMSAccessU"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"lxdd_device"=2 (0x2)
"lxddCATSCustConnectService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"ekrn"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\apps\\skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\MediaMonkey\\VisHelper.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25499:TCP"= 25499:TCP:utorrent
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [04/08/2011 09:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [04/08/2011 09:20 103112]
R2 MyPort;Myport;c:\windows\system32\drivers\MyPort.sys [05/03/2003 08:44 2127]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/01/2010 07:43 47360]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [09/11/2011 18:36 7040]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [25/09/2010 08:49 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 18:01 21248]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [20/06/2010 20:15 9472]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/10/2010 07:57 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/10/2010 07:57 136176]
S4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S4 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [29/12/2009 06:29 99248]
S4 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12/08/2011 17:13 87040]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 21:18]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 21:18]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025548750-2202908060-4122310945-1005Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 21:18]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025548750-2202908060-4122310945-1005UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 21:18]
.
2012-01-23 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 15:26]
.
2010-01-19 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2004-09-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ecrsiagn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - http:/www.google.co.uk/search?hl=en-GB&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-23 19:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,f5,a4,4e,74,08,ad,48,86,f7,e8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,f5,a4,4e,74,08,ad,48,86,f7,e8,\
.
[HKEY_USERS\S-1-5-21-4025548750-2202908060-4122310945-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{17841D80-6155-AAB0-A6EF-5E5959A3A69D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-01-23 19:17:05
ComboFix-quarantined-files.txt 2012-01-23 19:17
ComboFix2.txt 2012-01-22 20:57
.
Pre-Run: 62,510,342,144 bytes free
Post-Run: 62,498,680,832 bytes free
.
- - End Of File - - 23004C3110D96C3E57B4AE6182EF9750
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP