[arkman]

Sorry, couple more questions before I proceed.

(1) I used the flashdrive to transfer and open several documents from the infected windows laptop to an iMac. Should I worry about the iMac being infected with anything?

(2) I also have a clean macbook that runs bootcamp. Can I run the flash disinfector in bootcamp without problems for the macbook itself?

Thanks!

[Advertisements]

(1) I used the flashdrive to transfer and open several documents from the infected windows laptop to an iMac. Should I worry about the iMac being infected with anything?

As the operating systems are different I would thinkt that it wouldn't be a problem but you could always use your AntiVirus software to do a scan.

(2) I also have a clean macbook that runs bootcamp. Can I run the flash disinfector in bootcamp without problems for the macbook itself?

I've never used a iMac/MacBook but if your Bootcamp software has a Windows Operating System on it then it should be ok.

It might be better to use a Windows based PC if you could.

[Homburg]

(1) I used the flashdrive to transfer and open several documents from the infected windows laptop to an iMac. Should I worry about the iMac being infected with anything?

As the operating systems are different I would thinkt that it wouldn't be a problem but you could always use your AntiVirus software to do a scan.

(2) I also have a clean macbook that runs bootcamp. Can I run the flash disinfector in bootcamp without problems for the macbook itself?

I've never used a iMac/MacBook but if your Bootcamp software has a Windows Operating System on it then it should be ok.

It might be better to use a Windows based PC if you could.

[arkman]

Finally found a laptop running windows vista. I downloaded flash_disinfector to the desktop, double-clicked, and got the message "An unindentified program wants access to your computer - Cancel/Allow." After allowing the program, nothing happens...

[Homburg]

Hi,

Ok, we'll try an alternative disinfector.

Please download Panda Vaccinate from here, click on the download button and run USBVaccine.

Then run TDSSkiller and aswMBR in my previous post.

[arkman]

14:42:58.0375 1756 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
14:42:58.0453 1756 ============================================================
14:42:58.0453 1756 Current date / time: 2011/10/15 14:42:58.0453
14:42:58.0453 1756 SystemInfo:
14:42:58.0453 1756
14:42:58.0453 1756 OS Version: 5.1.2600 ServicePack: 3.0
14:42:58.0453 1756 Product type: Workstation
14:42:58.0453 1756 ComputerName: Computer1
14:42:58.0453 1756 UserName: Talg
14:42:58.0453 1756 Windows directory: C:\WINDOWS
14:42:58.0453 1756 System windows directory: C:\WINDOWS
14:42:58.0453 1756 Processor architecture: Intel x86
14:42:58.0453 1756 Number of processors: 2
14:42:58.0453 1756 Page size: 0x1000
14:42:58.0453 1756 Boot type: Normal boot
14:42:58.0453 1756 ============================================================
14:42:59.0828 1756 Initialize success
14:43:43.0109 2548 ============================================================
14:43:43.0109 2548 Scan started
14:43:43.0109 2548 Mode: Manual; SigCheck; TDLFS;
14:43:43.0109 2548 ============================================================
14:43:43.0484 2548 Abiosdsk - ok
14:43:43.0500 2548 abp480n5 - ok
14:43:43.0546 2548 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:43:45.0765 2548 ACPI - ok
14:43:45.0875 2548 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:43:46.0078 2548 ACPIEC - ok
14:43:46.0125 2548 adpu160m - ok
14:43:46.0203 2548 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:43:46.0390 2548 aec - ok
14:43:46.0437 2548 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:43:46.0453 2548 AegisP ( UnsignedFile.Multi.Generic ) - warning
14:43:46.0453 2548 AegisP - detected UnsignedFile.Multi.Generic (1)
14:43:46.0515 2548 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
14:43:46.0562 2548 AFD - ok
14:43:46.0578 2548 Aha154x - ok
14:43:46.0593 2548 aic78u2 - ok
14:43:46.0609 2548 aic78xx - ok
14:43:46.0640 2548 AliIde - ok
14:43:46.0656 2548 amsint - ok
14:43:46.0687 2548 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
14:43:46.0750 2548 ApfiltrService - ok
14:43:46.0812 2548 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:43:47.0000 2548 Arp1394 - ok
14:43:47.0015 2548 asc - ok
14:43:47.0031 2548 asc3350p - ok
14:43:47.0046 2548 asc3550 - ok
14:43:47.0078 2548 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:43:47.0265 2548 AsyncMac - ok
14:43:47.0296 2548 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:43:47.0500 2548 atapi - ok
14:43:47.0515 2548 Atdisk - ok
14:43:47.0531 2548 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:43:47.0703 2548 Atmarpc - ok
14:43:47.0750 2548 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:43:47.0937 2548 audstub - ok
14:43:47.0984 2548 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:43:48.0187 2548 Beep - ok
14:43:48.0203 2548 catchme - ok
14:43:48.0250 2548 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:43:48.0437 2548 cbidf2k - ok
14:43:48.0468 2548 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:43:48.0640 2548 CCDECODE - ok
14:43:48.0656 2548 cd20xrnt - ok
14:43:48.0687 2548 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:43:48.0875 2548 Cdaudio - ok
14:43:48.0906 2548 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:43:49.0093 2548 Cdfs - ok
14:43:49.0125 2548 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:43:49.0312 2548 Cdrom - ok
14:43:49.0328 2548 Changer - ok
14:43:49.0375 2548 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:43:49.0546 2548 CmBatt - ok
14:43:49.0562 2548 CmdIde - ok
14:43:49.0593 2548 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:43:49.0765 2548 Compbatt - ok
14:43:49.0781 2548 Cpqarray - ok
14:43:49.0796 2548 dac2w2k - ok
14:43:49.0812 2548 dac960nt - ok
14:43:49.0843 2548 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:43:50.0031 2548 Disk - ok
14:43:50.0093 2548 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:43:50.0343 2548 dmboot - ok
14:43:50.0390 2548 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
14:43:50.0562 2548 DMICall - ok
14:43:50.0609 2548 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:43:50.0796 2548 dmio - ok
14:43:50.0828 2548 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:43:51.0000 2548 dmload - ok
14:43:51.0046 2548 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:43:51.0234 2548 DMusic - ok
14:43:51.0265 2548 dpti2o - ok
14:43:51.0281 2548 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:43:51.0453 2548 drmkaud - ok
14:43:51.0500 2548 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:43:51.0703 2548 Fastfat - ok
14:43:51.0734 2548 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:43:51.0921 2548 Fdc - ok
14:43:52.0000 2548 FdRedir (59558c6547d0362afb639ac682a9fcc3) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
14:43:52.0015 2548 FdRedir ( UnsignedFile.Multi.Generic ) - warning
14:43:52.0015 2548 FdRedir - detected UnsignedFile.Multi.Generic (1)
14:43:52.0046 2548 FileDisk2 (30967822edd32fb37f8209500724ae6c) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
14:43:52.0062 2548 FileDisk2 ( UnsignedFile.Multi.Generic ) - warning
14:43:52.0062 2548 FileDisk2 - detected UnsignedFile.Multi.Generic (1)
14:43:52.0171 2548 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:43:52.0375 2548 Fips - ok
14:43:52.0390 2548 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:43:52.0593 2548 Flpydisk - ok
14:43:52.0625 2548 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:43:52.0812 2548 FltMgr - ok
14:43:52.0859 2548 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:43:53.0046 2548 Fs_Rec - ok
14:43:53.0093 2548 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:43:53.0281 2548 Ftdisk - ok
14:43:53.0312 2548 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:43:53.0328 2548 GEARAspiWDM - ok
14:43:53.0359 2548 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:43:53.0546 2548 Gpc - ok
14:43:53.0593 2548 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:43:53.0781 2548 HDAudBus - ok
14:43:53.0812 2548 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:43:54.0000 2548 HidUsb - ok
14:43:54.0015 2548 hpn - ok
14:43:54.0062 2548 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:43:54.0171 2548 HPZid412 - ok
14:43:54.0265 2548 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:43:54.0328 2548 HPZipr12 - ok
14:43:54.0343 2548 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:43:54.0406 2548 HPZius12 - ok
14:43:54.0453 2548 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
14:43:54.0500 2548 HSFHWAZL - ok
14:43:54.0562 2548 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
14:43:54.0656 2548 HSF_DPV - ok
14:43:54.0703 2548 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:43:54.0750 2548 HTTP - ok
14:43:54.0781 2548 i2omgmt - ok
14:43:54.0796 2548 i2omp - ok
14:43:54.0859 2548 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:43:55.0046 2548 i8042prt - ok
14:43:55.0140 2548 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:43:55.0343 2548 ialm - ok
14:43:55.0468 2548 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
14:43:55.0484 2548 IFXTPM - ok
14:43:55.0546 2548 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:43:55.0734 2548 Imapi - ok
14:43:55.0781 2548 ini910u - ok
14:43:55.0828 2548 IntelIde - ok
14:43:55.0890 2548 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:43:56.0062 2548 intelppm - ok
14:43:56.0109 2548 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:43:56.0265 2548 Ip6Fw - ok
14:43:56.0312 2548 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:43:56.0484 2548 IpFilterDriver - ok
14:43:56.0515 2548 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:43:56.0703 2548 IpInIp - ok
14:43:56.0734 2548 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:43:56.0921 2548 IpNat - ok
14:43:56.0953 2548 IPSec (275e81ecb4ebac9ba604713a90eba03b) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:43:56.0953 2548 IPSec ( Rootkit.Win32.ZAccess.g ) - infected
14:43:56.0953 2548 IPSec - detected Rootkit.Win32.ZAccess.g (0)
14:43:56.0984 2548 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:43:57.0171 2548 IRENUM - ok
14:43:57.0187 2548 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:43:57.0375 2548 isapnp - ok
14:43:57.0406 2548 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:43:57.0593 2548 Kbdclass - ok
14:43:57.0625 2548 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:43:57.0812 2548 kmixer - ok
14:43:57.0859 2548 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:43:57.0968 2548 KSecDD - ok
14:43:57.0984 2548 lbrtfdc - ok
14:43:58.0046 2548 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
14:43:58.0093 2548 MBAMProtector - ok
14:43:58.0109 2548 MBAMSwissArmy - ok
14:43:58.0140 2548 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:43:58.0171 2548 mdmxsdk - ok
14:43:58.0218 2548 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:43:58.0406 2548 mnmdd - ok
14:43:58.0453 2548 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:43:58.0625 2548 Modem - ok
14:43:58.0656 2548 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
14:43:58.0750 2548 motccgp - ok
14:43:58.0781 2548 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
14:43:58.0812 2548 motccgpfl - ok
14:43:58.0843 2548 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
14:43:58.0906 2548 motmodem - ok
14:43:58.0921 2548 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:43:59.0109 2548 Mouclass - ok
14:43:59.0156 2548 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:43:59.0343 2548 mouhid - ok
14:43:59.0375 2548 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:43:59.0546 2548 MountMgr - ok
14:43:59.0640 2548 MpKsl09776da1 - ok
14:43:59.0656 2548 MpKsl20977336 - ok
14:43:59.0656 2548 MpKsl281305a0 - ok
14:43:59.0671 2548 MpKsl36782a5c - ok
14:43:59.0671 2548 MpKsl3aa3c35d - ok
14:43:59.0687 2548 MpKsl3e6442b9 - ok
14:43:59.0687 2548 MpKsl87b1fb46 - ok
14:43:59.0703 2548 MpKsl89c4b4a0 - ok
14:43:59.0703 2548 MpKsl8e1bda59 - ok
14:43:59.0718 2548 MpKsla4e06307 - ok
14:43:59.0718 2548 MpKslc5497097 - ok
14:43:59.0734 2548 MpKslc7db95b3 - ok
14:43:59.0734 2548 MpKslcfc00972 - ok
14:43:59.0750 2548 MpKsld903df8a - ok
14:43:59.0812 2548 mraid35x - ok
14:43:59.0875 2548 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:44:00.0078 2548 MRxDAV - ok
14:44:00.0140 2548 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:44:00.0218 2548 MRxSmb - ok
14:44:00.0281 2548 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:44:00.0453 2548 Msfs - ok
14:44:00.0484 2548 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:44:00.0656 2548 MSKSSRV - ok
14:44:00.0687 2548 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:44:00.0875 2548 MSPCLOCK - ok
14:44:00.0890 2548 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:44:01.0078 2548 MSPQM - ok
14:44:01.0125 2548 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:44:01.0281 2548 mssmbios - ok
14:44:01.0328 2548 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:44:01.0500 2548 MSTEE - ok
14:44:01.0531 2548 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:44:01.0593 2548 Mup - ok
14:44:01.0640 2548 Mvc25U870_VID_1262&PID_25FD (e88e7e9aa0ab34b6c664a4a43cea6316) C:\WINDOWS\system32\Drivers\Mvc25U870.sys
14:44:01.0703 2548 Mvc25U870_VID_1262&PID_25FD - ok
14:44:01.0750 2548 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:44:01.0937 2548 NABTSFEC - ok
14:44:01.0984 2548 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:44:02.0171 2548 NDIS - ok
14:44:02.0187 2548 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:44:02.0359 2548 NdisIP - ok
14:44:02.0390 2548 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:44:02.0453 2548 NdisTapi - ok
14:44:02.0468 2548 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:44:02.0656 2548 Ndisuio - ok
14:44:02.0687 2548 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:44:02.0859 2548 NdisWan - ok
14:44:02.0875 2548 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:44:02.0937 2548 NDProxy - ok
14:44:02.0968 2548 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:44:03.0156 2548 NetBIOS - ok
14:44:03.0187 2548 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:44:03.0359 2548 NetBT - ok
14:44:03.0390 2548 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:44:03.0578 2548 NIC1394 - ok
14:44:03.0609 2548 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:44:03.0765 2548 Npfs - ok
14:44:03.0812 2548 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:44:04.0062 2548 Ntfs - ok
14:44:04.0109 2548 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:44:04.0296 2548 Null - ok
14:44:04.0500 2548 nv (6866504ee1570ef783309abfb56f87e5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:44:04.0812 2548 nv - ok
14:44:04.0859 2548 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:44:05.0031 2548 NwlnkFlt - ok
14:44:05.0046 2548 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:44:05.0218 2548 NwlnkFwd - ok
14:44:05.0265 2548 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:44:05.0437 2548 ohci1394 - ok
14:44:05.0484 2548 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:44:05.0671 2548 Parport - ok
14:44:05.0687 2548 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:44:05.0859 2548 PartMgr - ok
14:44:05.0906 2548 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:44:06.0078 2548 ParVdm - ok
14:44:06.0093 2548 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:44:06.0281 2548 PCI - ok
14:44:06.0296 2548 PCIDump - ok
14:44:06.0343 2548 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:44:06.0515 2548 PCIIde - ok
14:44:06.0546 2548 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:44:06.0734 2548 Pcmcia - ok
14:44:06.0750 2548 PDCOMP - ok
14:44:06.0765 2548 PDFRAME - ok
14:44:06.0781 2548 PDRELI - ok
14:44:06.0796 2548 PDRFRAME - ok
14:44:06.0812 2548 perc2 - ok
14:44:06.0828 2548 perc2hib - ok
14:44:06.0875 2548 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:44:07.0062 2548 PptpMiniport - ok
14:44:07.0078 2548 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:44:07.0250 2548 PSched - ok
14:44:07.0281 2548 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:44:07.0468 2548 Ptilink - ok
14:44:07.0515 2548 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:44:07.0531 2548 PxHelp20 - ok
14:44:07.0546 2548 ql1080 - ok
14:44:07.0562 2548 Ql10wnt - ok
14:44:07.0578 2548 ql12160 - ok
14:44:07.0593 2548 ql1240 - ok
14:44:07.0625 2548 ql1280 - ok
14:44:07.0656 2548 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:44:07.0828 2548 RasAcd - ok
14:44:07.0875 2548 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:44:08.0062 2548 Rasl2tp - ok
14:44:08.0125 2548 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:44:08.0296 2548 RasPppoe - ok
14:44:08.0343 2548 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:44:08.0515 2548 Raspti - ok
14:44:08.0546 2548 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:44:08.0734 2548 Rdbss - ok
14:44:08.0750 2548 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:44:08.0937 2548 RDPCDD - ok
14:44:09.0000 2548 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:44:09.0062 2548 RDPWD - ok
14:44:09.0109 2548 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:44:09.0281 2548 redbook - ok
14:44:09.0343 2548 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
14:44:09.0390 2548 RimVSerPort - ok
14:44:09.0437 2548 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
14:44:09.0609 2548 ROOTMODEM - ok
14:44:09.0734 2548 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\RMClock\RTCore32.sys
14:44:09.0765 2548 RTCore32 ( UnsignedFile.Multi.Generic ) - warning
14:44:09.0765 2548 RTCore32 - detected UnsignedFile.Multi.Generic (1)
14:44:09.0875 2548 s24trans (078eba5670fdaa041552cd86b984f2de) C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:44:09.0890 2548 s24trans ( UnsignedFile.Multi.Generic ) - warning
14:44:09.0890 2548 s24trans - detected UnsignedFile.Multi.Generic (1)
14:44:09.0937 2548 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:44:09.0953 2548 SASDIFSV - ok
14:44:09.0984 2548 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
14:44:10.0000 2548 SASENUM - ok
14:44:10.0046 2548 SASKUTIL (4fd72291a89793049104ca0a7e353cd4) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
14:44:10.0062 2548 SASKUTIL - ok
14:44:10.0187 2548 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:44:10.0375 2548 Secdrv - ok
14:44:10.0421 2548 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:44:10.0625 2548 Serial - ok
14:44:10.0671 2548 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:44:10.0859 2548 Sfloppy - ok
14:44:10.0921 2548 shpf (b8e1ac2cdad522572bfc73781d0e37e2) C:\WINDOWS\system32\DRIVERS\shpf.sys
14:44:10.0921 2548 shpf ( UnsignedFile.Multi.Generic ) - warning
14:44:10.0921 2548 shpf - detected UnsignedFile.Multi.Generic (1)
14:44:10.0953 2548 Simbad - ok
14:44:10.0968 2548 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:44:11.0156 2548 SLIP - ok
14:44:11.0187 2548 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
14:44:11.0234 2548 SNC - ok
14:44:11.0281 2548 SndTAudio (3e44ac015742401a685a4cf5d98ebd3e) C:\WINDOWS\system32\drivers\SndTAudio.sys
14:44:11.0421 2548 SndTAudio ( UnsignedFile.Multi.Generic ) - warning
14:44:11.0421 2548 SndTAudio - detected UnsignedFile.Multi.Generic (1)
14:44:11.0531 2548 SndTVideo (f719ed6223b50e2d115821572339f0b8) C:\WINDOWS\system32\DRIVERS\SndTVideo.sys
14:44:11.0546 2548 SndTVideo ( UnsignedFile.Multi.Generic ) - warning
14:44:11.0546 2548 SndTVideo - detected UnsignedFile.Multi.Generic (1)
14:44:11.0609 2548 SonyImgF (c483fc0add8b074286600b9620ef2c16) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
14:44:11.0625 2548 SonyImgF ( UnsignedFile.Multi.Generic ) - warning
14:44:11.0625 2548 SonyImgF - detected UnsignedFile.Multi.Generic (1)
14:44:11.0656 2548 Sparrow - ok
14:44:11.0687 2548 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys
14:44:11.0734 2548 SPI - ok
14:44:11.0765 2548 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:44:11.0968 2548 splitter - ok
14:44:12.0062 2548 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
14:44:12.0062 2548 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
14:44:12.0062 2548 sptd ( LockedFile.Multi.Generic ) - warning
14:44:12.0062 2548 sptd - detected LockedFile.Multi.Generic (1)
14:44:12.0109 2548 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:44:12.0312 2548 sr - ok
14:44:12.0375 2548 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:44:12.0468 2548 Srv - ok
14:44:12.0546 2548 STHDA (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\WINDOWS\system32\drivers\sthda.sys
14:44:12.0656 2548 STHDA - ok
14:44:12.0687 2548 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:44:12.0875 2548 streamip - ok
14:44:12.0890 2548 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:44:13.0078 2548 swenum - ok
14:44:13.0140 2548 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:44:13.0328 2548 swmidi - ok
14:44:13.0359 2548 symc810 - ok
14:44:13.0375 2548 symc8xx - ok
14:44:13.0421 2548 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
14:44:13.0437 2548 symlcbrd - ok
14:44:13.0468 2548 sym_hi - ok
14:44:13.0500 2548 sym_u3 - ok
14:44:13.0562 2548 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:44:13.0765 2548 sysaudio - ok
14:44:13.0843 2548 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
14:44:13.0859 2548 tbhsd - ok
14:44:13.0968 2548 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:44:14.0046 2548 Tcpip - ok
14:44:14.0109 2548 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
14:44:14.0140 2548 TcUsb - ok
14:44:14.0187 2548 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:44:14.0375 2548 TDPIPE - ok
14:44:14.0437 2548 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:44:14.0625 2548 TDTCP - ok
14:44:14.0656 2548 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:44:14.0828 2548 TermDD - ok
14:44:14.0906 2548 ti21sony (3106074a87bd5a16e2a3af6902bb6d91) C:\WINDOWS\system32\drivers\ti21sony.sys
14:44:15.0015 2548 ti21sony - ok
14:44:15.0078 2548 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
14:44:15.0093 2548 toshidpt ( UnsignedFile.Multi.Generic ) - warning
14:44:15.0093 2548 toshidpt - detected UnsignedFile.Multi.Generic (1)
14:44:15.0109 2548 TosIde - ok
14:44:15.0156 2548 tosporte (b2842672056ca33f0a4aab3e5cbbf181) C:\WINDOWS\system32\DRIVERS\tosporte.sys
14:44:15.0171 2548 tosporte ( UnsignedFile.Multi.Generic ) - warning
14:44:15.0171 2548 tosporte - detected UnsignedFile.Multi.Generic (1)
14:44:15.0218 2548 Tosrfbd (926ca0b7fd2fa62d82c33b3117936070) C:\WINDOWS\system32\Drivers\tosrfbd.sys
14:44:15.0250 2548 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
14:44:15.0250 2548 Tosrfbd - detected UnsignedFile.Multi.Generic (1)
14:44:15.0265 2548 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
14:44:15.0281 2548 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
14:44:15.0281 2548 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
14:44:15.0312 2548 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
14:44:15.0328 2548 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
14:44:15.0328 2548 Tosrfcom - detected UnsignedFile.Multi.Generic (1)
14:44:15.0375 2548 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
14:44:15.0406 2548 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
14:44:15.0406 2548 Tosrfhid - detected UnsignedFile.Multi.Generic (1)
14:44:15.0421 2548 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
14:44:15.0421 2548 tosrfnds ( UnsignedFile.Multi.Generic ) - warning
14:44:15.0421 2548 tosrfnds - detected UnsignedFile.Multi.Generic (1)
14:44:15.0468 2548 TosRfSnd (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys
14:44:15.0468 2548 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
14:44:15.0468 2548 TosRfSnd - detected UnsignedFile.Multi.Generic (1)
14:44:15.0515 2548 Tosrfusb (d870fd6ce9060b73289f47e88630ee0e) C:\WINDOWS\system32\Drivers\tosrfusb.sys
14:44:15.0531 2548 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
14:44:15.0531 2548 Tosrfusb - detected UnsignedFile.Multi.Generic (1)
14:44:15.0578 2548 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:44:15.0781 2548 Udfs - ok
14:44:15.0781 2548 ultra - ok
14:44:15.0843 2548 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:44:16.0062 2548 Update - ok
14:44:16.0093 2548 USBAAPL - ok
14:44:16.0125 2548 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:44:16.0328 2548 usbaudio - ok
14:44:16.0359 2548 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:44:16.0546 2548 usbccgp - ok
14:44:16.0593 2548 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:44:16.0750 2548 usbehci - ok
14:44:16.0781 2548 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:44:16.0968 2548 usbhub - ok
14:44:17.0015 2548 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:44:17.0187 2548 usbprint - ok
14:44:17.0218 2548 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:44:17.0390 2548 usbscan - ok
14:44:17.0421 2548 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:44:17.0593 2548 usbstor - ok
14:44:17.0625 2548 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:44:17.0812 2548 usbuhci - ok
14:44:17.0859 2548 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:44:18.0031 2548 VgaSave - ok
14:44:18.0046 2548 ViaIde - ok
14:44:18.0078 2548 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:44:18.0265 2548 VolSnap - ok
14:44:18.0359 2548 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys
14:44:18.0562 2548 w39n51 - ok
14:44:18.0609 2548 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:44:18.0796 2548 Wanarp - ok
14:44:18.0859 2548 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:44:18.0890 2548 Wdf01000 - ok
14:44:18.0906 2548 WDICA - ok
14:44:18.0937 2548 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:44:19.0125 2548 wdmaud - ok
14:44:19.0187 2548 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:44:19.0281 2548 winachsf - ok
14:44:19.0390 2548 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:44:19.0578 2548 WSTCODEC - ok
14:44:19.0640 2548 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:44:19.0703 2548 WudfPf - ok
14:44:19.0734 2548 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:44:19.0750 2548 WudfRd - ok
14:44:19.0812 2548 yukonwxp (96982cb3611bd4db9ed7a5ff2c29219f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
14:44:19.0875 2548 yukonwxp - ok
14:44:19.0937 2548 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
14:44:20.0109 2548 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:44:20.0109 2548 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:44:20.0109 2548 Boot (0x1200) (64dd6ee02f6ec22eb7ebe819e8be0612) \Device\Harddisk0\DR0\Partition0
14:44:20.0125 2548 \Device\Harddisk0\DR0\Partition0 - ok
14:44:20.0125 2548 ============================================================
14:44:20.0125 2548 Scan finished
14:44:20.0125 2548 ============================================================
14:44:20.0234 2492 Detected object count: 21
14:44:20.0234 2492 Actual detected object count: 21
14:46:34.0406 2492 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0406 2492 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:34.0406 2492 FdRedir ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0406 2492 FdRedir ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:34.0406 2492 FileDisk2 ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0406 2492 FileDisk2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:34.0515 2492 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813
14:46:34.0937 2492 Backup copy found, using it..
14:46:34.0953 2492 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
14:46:34.0953 2492 IPSec ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
14:46:34.0953 2492 RTCore32 ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0953 2492 RTCore32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:34.0953 2492 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0953 2492 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:34.0953 2492 shpf ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0953 2492 shpf ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:34.0953 2492 SndTAudio ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0953 2492 SndTAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:34.0968 2492 SndTVideo ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0968 2492 SndTVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:34.0968 2492 SonyImgF ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0968 2492 SonyImgF ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:34.0968 2492 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:46:34.0968 2492 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:46:34.0968 2492 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0968 2492 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:34.0968 2492 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0968 2492 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:34.0984 2492 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0984 2492 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:34.0984 2492 Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0984 2492 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:34.0984 2492 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0984 2492 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:34.0984 2492 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:34.0984 2492 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:35.0000 2492 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:35.0000 2492 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:35.0000 2492 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:35.0000 2492 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:35.0000 2492 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:35.0000 2492 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:35.0000 2492 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:46:35.0000 2492 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:48:34.0906 1548 Deinitialize success



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-15 14:53:50
-----------------------------
14:53:50.078 OS Version: Windows 5.1.2600 Service Pack 3
14:53:50.078 Number of processors: 2 586 0xF06
14:53:50.078 ComputerName: Computer1 UserName: Talg
14:53:50.562 Initialize success
14:54:02.140 AVAST engine download error: 0
14:54:27.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
14:54:27.328 Disk 0 Vendor: ST98823AS 3.14 Size: 76319MB BusType: 3
14:54:27.343 Disk 1 \Device\Harddisk1\DR3 -> \Device\000000a4
14:54:27.343 Disk 1 Vendor: ( Size: 76319MB BusType: 0
14:54:29.359 Disk 0 MBR read successfully
14:54:29.359 Disk 0 MBR scan
14:54:29.359 Disk 0 unknown MBR code
14:54:29.375 Disk 0 scanning sectors +156296385
14:54:29.453 Disk 0 scanning C:\WINDOWS\system32\drivers
14:54:36.640 Service scanning
14:54:37.640 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
14:54:38.234 Modules scanning
14:54:45.843 Disk 0 trace - called modules:
14:54:45.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spws.sys >>UNKNOWN [0x87185938]<<
14:54:45.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87132ab8]
14:54:45.890 3 CLASSPNP.SYS[f76a4fd7] -> nt!IofCallDriver -> \Device\00000098[0x871359e8]
14:54:45.890 5 ACPI.sys[f73fa620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x87134940]
14:54:45.906 Scan finished successfully
14:55:29.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Talg\Desktop\MBR.dat"
14:55:29.843 The log file has been saved successfully to "C:\Documents and Settings\Talg\Desktop\aswMBR.txt"

[Homburg]

Hi,

we need to replace your infected MBR which we'll do with aswMBR and also a further couple of scans.

Please do the following:


Step 1:

Re-Run aswMBR

Click Scan

On completion of the scan

Click the FIXMBR Button



Save the log as before and post in your next reply.

If that works ok carry on to the next steps, if not please post back with details of the problem.


Step 2:

Run ComboFix again.

Allow it to complete it's work, it may also reboot.



Step 3:

• Open OTL again
  
• Select All users
• Copy and paste the contents of the attached file into the custom scan box.
• Click the Quick Scan button. Post the log it produces in your next reply.

Please remember to post:

New aswMBR scan log
ComboFix.txt log
New OTL QuickScan log

Edit: I forgot to add the attachment for the OTL scan so it's in the next post.

Edited by Homburg, 16 October 2011 - 03:31 AM.

[Homburg]

The forgotten attachment

Attached Files

•  scan.txt   291bytes   112 downloads

[arkman]

I received a message that ComboFix expired and would run in reduced functionality mode.

Also, I am still unable to run OTL. "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-16 11:33:18
-----------------------------
11:33:18.937 OS Version: Windows 5.1.2600 Service Pack 3
11:33:18.937 Number of processors: 2 586 0xF06
11:33:18.937 ComputerName: Computer1 UserName: Talg
11:33:19.734 Initialize success
11:33:34.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
11:33:34.515 Disk 0 Vendor: ST98823AS 3.14 Size: 76319MB BusType: 3
11:33:34.515 Disk 1 \Device\Harddisk1\DR3 -> \Device\000000a4
11:33:34.515 Disk 1 Vendor: ( Size: 76319MB BusType: 0
11:33:36.531 Disk 0 MBR read successfully
11:33:36.531 Disk 0 MBR scan
11:33:36.531 Disk 0 unknown MBR code
11:33:36.546 Disk 0 scanning sectors +156296385
11:33:36.625 Disk 0 scanning C:\WINDOWS\system32\drivers
11:33:43.718 Service scanning
11:33:44.781 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
11:33:45.421 Modules scanning
11:33:52.812 Disk 0 trace - called modules:
11:33:52.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spvn.sys >>UNKNOWN [0x87186938]<<
11:33:53.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870ed9c0]
11:33:53.375 3 CLASSPNP.SYS[f76a4fd7] -> nt!IofCallDriver -> \Device\00000098[0x870319e8]
11:33:53.390 5 ACPI.sys[f7410620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x870f0940]
11:33:53.390 Scan finished successfully
11:35:22.015 Verifying
11:35:32.031 Disk 0 Windows 501 MBR fixed successfully
11:35:46.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Talg\Desktop\MBR.dat"
11:35:46.781 The log file has been saved successfully to "C:\Documents and Settings\Talg\Desktop\aswMBR.txt"



ComboFix 11-10-08.05 - Talg 10/16/2011 11:39:01.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.549 [GMT -4:00]
Running from: c:\documents and settings\Talg\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-09-16 to 2011-10-16 )))))))))))))))))))))))))))))))
.
.
2011-10-09 08:45 . 2008-04-13 18:36 187776 -c--a-w- c:\windows\system32\dllcache\acpi.sys
2011-10-09 08:45 . 2008-04-13 18:36 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-10-07 13:05 . 2011-10-07 13:05 -------- d-----w- C:\_OTL
2011-09-23 15:57 . 2011-09-26 04:04 -------- d-----w- c:\windows\SxsCaPendDel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 18:49 . 2006-07-22 01:31 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-09-09 09:12 . 2006-07-22 01:30 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00 . 2009-06-23 01:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 21:55 . 2011-07-22 21:55 37920 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2009-03-21 17:19 . 2009-03-21 17:19 7522240 ----a-w- c:\program files\Firefox Setup 3.0.7.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Talg\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 20:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 01:11 39936 ----a-w- c:\windows\system32\fusstub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"=
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
"c:\\Documents and Settings\\Talg\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.scr"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/21/2006 9:31 PM 9216]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/27/2010 3:25 PM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 68168]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/22/2009 9:18 PM 366152]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/21/2006 9:31 PM 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/22/2009 9:18 PM 22216]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [8/24/2011 10:08 PM 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [8/24/2011 10:08 PM 3768]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/21/2006 9:31 PM 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [7/21/2006 9:31 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/21/2006 9:31 PM 808448]
S1 MpKsl09776da1;MpKsl09776da1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A794F713-3490-495A-A17C-FFF3A9BC3586}\MpKsl09776da1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A794F713-3490-495A-A17C-FFF3A9BC3586}\MpKsl09776da1.sys [?]
S1 MpKsl20977336;MpKsl20977336;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4863416-5299-448A-8343-23981918D675}\MpKsl20977336.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4863416-5299-448A-8343-23981918D675}\MpKsl20977336.sys [?]
S1 MpKsl281305a0;MpKsl281305a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3281A8F8-1922-4761-9F7F-26AF67EA1ADA}\MpKsl281305a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3281A8F8-1922-4761-9F7F-26AF67EA1ADA}\MpKsl281305a0.sys [?]
S1 MpKsl36782a5c;MpKsl36782a5c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03A4983B-38BB-481C-920E-C332803F1F31}\MpKsl36782a5c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03A4983B-38BB-481C-920E-C332803F1F31}\MpKsl36782a5c.sys [?]
S1 MpKsl3aa3c35d;MpKsl3aa3c35d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl3aa3c35d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl3aa3c35d.sys [?]
S1 MpKsl3e6442b9;MpKsl3e6442b9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57ADF33C-D5E9-47B9-B37E-5ACCAEA28493}\MpKsl3e6442b9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57ADF33C-D5E9-47B9-B37E-5ACCAEA28493}\MpKsl3e6442b9.sys [?]
S1 MpKsl87b1fb46;MpKsl87b1fb46;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C124399-5300-4C9C-BD22-160EF89785AF}\MpKsl87b1fb46.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C124399-5300-4C9C-BD22-160EF89785AF}\MpKsl87b1fb46.sys [?]
S1 MpKsl89c4b4a0;MpKsl89c4b4a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD535431-0320-4E9A-8786-7BD28E0133EE}\MpKsl89c4b4a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD535431-0320-4E9A-8786-7BD28E0133EE}\MpKsl89c4b4a0.sys [?]
S1 MpKsl8e1bda59;MpKsl8e1bda59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl8e1bda59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl8e1bda59.sys [?]
S1 MpKsla4e06307;MpKsla4e06307;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F0C4424-D801-4B2E-B6C5-7D57494C03D0}\MpKsla4e06307.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F0C4424-D801-4B2E-B6C5-7D57494C03D0}\MpKsla4e06307.sys [?]
S1 MpKslc5497097;MpKslc5497097;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471F9D3F-F1D3-4AA6-B4FF-5BB3EB3F6214}\MpKslc5497097.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471F9D3F-F1D3-4AA6-B4FF-5BB3EB3F6214}\MpKslc5497097.sys [?]
S1 MpKslc7db95b3;MpKslc7db95b3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslc7db95b3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslc7db95b3.sys [?]
S1 MpKslcfc00972;MpKslcfc00972;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslcfc00972.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslcfc00972.sys [?]
S1 MpKsld903df8a;MpKsld903df8a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8F308A4-F141-4C2C-ACF7-33ED60597DBA}\MpKsld903df8a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8F308A4-F141-4C2C-ACF7-33ED60597DBA}\MpKsld903df8a.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 RTCore32;RTCore32;c:\program files\RMClock\RTCore32.sys [9/17/2009 7:03 PM 4608]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 12872]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 3:50 PM 136176]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [8/24/2011 10:08 PM 200704]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006Core.job
- c:\documents and settings\Talg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 23:20]
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006UA.job
- c:\documents and settings\Talg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: westlaw.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-87285989.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-16 11:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\PSLogon.dll
c:\program files\Protector Suite QL\vrlogon.dll
c:\program files\Protector Suite QL\ExtVapi.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\fusstub.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\config.dll
.
- - - - - - - > 'Explorer.exe'(1196)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-16 11:43:16
ComboFix-quarantined-files.txt 2011-10-16 15:43
ComboFix2.txt 2011-10-09 09:09
.
Pre-Run: 8,140,279,808 bytes free
Post-Run: 8,122,703,872 bytes free
.
- - End Of File - - 4D3BA097229B9923E4E30D0B14027EBE

[Homburg]

Please delete the ComboFix that you have at the moment.

Download the latest version of ComboFix from one of the following locations:
Link 1
Link 2

Save it to your desktop and run it, post the log when it has finished.

[arkman]

ComboFix 11-10-17.02 - Talg 10/17/2011 20:45:48.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.520 [GMT -4:00]
Running from: c:\documents and settings\Talg\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-09 08:45 . 2008-04-13 18:36 187776 -c--a-w- c:\windows\system32\dllcache\acpi.sys
2011-10-09 08:45 . 2008-04-13 18:36 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-10-07 13:05 . 2011-10-07 13:05 -------- d-----w- C:\_OTL
2011-09-23 15:57 . 2011-09-26 04:04 -------- d-----w- c:\windows\SxsCaPendDel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 18:49 . 2006-07-22 01:31 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-09-09 09:12 . 2006-07-22 01:30 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00 . 2009-06-23 01:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 21:55 . 2011-07-22 21:55 37920 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2009-03-21 17:19 . 2009-03-21 17:19 7522240 ----a-w- c:\program files\Firefox Setup 3.0.7.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-09_09.05.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-17 23:35 . 2011-10-17 23:35 16384 c:\windows\Temp\Perflib_Perfdata_790.dat
+ 2011-10-11 01:38 . 2011-10-11 01:38 19968 c:\windows\Installer\10d16f.msi
+ 2011-10-17 12:13 . 2011-10-17 12:13 266240 c:\windows\ERDNT\AutoBackup\10-17-2011\Users\00000002\UsrClass.dat
+ 2011-10-17 12:13 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\10-17-2011\ERDNT.EXE
+ 2011-10-16 15:31 . 2011-10-16 15:31 266240 c:\windows\ERDNT\AutoBackup\10-16-2011\Users\00000002\UsrClass.dat
+ 2011-10-16 15:31 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\10-16-2011\ERDNT.EXE
+ 2011-10-15 09:01 . 2011-10-15 09:01 266240 c:\windows\ERDNT\AutoBackup\10-15-2011\Users\00000002\UsrClass.dat
+ 2011-10-15 09:01 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\10-15-2011\ERDNT.EXE
+ 2011-10-15 02:06 . 2011-10-15 02:06 266240 c:\windows\ERDNT\AutoBackup\10-14-2011\Users\00000002\UsrClass.dat
+ 2011-10-15 02:06 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\10-14-2011\ERDNT.EXE
+ 2011-10-13 20:22 . 2011-10-13 20:22 266240 c:\windows\ERDNT\AutoBackup\10-13-2011\Users\00000002\UsrClass.dat
+ 2011-10-13 20:22 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\10-13-2011\ERDNT.EXE
+ 2011-10-12 04:03 . 2011-10-12 04:03 266240 c:\windows\ERDNT\AutoBackup\10-12-2011\Users\00000002\UsrClass.dat
+ 2011-10-12 04:03 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\10-12-2011\ERDNT.EXE
+ 2011-10-11 12:34 . 2011-10-11 12:34 266240 c:\windows\ERDNT\AutoBackup\10-11-2011\Users\00000002\UsrClass.dat
+ 2011-10-11 12:34 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\10-11-2011\ERDNT.EXE
+ 2011-10-11 01:14 . 2011-10-11 01:14 266240 c:\windows\ERDNT\AutoBackup\10-10-2011\Users\00000002\UsrClass.dat
+ 2011-10-11 01:14 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\10-10-2011\ERDNT.EXE
+ 2011-10-17 12:13 . 2011-10-17 12:13 6901760 c:\windows\ERDNT\AutoBackup\10-17-2011\Users\00000001\NTUSER.DAT
+ 2011-10-16 15:31 . 2011-10-16 15:31 6897664 c:\windows\ERDNT\AutoBackup\10-16-2011\Users\00000001\NTUSER.DAT
+ 2011-10-15 09:01 . 2011-10-15 09:01 6889472 c:\windows\ERDNT\AutoBackup\10-15-2011\Users\00000001\NTUSER.DAT
+ 2011-10-15 02:06 . 2011-10-15 02:06 6889472 c:\windows\ERDNT\AutoBackup\10-14-2011\Users\00000001\NTUSER.DAT
+ 2011-10-13 20:22 . 2011-10-13 20:22 6889472 c:\windows\ERDNT\AutoBackup\10-13-2011\Users\00000001\NTUSER.DAT
+ 2011-10-12 04:03 . 2011-10-12 04:03 6889472 c:\windows\ERDNT\AutoBackup\10-12-2011\Users\00000001\NTUSER.DAT
+ 2011-10-11 12:34 . 2011-10-11 12:34 6889472 c:\windows\ERDNT\AutoBackup\10-11-2011\Users\00000001\NTUSER.DAT
+ 2011-10-11 01:14 . 2011-10-11 01:14 6889472 c:\windows\ERDNT\AutoBackup\10-10-2011\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Talg\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 20:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 01:11 39936 ----a-w- c:\windows\system32\fusstub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"=
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
"c:\\Documents and Settings\\Talg\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.scr"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/21/2006 9:31 PM 9216]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/27/2010 3:25 PM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 68168]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/22/2009 9:18 PM 366152]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/21/2006 9:31 PM 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/22/2009 9:18 PM 22216]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [8/24/2011 10:08 PM 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [8/24/2011 10:08 PM 3768]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/21/2006 9:31 PM 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [7/21/2006 9:31 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/21/2006 9:31 PM 808448]
S1 MpKsl09776da1;MpKsl09776da1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A794F713-3490-495A-A17C-FFF3A9BC3586}\MpKsl09776da1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A794F713-3490-495A-A17C-FFF3A9BC3586}\MpKsl09776da1.sys [?]
S1 MpKsl20977336;MpKsl20977336;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4863416-5299-448A-8343-23981918D675}\MpKsl20977336.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4863416-5299-448A-8343-23981918D675}\MpKsl20977336.sys [?]
S1 MpKsl281305a0;MpKsl281305a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3281A8F8-1922-4761-9F7F-26AF67EA1ADA}\MpKsl281305a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3281A8F8-1922-4761-9F7F-26AF67EA1ADA}\MpKsl281305a0.sys [?]
S1 MpKsl36782a5c;MpKsl36782a5c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03A4983B-38BB-481C-920E-C332803F1F31}\MpKsl36782a5c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03A4983B-38BB-481C-920E-C332803F1F31}\MpKsl36782a5c.sys [?]
S1 MpKsl3aa3c35d;MpKsl3aa3c35d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl3aa3c35d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl3aa3c35d.sys [?]
S1 MpKsl3e6442b9;MpKsl3e6442b9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57ADF33C-D5E9-47B9-B37E-5ACCAEA28493}\MpKsl3e6442b9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57ADF33C-D5E9-47B9-B37E-5ACCAEA28493}\MpKsl3e6442b9.sys [?]
S1 MpKsl87b1fb46;MpKsl87b1fb46;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C124399-5300-4C9C-BD22-160EF89785AF}\MpKsl87b1fb46.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C124399-5300-4C9C-BD22-160EF89785AF}\MpKsl87b1fb46.sys [?]
S1 MpKsl89c4b4a0;MpKsl89c4b4a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD535431-0320-4E9A-8786-7BD28E0133EE}\MpKsl89c4b4a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD535431-0320-4E9A-8786-7BD28E0133EE}\MpKsl89c4b4a0.sys [?]
S1 MpKsl8e1bda59;MpKsl8e1bda59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl8e1bda59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl8e1bda59.sys [?]
S1 MpKsla4e06307;MpKsla4e06307;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F0C4424-D801-4B2E-B6C5-7D57494C03D0}\MpKsla4e06307.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F0C4424-D801-4B2E-B6C5-7D57494C03D0}\MpKsla4e06307.sys [?]
S1 MpKslc5497097;MpKslc5497097;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471F9D3F-F1D3-4AA6-B4FF-5BB3EB3F6214}\MpKslc5497097.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471F9D3F-F1D3-4AA6-B4FF-5BB3EB3F6214}\MpKslc5497097.sys [?]
S1 MpKslc7db95b3;MpKslc7db95b3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslc7db95b3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslc7db95b3.sys [?]
S1 MpKslcfc00972;MpKslcfc00972;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslcfc00972.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslcfc00972.sys [?]
S1 MpKsld903df8a;MpKsld903df8a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8F308A4-F141-4C2C-ACF7-33ED60597DBA}\MpKsld903df8a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8F308A4-F141-4C2C-ACF7-33ED60597DBA}\MpKsld903df8a.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 RTCore32;RTCore32;c:\program files\RMClock\RTCore32.sys [9/17/2009 7:03 PM 4608]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 12872]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 3:50 PM 136176]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [8/24/2011 10:08 PM 200704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006Core.job
- c:\documents and settings\Talg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 23:20]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006UA.job
- c:\documents and settings\Talg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: westlaw.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{562E49FA-4568-466F-8F14-F0EBE8503C89}: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-17 20:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\PSLogon.dll
c:\program files\Protector Suite QL\vrlogon.dll
c:\program files\Protector Suite QL\ExtVapi.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\fusstub.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\config.dll
.
- - - - - - - > 'Explorer.exe'(3556)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-17 20:54:36
ComboFix-quarantined-files.txt 2011-10-18 00:54
ComboFix2.txt 2011-10-16 15:43
ComboFix3.txt 2011-10-09 09:09
.
Pre-Run: 8,072,548,352 bytes free
Post-Run: 8,055,279,616 bytes free
.
- - End Of File - - BD307B333BED4980BF922E1B0ABD60D6

[Homburg]

Hi,

The MBR is ok now but there are still files that need removing and at least one that needs replacing. As we can't seem to run OTL normally I'd like you try it in safe mode and if that fails then we can burn a disc which can be used to run your computer without loading your Windows Operating System.


Step 1:


Reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.
• Open OTL again
• Select All users
• Click the Quick Scan button. Post the log it produces in your next reply.

If that works ok just post the log, if OTL still won't run move to step 2


Step 2:

Please print these instructions and follow them:

• Download OTLPEStd.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  
• Reboot your infected computer using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start. Change the following settings.
  • Change Drivers to All
  • Change Standard Registry to All
  
  Under the Custom Scan box paste this in
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  %USERPROFILE%\..|smtmp;true;true;true /FP
  /md5start
  explorer.*
  winlogon.*
  Userinit.*
  svchost.*
  netbt.*
  netbios.*
  sptd.*
  ipsec.*
  /md5stop
  C:\Windows\assembly\tmp\U\*.* /s
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  %systemroot%\System32\config\*.sav

  
  
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Confirm that it has copied to the USB drive by selecting it
• Please post the contents of the C:\OTL.txt file in your reply.

[arkman]

OTL logfile created on: 10/25/2011 1:29:43 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 811.00 Mb Available Physical Memory | 79.00% Memory free
906.00 Mb Paging File | 846.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.52 Gb Total Space | 6.40 Gb Free Space | 9.34% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/11 15:33:12 | 000,200,704 | ---- | M] (SoundMovieServer) [Disabled] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SoundMovieServer)
SRV - [2006/06/13 11:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 12:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 13:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 13:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/04/27 20:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 20:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 20:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/13 16:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/07/14 22:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (MpKsld903df8a)
DRV - File not found [Kernel | System] -- -- (MpKslcfc00972)
DRV - File not found [Kernel | System] -- -- (MpKslc7db95b3)
DRV - File not found [Kernel | System] -- -- (MpKslc5497097)
DRV - File not found [Kernel | System] -- -- (MpKsla4e06307)
DRV - File not found [Kernel | System] -- -- (MpKsl8e1bda59)
DRV - File not found [Kernel | System] -- -- (MpKsl89c4b4a0)
DRV - File not found [Kernel | System] -- -- (MpKsl87b1fb46)
DRV - File not found [Kernel | System] -- -- (MpKsl3e6442b9)
DRV - File not found [Kernel | System] -- -- (MpKsl3aa3c35d)
DRV - File not found [Kernel | System] -- -- (MpKsl36782a5c)
DRV - File not found [Kernel | System] -- -- (MpKsl281305a0)
DRV - File not found [Kernel | System] -- -- (MpKsl20977336)
DRV - File not found [Kernel | System] -- -- (MpKsl09776da1)
DRV - File not found [Kernel | On_Demand] -- -- (MBAMSwissArmy)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2011/10/15 14:49:10 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2011/07/22 17:55:50 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011/07/15 09:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/08 10:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2011/06/24 10:10:36 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2011/04/21 09:37:43 | 000,105,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2011/02/17 09:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/11/27 15:25:34 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/11/02 11:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/08/03 12:57:42 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2010/05/16 20:53:00 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/14 03:54:08 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/14 03:54:08 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/03/19 16:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/11 15:05:18 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2008/11/11 15:05:16 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 14:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 14:46:25 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC)
DRV - [2008/04/13 14:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC)
DRV - [2008/04/13 14:46:23 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE)
DRV - [2008/04/13 14:46:23 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP)
DRV - [2008/04/13 14:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP)
DRV - [2008/04/13 14:46:21 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip)
DRV - [2008/04/13 14:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
DRV - [2008/04/13 14:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/25 09:25:09 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2008/01/25 09:25:08 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2008/01/25 09:25:07 | 000,049,920 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/07/17 23:22:20 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/23 03:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2007/01/24 15:46:00 | 000,808,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/01/18 10:24:58 | 000,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/02 07:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/07/22 14:00:48 | 000,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2006/06/20 20:45:00 | 003,662,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/05/26 10:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/04/13 23:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/03/16 13:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 13:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/03/06 22:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/02/28 18:35:56 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/02/28 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2006/02/28 08:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2006/02/28 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2006/02/28 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2006/02/28 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/02/28 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2006/02/28 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2006/02/28 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2006/02/28 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2006/02/28 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2006/02/28 08:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2006/02/28 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2006/02/28 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2006/02/28 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2006/02/28 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2006/02/28 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2006/02/28 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2006/02/28 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2006/02/28 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2006/02/26 07:43:00 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/02/24 04:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/22 21:13:12 | 000,013,440 | ---- | M] (UPEK Inc.) [File_System | Auto] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/02/22 21:13:04 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/02/22 21:05:44 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/02/10 14:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/08 20:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/29 03:28:08 | 000,055,680 | ---- | M] (Micro Vision Co.,Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Mvc25U870.sys -- (Mvc25U870_VID_1262&PID_25FD)
DRV - [2005/12/17 15:08:00 | 001,353,820 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/11/21 18:06:02 | 000,009,216 | ---- | M] (Sony Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\shpf.sys -- (shpf)
DRV - [2005/10/21 15:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/10/18 20:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 20:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/17 12:43:00 | 000,241,408 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/10/05 20:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/08/01 19:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 21:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/05/25 09:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\RMClock\RTCore32.sys -- (RTCore32)
DRV - [2005/01/06 16:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/06/18 20:12:50 | 000,071,961 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2001/08/17 16:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/17 16:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Talg_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Talg_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\Talg_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Talg_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Talg_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Talg_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Talg\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Talg\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Talg\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Talg\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:23:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/14 15:03:10 | 000,000,000 | ---D | M]

[2010/05/16 12:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/14 15:03:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/20 12:43:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/18 16:49:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/07/25 05:23:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2010/04/09 11:50:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/04/09 11:50:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/04/09 11:50:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/04/09 11:50:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/04/09 11:50:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/04/09 11:50:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/04/09 11:50:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

O1 HOSTS File: ([2011/10/09 05:04:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\Talg_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Talg_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Talg_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Biomenu] C:\Program Files\Protector Suite QL\menusw.exe (UPEK Inc.)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Talg_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Talg_ON_C..\Run: [Google Update] C:\Documents and Settings\Talg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\Talg_ON_C..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - Startup: C:\Documents and Settings\Talg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: AllowMultipleTSSessions = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Talg_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Talg_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Talg_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Talg_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (PSLogon.dll) - C:\WINDOWS\System32\PSLogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - fusstub.dll - C:\WINDOWS\System32\fusstub.dll (UPEK Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/21 21:45:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/24 21:50:08 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Talg\Desktop\OTLPEStd.exe
[2011/10/20 07:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Talg\Desktop\New Folder
[2011/10/17 21:07:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/17 19:50:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2011/10/15 14:49:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies
[2011/10/15 14:42:24 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Talg\Desktop\aswMBR.exe
[2011/10/15 14:42:24 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Talg\Desktop\tdsskiller.exe
[2011/10/09 04:45:55 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acpi.sys
[2011/10/09 04:43:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/09 04:43:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/09 04:43:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/09 04:43:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/09 04:43:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/09 04:43:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Talg\My Documents\My Videos
[2011/10/09 04:43:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Talg\Start Menu\Programs\Administrative Tools
[2011/10/09 04:41:30 | 004,263,508 | R--- | C] (Swearware) -- C:\Documents and Settings\Talg\Desktop\ComboFix.exe
[2011/10/07 09:05:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/26 11:41:20 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2009/03/21 13:19:36 | 007,522,240 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.7.exe
[2008/11/12 13:38:44 | 000,441,344 | ---- | C] ( ) -- C:\WINDOWS\System32\savst.exe
[1996/11/18 01:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll

========== Files - Modified Within 30 Days ==========

[2011/10/25 00:22:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/25 00:19:41 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/25 00:19:29 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/24 22:26:14 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006UA.job
[2011/10/24 21:50:08 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Talg\Desktop\OTLPEStd.exe
[2011/10/24 08:44:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/22 01:26:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006Core.job
[2011/10/18 19:49:14 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/18 09:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/10/18 09:08:32 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/18 09:08:32 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/18 09:04:47 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/17 20:43:52 | 004,263,508 | R--- | M] (Swearware) -- C:\Documents and Settings\Talg\Desktop\ComboFix.exe
[2011/10/16 11:35:46 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Talg\Desktop\MBR.dat
[2011/10/15 14:36:44 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Talg\Desktop\aswMBR.exe
[2011/10/15 14:35:08 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Talg\Desktop\tdsskiller.exe
[2011/10/10 22:12:19 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/09 05:04:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/07 14:58:32 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Talg\Desktop\rkill.exe
[2011/10/07 09:27:01 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\Talg\Desktop\OTL.com
[2011/10/07 09:14:05 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Talg\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/10/07 09:13:17 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\Talg\Desktop\OTL.scr
[2011/10/07 08:50:08 | 047,369,160 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/10/05 23:28:42 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\Talg\Desktop\OTL.exe
[2011/10/03 04:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/26 08:46:59 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/09/26 00:50:36 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Talg\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 00:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

========== Files Created - No Company Name ==========

[2011/10/18 20:00:57 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/15 14:55:29 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Talg\Desktop\MBR.dat
[2011/10/09 04:43:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/09 04:43:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/09 04:43:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/09 04:43:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/09 04:43:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/07 14:58:32 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Talg\Desktop\rkill.exe
[2011/10/07 09:27:01 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\Talg\Desktop\OTL.com
[2011/10/07 09:13:17 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\Talg\Desktop\OTL.scr
[2011/10/05 23:28:42 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\Talg\Desktop\OTL.exe
[2011/09/26 00:50:36 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Talg\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/19 12:35:39 | 000,162,784 | ---- | C] () -- C:\WINDOWS\hpoins29.dat.temp
[2011/08/19 12:35:39 | 000,000,799 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat.temp
[2011/04/11 10:37:53 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-S0J3O.exe
[2010/11/27 17:22:34 | 000,002,114 | ---- | C] () -- C:\Documents and Settings\Talg\Application Data\SAS7_000.DAT
[2010/08/22 12:05:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/08/22 12:05:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/08/22 12:05:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/05/17 10:40:19 | 000,030,468 | ---- | C] () -- C:\WINDOWS\jgzr.dat
[2010/01/26 17:28:34 | 000,162,784 | ---- | C] () -- C:\WINDOWS\hpoins29.dat
[2010/01/26 17:28:34 | 000,000,799 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat
[2009/11/11 11:59:57 | 047,369,160 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2009/06/23 02:54:08 | 000,046,824 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/13 07:45:39 | 000,001,134 | ---- | C] () -- C:\WINDOWS\System32\cid_store.dat
[2009/04/25 00:44:22 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/04/06 17:07:56 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\pub_store.dat
[2008/02/03 14:57:23 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS47.DLL
[2008/01/02 17:27:34 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/28 02:53:51 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/28 02:52:47 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/15 04:29:37 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Talg\Application Data\wklnhst.dat
[2006/10/15 01:53:53 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/14 23:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/10/14 23:52:50 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\fusioncache.dat
[2006/10/04 14:01:03 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/10/04 13:53:39 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/10/04 13:52:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/10/04 13:51:14 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/10/04 13:48:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/04 13:42:31 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/07/22 15:36:05 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2006/07/22 15:20:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/22 14:38:38 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/22 14:31:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/07/22 13:32:22 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2006/07/21 21:50:25 | 000,000,902 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/07/21 21:46:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/21 21:43:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/21 21:31:25 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/21 21:31:15 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/21 21:31:06 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/21 21:31:05 | 000,442,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/21 21:31:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/21 21:31:05 | 000,071,910 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/21 21:31:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/21 21:31:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/21 21:31:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/21 21:31:03 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/21 21:31:02 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/21 21:31:02 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/21 21:30:59 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/21 21:30:57 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/21 14:37:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/21 14:36:43 | 000,237,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/10 11:56:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ESxUtil.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/26 15:04:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\regperm.exe
[1996/11/18 01:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[1996/11/18 01:00:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2sodbc.dll
[1996/11/18 01:00:00 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[1996/11/18 01:00:00 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[1996/11/18 01:00:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2bbnd.dll
[1996/05/25 17:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\fxtls432.dll

========== LOP Check ==========

[2006/10/15 03:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Aim
[2011/09/08 15:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Azureus
[2010/11/27 15:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\DAEMON Tools Lite
[2009/02/16 19:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\ICAClient
[2006/11/04 00:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\InterVideo
[2006/10/15 02:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Leadertech
[2009/06/22 14:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\LimeWire
[2010/08/27 09:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\NCH Swift Sound
[2010/11/27 15:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Nuance
[2009/12/24 20:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\PPLiveVA
[2006/10/14 23:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Protector Suite
[2009/03/23 09:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\SMART Technologies
[2009/03/18 09:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\SMART Technologies Inc
[2007/12/21 17:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Snapfish
[2007/03/18 18:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Template
[2010/06/01 13:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\ThomsonWest
[2007/02/16 23:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Viewpoint
[2010/08/03 17:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\WinPatrol
[2010/03/21 16:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/06 20:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/11/27 15:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2006/10/15 02:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2010/05/17 11:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Examsoft
[2006/10/15 02:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/08/27 09:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/07/07 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/12/30 04:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2011/08/24 20:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/11/02 16:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2011/09/20 23:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/13 07:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2009/05/13 07:45:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
[2009/11/09 22:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/09 11:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/19 02:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/22 21:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

========== Purity Check ==========



========== Custom Scans ==========


< tsvcs >

< %SYSTEMDRIVE%\*.exe >

Invalid Environment Variable: %USERPROFILE%\..


< MD5 for: EXPLORER.EX_ >
[2006/02/28 08:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\WINDOWS\I386\EXPLORER.EX_

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: EXPLORER.EXE-02121B1A.PF >
[2011/10/12 01:08:00 | 000,086,466 | ---- | M] () MD5=3171C15595774F7CEFB521A7E9E6CFD1 -- C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf

< MD5 for: EXPLORER.SC_ >
[2006/02/28 08:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\WINDOWS\I386\EXPLORER.SC_

< MD5 for: EXPLORER.SCF >
[2006/02/28 08:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: IPSEC.SY_ >
[2006/02/28 08:00:00 | 000,039,596 | ---- | M] () MD5=88DC5CC7670238929F698AFBBC0B5594 -- C:\WINDOWS\I386\IPSEC.SY_

< MD5 for: IPSEC.SYS >
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2011/10/15 14:49:10 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2006/02/28 08:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

< MD5 for: NETBIOS.SY_ >
[2006/02/28 08:00:00 | 000,018,272 | ---- | M] () MD5=572B890BC60CE0C43CBAD2FBA073838F -- C:\WINDOWS\I386\NETBIOS.SY_

< MD5 for: NETBIOS.SYS >
[2006/02/28 08:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) MD5=3A2ACA8FC1D7786902CA434998D7CEB4 -- C:\WINDOWS\$NtServicePackUninstall$\netbios.sys
[2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) MD5=5D81CF9A2F1A3A756B66CF684911CDF0 -- C:\WINDOWS\ServicePackFiles\i386\netbios.sys
[2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) MD5=5D81CF9A2F1A3A756B66CF684911CDF0 -- C:\WINDOWS\system32\drivers\netbios.sys

< MD5 for: NETBT.SY_ >
[2006/02/28 08:00:00 | 000,090,324 | ---- | M] () MD5=7B5A024CC29AEE68A960EF6B09729AFF -- C:\WINDOWS\I386\NETBT.SY_

< MD5 for: NETBT.SYS >
[2006/02/28 08:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: SPTD.SYS >
[2010/11/27 15:25:34 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) MD5=CDDDEC541BC3C96F91ECB48759673505 -- C:\WINDOWS\system32\drivers\sptd.sys

< MD5 for: SVCHOST.EX_ >
[2006/02/28 08:00:00 | 000,007,278 | ---- | M] () MD5=115CAD555F7D81DE53015F018875FA4D -- C:\WINDOWS\I386\SVCHOST.EX_

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: SVCHOST.EXE-2D5FBD18.PF >
[2011/10/15 14:41:47 | 000,017,192 | ---- | M] () MD5=ED65EA1712E8707A9805D43936FA8FBF -- C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf

< MD5 for: USERINIT.EX_ >
[2006/02/28 08:00:00 | 000,011,113 | ---- | M] () MD5=02659CCEEB680995408131981D42E349 -- C:\WINDOWS\I386\USERINIT.EX_

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EX_ >
[2006/02/28 08:00:00 | 000,261,115 | ---- | M] () MD5=F41C4F5745589D0BB8268C02B71594CA -- C:\WINDOWS\I386\WINLOGON.EX_

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtUninstallKB307154$\winlogon.exe
[2004/08/13 19:01:19 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=EA16F83B5E4964C100F6098CE9874927 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %SYSTEMDRIVE%\*.* >
[2006/07/21 21:45:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/10/14 23:58:45 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/11/07 19:26:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2011/10/17 20:54:36 | 000,019,849 | ---- | M] () -- C:\ComboFix.txt
[2006/07/21 21:45:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/10/25 00:21:34 | 000,000,388 | ---- | M] () -- C:\geekstogodelete.txt
[2011/10/25 00:19:29 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/16 12:57:53 | 007,614,464 | ---- | M] () -- C:\ica32web.msi
[2006/07/21 21:45:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/23 23:06:57 | 000,003,187 | -H-- | M] () -- C:\IPH.PH
[2006/07/21 21:45:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/17 02:44:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/10/25 00:19:26 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/07/21 14:36:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/07/21 14:36:02 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/07/21 14:36:02 | 000,909,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

[Homburg]

Hi,

The initial OTL fix we done worked ok and your new log looks ok.


Step 1:

Please Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download to your clean PC and transfer it to the desktop of the infected PC

It will download as an 8 digit file save it to your desktop

Restart the infected PC in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that


Step 2:

Please delete the copy of MalwareBytes that you have, download and update a new copy and run that in normal mode if you can.
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.

What problems are you still experiencing?

[arkman]

I downloaded Dr. Web and let it run. It said that no viruses were found. However, I am unsure where to log is...?

The MBAM results are:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8057

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/31/2011 11:59:03 PM
mbam-log-2011-10-31 (23-59-03).txt

Scan type: Quick scan
Objects scanned: 158333
Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



As to additional problems, I am still unable to delete or run OTL in any format (.scr .com or .exe) on my desktop. This also applies to rkill.

Also, would it affect the scan if the PC I originally downloaded Dr. Web to, and thought was clean, might actually be infected?

Everything else seems to run fine.

[Homburg]

As to additional problems, I am still unable to delete or run OTL in any format (.scr .com or .exe) on my desktop. This also applies to rkill.

Is this the only problem? Can you access the Internet on the infected computer?