Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

XP Security 2012 virus and now "Open With" ? [Solved]

Started by Skiminims , Dec 22 2011 10:28 PM

This topic is locked

#16
CompCav

Posted 27 December 2011 - 11:31 AM

Member 5k

Expert
12,454 posts

Please boot into Normal mode to run these fixes. If you get into normal mode and nothing runs, please rerun RogueKiller and select option 2 again.

If you still cannot run anything in normal mode then go back to safe mode w/networking to complete the steps below.

Step 1.

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
[2011/07/30 17:52:55 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ko8dw50z.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}
[2010/04/19 08:40:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/19 08:40:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/19 08:40:25 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA File not found
O4 - HKCU..\Run: [Power2GoExpress] NA File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O34 - HKLM BootExecute: (aswBoot.exe /M:388eb993027)
[2011/12/25 17:45:10 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fcq.exe
[2011/12/26 15:58:44 | 000,011,288 | --S- | M] () -- C:\Documents and Settings\All Users\Application Data\t17ii4wl3e0m
[2011/12/26 15:58:44 | 000,011,288 | --S- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\t17ii4wl3e0m
[2011/12/22 13:31:19 | 000,016,444 | --S- | M] () -- C:\Documents and Settings\All Users\Application Data\474672s7k507w783d741k4qvb0b4
[2011/06/16 09:18:12 | 000,711,168 | ---- | C] () -- C:\WINDOWS\is-RUCSD.exe
[2011/06/15 17:44:10 | 000,016,190 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\jrfome35tf08ah35e4cqfgv7wigo7r
[2010/02/12 14:34:28 | 000,000,088 | R-S- | C] () -- C:\Documents and Settings\All Users\Application Data\07385C664C.sys
[2007/10/02 20:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8


:files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 2.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Step 3.

TDSSKiller

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 4.

Re run OTL from your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open one notepad window, OTL.Txt.
Post the log

Step 5.

Please post:

OTL fix log
ComboFix log
TDSSKiller log
OTL.txt

What problems do you now have?

#17
Skiminims

Posted 27 December 2011 - 12:19 PM

Member

Topic Starter
Member
63 posts

Booted into normal mode, ended up having to run Rogue Killer again.

Started the OTL fix and I think it is hung up...

The screen went all black with just OTL showing and it has been stuck processing this line for a couple minutes:

O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found

Not sure how long I should wait? Or what I should do? Reboot?

#18
CompCav

Posted 27 December 2011 - 12:38 PM

Member 5k

Expert
12,454 posts

Go ahead and reboot if it is still stalled.

Try the fix again. If it does get hung again please let me know what it is hung on and I will modify the fix.

#19
Skiminims

Posted 27 December 2011 - 12:58 PM

Member

Topic Starter
Member
63 posts

Ok, rebooted and ran the fix again. It got past the first hang up and is now stuck here:

O34 - HKLM BootExecute: (aswBoot.exe /M:388eb993027)

#20
CompCav

Posted 27 December 2011 - 01:47 PM

Member 5k

Expert
12,454 posts

OK lets go on to step 2. ComboFix should get past all of this. Please do the steps in this new order:

Step 2. download and run ComboFix
Step 3. download and run TDSSKiller
Step 1. run OTL fix (The malware that is stalling it should be gone!)
Step 4. run OTL quickscan
Step.5 Post the logs and tell me what issues remain with your computer!

CompCav

#21
Skiminims

Posted 27 December 2011 - 01:54 PM

Member

Topic Starter
Member
63 posts

Quick question,

I noticed while in safe mode that there was a combo fix icon on my desktop. I think my old computer mechanic might have installed it a year or so ago. I only see it in safe mode. I have not clicked on it. I looked in control panel and it is not listed in Add/Remove programs. I am assuming I need to uninstall the previous version before downloading a new one in Normal Mode? How would I go about uninstalling it in safe mode?

EDIT: Nevermind, i was able to uninstall it and reinstall

Edited by Skiminims, 27 December 2011 - 04:32 PM.

#22
Skiminims

Posted 27 December 2011 - 05:17 PM

Member

Topic Starter
Member
63 posts

UPDATE: I ran ComboFix, it went through all 50 stages, ComboFix restarted the computer, windows loaded, ComboFix popped back up stating: "Preparing Log Report. Do not run any programs until ComboFix has finished." that has been up for about 7 minutes, I'm afraid it is hung up again. Not sure how long it takes to generate a report or if it has done so. I'm not touching anything until I hear back from you.

#23
CompCav

Posted 27 December 2011 - 06:04 PM

Member 5k

Expert
12,454 posts

The report sometimes takes a very long time to complete. If it has not been completed in another 30 minutes just close it. The report should be located at c:\Combofix.txt

You are doing fine you just have a very tough infection but we will get it.

#24
Skiminims

Posted 27 December 2011 - 06:09 PM

Member

Topic Starter
Member
63 posts

I am very thankful to have your help! Looks like the whole computer froze as I was waiting, so I rebooted. Do you want me to go ahead and post the Combofix log, or all of them in the same post? I haven't had a chance to run TDSSKiller or OTL.

#25
Skiminims

Posted 27 December 2011 - 06:45 PM

Member

Topic Starter
Member
63 posts

I tried running the OTL fix again after having ran Combofix and TDSSKiller...and it hung up again at: O34 - HKLM BootExecute: (aswBoot.exe /M:388eb993027)

#26
CompCav

Posted 27 December 2011 - 07:47 PM

Member 5k

Expert
12,454 posts

Ok let's try it without that line in it.

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
[2011/07/30 17:52:55 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ko8dw50z.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}
[2010/04/19 08:40:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/19 08:40:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/19 08:40:25 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA File not found
O4 - HKCU..\Run: [Power2GoExpress] NA File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2011/12/25 17:45:10 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fcq.exe
[2011/12/26 15:58:44 | 000,011,288 | --S- | M] () -- C:\Documents and Settings\All Users\Application Data\t17ii4wl3e0m
[2011/12/26 15:58:44 | 000,011,288 | --S- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\t17ii4wl3e0m
[2011/12/22 13:31:19 | 000,016,444 | --S- | M] () -- C:\Documents and Settings\All Users\Application Data\474672s7k507w783d741k4qvb0b4
[2011/06/16 09:18:12 | 000,711,168 | ---- | C] () -- C:\WINDOWS\is-RUCSD.exe
[2011/06/15 17:44:10 | 000,016,190 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\jrfome35tf08ah35e4cqfgv7wigo7r
[2010/02/12 14:34:28 | 000,000,088 | R-S- | C] () -- C:\Documents and Settings\All Users\Application Data\07385C664C.sys
[2007/10/02 20:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8


:files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]

Now if it does not complete with this in the custom fix. Please reboot into safe mode by gently tapping the F8 key as the computer boots up and select safe mode or safe mode w/networking. Then run this fix in safe mode. It will want to reboot so when it does please be there and do the tapping of F8 to re-enter safe mode to complete the fix.

Then reboot into normal mode and run the quickscan for me as instructed in step 4.

Then do step 5., posting all the logs and telling me what issues remain and how the computer is performing.

Thanks,

CompCav

#27
Skiminims

Posted 27 December 2011 - 08:24 PM

Member

Topic Starter
Member
63 posts

I feel like such a pest. lol

I was able to run the OTL fix in normal mode and it went through everything. It says at the bottom "Processing complete!" but it hasn't done anything since. You said it was supposed to reboot? It has not done it yet. I try to click anywhere on the program and it just dings at me. Should I go ahead and manually reboot it? Should I go into safemode and re-run the OTL fix again?

#28
CompCav

Posted 27 December 2011 - 08:27 PM

Member 5k

Expert
12,454 posts

If it completed just manually reboot.

You probably do not need to run it again, we can check the OTL fix log when you post it and see if we need to redo anything.

Great progress for such a difficult infection!

#29
Skiminims

Posted 27 December 2011 - 08:51 PM

Member

Topic Starter
Member
63 posts

Combofix

ComboFix 11-12-27.01 - Owner 12/27/2011 16:39:56.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2359 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: PC Tools AntiVirus 3.6.0.34 *Enabled/Outdated* {832E7172-E406-4BB2-8B19-6D29F2C93A98}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Administrator\Local Settings\Application Data\fcq.exe
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
C:\Documents and Settings\Owner.Lindsay\System
C:\Documents and Settings\Owner.Lindsay\System\win_qs8.jqx
C:\Documents and Settings\Owner.Lindsay\zzjgkbaumj.tmp
C:\WINDOWS\$NtUninstallKB62069$
C:\WINDOWS\$NtUninstallKB62069$\2203982849
C:\WINDOWS\system32\SET171.tmp
C:\WINDOWS\system32\SET172.tmp
C:\WINDOWS\system32\SET174.tmp
C:\WINDOWS\system32\SET175.tmp
C:\WINDOWS\system32\SET176.tmp
C:\WINDOWS\system32\SET177.tmp
C:\WINDOWS\system32\SET178.tmp
C:\WINDOWS\system32\SET17A.tmp
C:\WINDOWS\system32\SET17C.tmp
C:\WINDOWS\system32\SET17D.tmp
C:\WINDOWS\system32\SET17E.tmp
C:\WINDOWS\system32\SET181.tmp
C:\WINDOWS\system32\SET182.tmp
C:\WINDOWS\system32\SET185.tmp
C:\WINDOWS\system32\SET186.tmp
C:\WINDOWS\system32\SET188.tmp
C:\WINDOWS\system32\SET18B.tmp
C:\WINDOWS\system32\SET18C.tmp
C:\WINDOWS\system32\SET18D.tmp
C:\WINDOWS\system32\SET18E.tmp
C:\WINDOWS\system32\SET18F.tmp
C:\WINDOWS\system32\SET190.tmp
C:\WINDOWS\system32\SET194.tmp
C:\WINDOWS\system32\SET195.tmp
C:\WINDOWS\system32\SET196.tmp
C:\WINDOWS\system32\SET197.tmp
C:\WINDOWS\system32\SET198.tmp
C:\WINDOWS\system32\SET199.tmp
C:\WINDOWS\system32\SET19A.tmp
C:\WINDOWS\system32\SET19B.tmp
C:\WINDOWS\system32\SET19C.tmp
C:\WINDOWS\system32\SET19D.tmp
C:\WINDOWS\system32\SET19E.tmp
C:\WINDOWS\system32\SET1A0.tmp
C:\WINDOWS\system32\SET1A1.tmp
C:\WINDOWS\system32\SET1A2.tmp
C:\WINDOWS\system32\SET1A3.tmp
C:\WINDOWS\system32\SET1AF.tmp
C:\WINDOWS\system32\SET1B1.tmp
C:\WINDOWS\system32\SET1B4.tmp
C:\WINDOWS\system32\SET1C0.tmp
C:\WINDOWS\system32\SET1C2.tmp
C:\WINDOWS\system32\SET2CA.tmp
C:\WINDOWS\system32\SET2CC.tmp
C:\WINDOWS\system32\SET2DB.tmp
C:\WINDOWS\system32\SET4C6.tmp
G:\AUTORUN.INF . . . . Failed to delete

Infected copy of C:\WINDOWS\system32\drivers\mqac.sys was found and disinfected
Restored copy from - The cat found it

((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))

2011-12-27 18:14:02 . 2011-12-27 18:14:02 -------- d-----w- C:\_OTL
2011-12-27 00:40:24 . 2011-12-27 00:40:24 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\HP
2011-12-27 00:39:42 . 2011-12-27 00:39:42 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
2011-12-27 00:39:02 . 2011-12-27 00:39:02 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
2011-12-27 00:35:01 . 2011-12-27 00:35:03 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Winamp
2011-12-25 23:44:57 . 2011-12-25 23:44:58 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2011-12-22 19:44:02 . 2011-12-22 19:44:02 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2011-11-29 22:20:46 . 2009-09-04 23:29:34 235344 ----a-w- C:\WINDOWS\system32\d3dx11_42.dll
2011-11-29 22:20:46 . 2009-09-04 23:29:32 1974616 ----a-w- C:\WINDOWS\system32\D3DCompiler_42.dll
2011-11-29 22:20:45 . 2009-09-04 23:29:34 453456 ----a-w- C:\WINDOWS\system32\d3dx10_42.dll
2011-11-29 22:16:19 . 2009-09-04 23:29:30 1892184 ----a-w- C:\WINDOWS\system32\D3DX9_42.dll
2011-11-29 05:17:25 . 2011-11-29 05:17:40 -------- d-----w- C:\Program Files\LOTRO
2011-11-29 05:16:49 . 2011-11-29 21:34:26 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PMB Files
2011-11-29 05:15:49 . 2011-11-29 05:15:49 -------- d-----w- C:\Program Files\Pando Networks
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-12-27 00:38:35 . 2011-08-09 02:57:42 232512 ----a-w- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2011-11-28 18:01:25 . 2011-06-16 23:59:24 41184 ----a-w- C:\WINDOWS\avastSS.scr
2011-11-28 18:01:23 . 2011-06-16 23:59:24 199816 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-11-28 17:53:53 . 2011-06-16 23:59:42 435032 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-11-28 17:53:35 . 2011-06-16 23:59:44 314456 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-11-28 17:52:19 . 2011-06-16 23:59:42 34392 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-11-28 17:52:16 . 2011-06-16 23:59:42 52952 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-11-28 17:52:02 . 2011-06-16 23:59:41 111320 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-11-28 17:51:59 . 2011-06-16 23:59:41 105176 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-11-28 17:51:50 . 2011-06-16 23:59:45 20568 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-11-28 17:48:49 . 2011-06-16 23:59:40 30808 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2009-05-01 21:02:48 . 2009-05-01 21:02:48 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02:48 . 2009-05-01 21:02:48 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll

TDSSKiller

18:16:07.0701 3572 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:16:08.0170 3572 ============================================================
18:16:08.0170 3572 Current date / time: 2011/12/27 18:16:08.0170
18:16:08.0170 3572 SystemInfo:
18:16:08.0170 3572
18:16:08.0170 3572 OS Version: 5.1.2600 ServicePack: 3.0
18:16:08.0170 3572 Product type: Workstation
18:16:08.0170 3572 ComputerName: LINDSAY
18:16:08.0170 3572 UserName: Owner
18:16:08.0170 3572 Windows directory: C:\WINDOWS
18:16:08.0170 3572 System windows directory: C:\WINDOWS
18:16:08.0170 3572 Processor architecture: Intel x86
18:16:08.0170 3572 Number of processors: 2
18:16:08.0170 3572 Page size: 0x1000
18:16:08.0170 3572 Boot type: Normal boot
18:16:08.0170 3572 ============================================================
18:16:09.0639 3572 Initialize success
18:16:31.0645 3692 ============================================================
18:16:31.0645 3692 Scan started
18:16:31.0645 3692 Mode: Manual; SigCheck; TDLFS;
18:16:31.0645 3692 ============================================================
18:16:31.0770 3692 .dtsoftbus01 - ok
18:16:31.0974 3692 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
18:16:33.0380 3692 61883 - ok
18:16:33.0536 3692 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:16:35.0224 3692 Aavmker4 - ok
18:16:35.0303 3692 Abiosdsk - ok
18:16:35.0381 3692 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:16:35.0521 3692 abp480n5 - ok
18:16:35.0678 3692 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:16:35.0818 3692 ACPI - ok
18:16:35.0990 3692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:16:36.0147 3692 ACPIEC - ok
18:16:36.0303 3692 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:16:36.0459 3692 adpu160m - ok
18:16:36.0537 3692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:16:36.0678 3692 aec - ok
18:16:36.0803 3692 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:16:36.0850 3692 AFD - ok
18:16:37.0006 3692 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:16:37.0147 3692 agp440 - ok
18:16:37.0319 3692 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:16:37.0522 3692 agpCPQ - ok
18:16:37.0584 3692 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:16:37.0647 3692 Aha154x - ok
18:16:37.0772 3692 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:16:37.0928 3692 aic78u2 - ok
18:16:38.0085 3692 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:16:38.0241 3692 aic78xx - ok
18:16:38.0303 3692 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:16:38.0475 3692 AliIde - ok
18:16:38.0632 3692 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:16:39.0163 3692 alim1541 - ok
18:16:39.0226 3692 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:16:39.0382 3692 amdagp - ok
18:16:39.0554 3692 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
18:16:39.0585 3692 AmdK8 - ok
18:16:39.0757 3692 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:16:39.0835 3692 amsint - ok
18:16:39.0898 3692 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
18:16:39.0929 3692 aracpi - ok
18:16:40.0038 3692 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
18:16:40.0085 3692 arhidfltr - ok
18:16:40.0226 3692 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
18:16:40.0257 3692 arkbcfltr - ok
18:16:40.0304 3692 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
18:16:40.0335 3692 armoucfltr - ok
18:16:40.0460 3692 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:16:40.0617 3692 Arp1394 - ok
18:16:40.0757 3692 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
18:16:40.0788 3692 ARPolicy - ok
18:16:40.0867 3692 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:16:41.0023 3692 asc - ok
18:16:41.0179 3692 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:16:41.0257 3692 asc3350p - ok
18:16:41.0304 3692 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:16:41.0476 3692 asc3550 - ok
18:16:41.0632 3692 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:16:41.0632 3692 aswFsBlk - ok
18:16:41.0726 3692 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
18:16:41.0726 3692 aswMon2 - ok
18:16:41.0851 3692 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
18:16:41.0851 3692 aswRdr - ok
18:16:42.0008 3692 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
18:16:42.0023 3692 aswSnx - ok
18:16:42.0179 3692 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
18:16:42.0211 3692 aswSP - ok
18:16:42.0367 3692 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
18:16:42.0383 3692 aswTdi - ok
18:16:42.0445 3692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:16:42.0664 3692 AsyncMac - ok
18:16:42.0789 3692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:16:42.0898 3692 atapi - ok
18:16:42.0992 3692 Atdisk - ok
18:16:43.0242 3692 ati2mtag (7e682d97868cefae5d2bbd23ebbf7207) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:16:43.0477 3692 ati2mtag - ok
18:16:43.0742 3692 atikmdag (ed29acf556ff827cb35c0d07ed4ab8d0) C:\WINDOWS\system32\DRIVERS\atikmdag.sys
18:16:44.0133 3692 atikmdag ( UnsignedFile.Multi.Generic ) - warning
18:16:44.0133 3692 atikmdag - detected UnsignedFile.Multi.Generic (1)
18:16:44.0258 3692 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\WINDOWS\system32\DRIVERS\atksgt.sys
18:16:44.0305 3692 atksgt - ok
18:16:44.0430 3692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:16:44.0649 3692 Atmarpc - ok
18:16:44.0727 3692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:16:44.0868 3692 audstub - ok
18:16:45.0008 3692 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
18:16:45.0149 3692 Avc - ok
18:16:45.0290 3692 AVFilter (f762f2181f542d9bb14048b346884be1) C:\WINDOWS\system32\drivers\AVFilter.sys
18:16:45.0305 3692 AVFilter ( UnsignedFile.Multi.Generic ) - warning
18:16:45.0305 3692 AVFilter - detected UnsignedFile.Multi.Generic (1)
18:16:45.0352 3692 AVHook (9c51835b670b808198408b09e60aa270) C:\WINDOWS\system32\drivers\AVHook.sys
18:16:45.0383 3692 AVHook ( UnsignedFile.Multi.Generic ) - warning
18:16:45.0383 3692 AVHook - detected UnsignedFile.Multi.Generic (1)
18:16:45.0509 3692 AVRec (f013a5931158686eb27b11302e1cadc1) C:\WINDOWS\system32\drivers\AVRec.sys
18:16:45.0540 3692 AVRec ( UnsignedFile.Multi.Generic ) - warning
18:16:45.0540 3692 AVRec - detected UnsignedFile.Multi.Generic (1)
18:16:45.0680 3692 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
18:16:45.0899 3692 basic2 - ok
18:16:46.0040 3692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:16:46.0212 3692 Beep - ok
18:16:46.0306 3692 Ca533av (a8eae8e358de3a21e6eb54f4fc7f65ec) C:\WINDOWS\system32\Drivers\Ca533av.sys
18:16:46.0368 3692 Ca533av - ok
18:16:46.0571 3692 Ca536av (48fed7d4ef20020bc6020200256cb8b3) C:\WINDOWS\system32\Drivers\Ca536av.sys
18:16:46.0634 3692 Ca536av - ok
18:16:46.0743 3692 catchme - ok
18:16:46.0900 3692 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:16:47.0134 3692 cbidf - ok
18:16:47.0228 3692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:16:47.0384 3692 cbidf2k - ok
18:16:47.0462 3692 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:16:47.0603 3692 CCDECODE - ok
18:16:47.0728 3692 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:16:47.0806 3692 cd20xrnt - ok
18:16:47.0900 3692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:16:48.0056 3692 Cdaudio - ok
18:16:48.0181 3692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:16:48.0322 3692 Cdfs - ok
18:16:48.0431 3692 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
18:16:48.0447 3692 Cdr4_xp - ok
18:16:48.0603 3692 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
18:16:48.0619 3692 Cdralw2k - ok
18:16:48.0666 3692 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:16:48.0697 3692 Cdrom - ok
18:16:48.0822 3692 Changer - ok
18:16:48.0916 3692 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:16:49.0119 3692 CmBatt - ok
18:16:49.0275 3692 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:16:49.0431 3692 CmdIde - ok
18:16:49.0541 3692 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:16:49.0666 3692 Compbatt - ok
18:16:49.0807 3692 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:16:49.0963 3692 Cpqarray - ok
18:16:50.0119 3692 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:16:50.0291 3692 dac2w2k - ok
18:16:50.0432 3692 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:16:50.0604 3692 dac960nt - ok
18:16:50.0744 3692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:16:50.0854 3692 Disk - ok
18:16:50.0979 3692 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:16:51.0151 3692 dmboot - ok
18:16:51.0307 3692 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:16:51.0573 3692 dmio - ok
18:16:51.0729 3692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:16:51.0963 3692 dmload - ok
18:16:52.0088 3692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:16:52.0229 3692 DMusic - ok
18:16:52.0401 3692 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:16:52.0557 3692 dpti2o - ok
18:16:52.0635 3692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:16:52.0761 3692 drmkaud - ok
18:16:52.0886 3692 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
18:16:52.0901 3692 dtsoftbus01 - ok
18:16:53.0057 3692 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
18:16:53.0245 3692 EL90XBC - ok
18:16:53.0417 3692 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
18:16:53.0589 3692 Fallback - ok
18:16:53.0730 3692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:16:53.0855 3692 Fastfat - ok
18:16:53.0917 3692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:16:54.0058 3692 Fdc - ok
18:16:54.0214 3692 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:16:54.0339 3692 Fips - ok
18:16:54.0417 3692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:16:54.0542 3692 Flpydisk - ok
18:16:54.0667 3692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:16:54.0792 3692 FltMgr - ok
18:16:54.0933 3692 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
18:16:55.0089 3692 Fsks - ok
18:16:55.0246 3692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:16:55.0402 3692 Fs_Rec - ok
18:16:55.0449 3692 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:16:55.0605 3692 Ftdisk - ok
18:16:55.0605 3692 FXDrv32 - ok
18:16:55.0746 3692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:16:55.0871 3692 Gpc - ok
18:16:55.0996 3692 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:16:56.0136 3692 HDAudBus - ok
18:16:56.0308 3692 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:16:56.0433 3692 HidUsb - ok
18:16:56.0512 3692 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:16:56.0652 3692 hpn - ok
18:16:56.0824 3692 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:16:56.0871 3692 HPZid412 - ok
18:16:56.0965 3692 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:16:57.0012 3692 HPZipr12 - ok
18:16:57.0152 3692 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:16:57.0199 3692 HPZius12 - ok
18:16:57.0387 3692 HSFHWBS2 (e51b7370d35e0006edf0e12b610c3489) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
18:16:57.0449 3692 HSFHWBS2 - ok
18:16:57.0637 3692 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:16:57.0762 3692 HSF_DPV - ok
18:16:57.0934 3692 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
18:16:58.0200 3692 hsf_msft - ok
18:16:58.0356 3692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:16:58.0403 3692 HTTP - ok
18:16:58.0559 3692 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:16:58.0684 3692 i2omgmt - ok
18:16:58.0762 3692 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:16:58.0950 3692 i2omp - ok
18:16:59.0075 3692 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:16:59.0215 3692 i8042prt - ok
18:16:59.0356 3692 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
18:16:59.0450 3692 iaStor ( UnsignedFile.Multi.Generic ) - warning
18:16:59.0450 3692 iaStor - detected UnsignedFile.Multi.Generic (1)
18:16:59.0637 3692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:16:59.0841 3692 Imapi - ok
18:17:00.0013 3692 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:17:00.0153 3692 ini910u - ok
18:17:00.0372 3692 IntcAzAudAddService (c73a4a48fbb3d00c7dbc6fe4f5e3675f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:17:00.0591 3692 IntcAzAudAddService - ok
18:17:00.0747 3692 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:17:00.0872 3692 IntelIde - ok
18:17:00.0966 3692 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:17:01.0091 3692 Ip6Fw - ok
18:17:01.0216 3692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:17:01.0357 3692 IpFilterDriver - ok
18:17:01.0529 3692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:17:01.0654 3692 IpInIp - ok
18:17:01.0700 3692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:17:01.0841 3692 IpNat - ok
18:17:01.0982 3692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:17:02.0107 3692 IPSec - ok
18:17:02.0263 3692 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
18:17:02.0404 3692 irda - ok
18:17:02.0529 3692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:17:02.0654 3692 IRENUM - ok
18:17:02.0779 3692 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
18:17:02.0857 3692 irsir - ok
18:17:02.0982 3692 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:17:03.0123 3692 isapnp - ok
18:17:03.0248 3692 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
18:17:03.0435 3692 K56 - ok
18:17:03.0576 3692 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:17:03.0717 3692 Kbdclass - ok
18:17:03.0810 3692 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:17:03.0920 3692 kbdhid - ok
18:17:04.0076 3692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:17:04.0232 3692 kmixer - ok
18:17:04.0373 3692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:17:04.0404 3692 KSecDD - ok
18:17:04.0498 3692 lbrtfdc - ok
18:17:04.0608 3692 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
18:17:04.0623 3692 lirsgt - ok
18:17:04.0764 3692 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
18:17:04.0811 3692 LVUSBSta - ok
18:17:04.0920 3692 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
18:17:04.0967 3692 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
18:17:04.0967 3692 MarvinBus - detected UnsignedFile.Multi.Generic (1)
18:17:05.0123 3692 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:17:05.0170 3692 mdmxsdk - ok
18:17:05.0326 3692 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:17:05.0342 3692 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
18:17:05.0342 3692 MHNDRV - detected UnsignedFile.Multi.Generic (1)
18:17:05.0420 3692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:17:05.0639 3692 mnmdd - ok
18:17:05.0795 3692 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:17:05.0905 3692 Modem - ok
18:17:05.0967 3692 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:17:06.0092 3692 MODEMCSA - ok
18:17:06.0264 3692 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:17:06.0405 3692 Mouclass - ok
18:17:06.0483 3692 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:17:06.0639 3692 mouhid - ok
18:17:06.0749 3692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:17:06.0889 3692 MountMgr - ok
18:17:07.0030 3692 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:17:07.0186 3692 mraid35x - ok
18:17:07.0265 3692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:17:07.0405 3692 MRxDAV - ok
18:17:07.0577 3692 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:17:07.0655 3692 MRxSmb - ok
18:17:07.0812 3692 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
18:17:07.0952 3692 MSDV - ok
18:17:08.0015 3692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:17:08.0234 3692 Msfs - ok
18:17:08.0374 3692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:17:08.0484 3692 MSKSSRV - ok
18:17:08.0656 3692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:17:08.0781 3692 MSPCLOCK - ok
18:17:08.0859 3692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:17:08.0984 3692 MSPQM - ok
18:17:09.0093 3692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:17:09.0203 3692 mssmbios - ok
18:17:09.0328 3692 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:17:09.0453 3692 MSTEE - ok
18:17:09.0593 3692 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:17:09.0625 3692 Mup - ok
18:17:09.0765 3692 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:17:09.0890 3692 NABTSFEC - ok
18:17:10.0015 3692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:17:10.0156 3692 NDIS - ok
18:17:10.0250 3692 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
18:17:10.0281 3692 ndiscm - ok
18:17:10.0437 3692 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:17:10.0562 3692 NdisIP - ok
18:17:10.0656 3692 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:17:10.0687 3692 NdisTapi - ok
18:17:10.0844 3692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:17:11.0031 3692 Ndisuio - ok
18:17:11.0203 3692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:17:11.0328 3692 NdisWan - ok
18:17:11.0453 3692 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:17:11.0484 3692 NDProxy - ok
18:17:11.0578 3692 NeroCd2k (58b29812b8d23501d15d85dd72eacb34) C:\WINDOWS\system32\drivers\NeroCd2k.sys
18:17:11.0609 3692 NeroCd2k ( UnsignedFile.Multi.Generic ) - warning
18:17:11.0609 3692 NeroCd2k - detected UnsignedFile.Multi.Generic (1)
18:17:11.0766 3692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:17:11.0985 3692 NetBIOS - ok
18:17:12.0078 3692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:17:12.0219 3692 NetBT - ok
18:17:12.0344 3692 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:17:12.0469 3692 NIC1394 - ok
18:17:12.0594 3692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:17:12.0735 3692 Npfs - ok
18:17:12.0844 3692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:17:13.0000 3692 Ntfs - ok
18:17:13.0188 3692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:17:13.0329 3692 Null - ok
18:17:13.0532 3692 nv (77be0cee4e4a17474650d38ccc9d5579) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:17:13.0860 3692 nv - ok
18:17:13.0985 3692 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:17:14.0016 3692 NVENETFD - ok
18:17:14.0266 3692 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:17:14.0313 3692 nvnetbus - ok
18:17:14.0454 3692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:17:14.0673 3692 NwlnkFlt - ok
18:17:14.0845 3692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:17:14.0970 3692 NwlnkFwd - ok
18:17:15.0064 3692 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:17:15.0204 3692 ohci1394 - ok
18:17:15.0360 3692 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:17:15.0501 3692 Parport - ok
18:17:15.0548 3692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:17:15.0689 3692 PartMgr - ok
18:17:15.0814 3692 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:17:15.0939 3692 ParVdm - ok
18:17:16.0048 3692 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:17:16.0204 3692 PCI - ok
18:17:16.0314 3692 PCIDump - ok
18:17:16.0376 3692 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:17:16.0501 3692 PCIIde - ok
18:17:16.0626 3692 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:17:16.0751 3692 Pcmcia - ok
18:17:16.0877 3692 PDCOMP - ok
18:17:16.0908 3692 PDFRAME - ok
18:17:17.0033 3692 PDRELI - ok
18:17:17.0064 3692 PDRFRAME - ok
18:17:17.0142 3692 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:17:17.0283 3692 perc2 - ok
18:17:17.0392 3692 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:17:17.0533 3692 perc2hib - ok
18:17:17.0721 3692 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
18:17:17.0814 3692 PID_08A0 - ok
18:17:18.0017 3692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:17:18.0268 3692 PptpMiniport - ok
18:17:18.0471 3692 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:17:18.0658 3692 Processor - ok
18:17:18.0815 3692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:17:18.0940 3692 PSched - ok
18:17:19.0065 3692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:17:19.0205 3692 Ptilink - ok
18:17:19.0315 3692 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:17:19.0330 3692 PxHelp20 - ok
18:17:19.0487 3692 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:17:19.0627 3692 ql1080 - ok
18:17:19.0659 3692 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:17:19.0799 3692 Ql10wnt - ok
18:17:19.0940 3692 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:17:20.0081 3692 ql12160 - ok
18:17:20.0159 3692 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:17:20.0299 3692 ql1240 - ok
18:17:20.0393 3692 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:17:20.0534 3692 ql1280 - ok
18:17:20.0628 3692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:17:20.0768 3692 RasAcd - ok
18:17:20.0878 3692 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
18:17:20.0940 3692 Rasirda - ok
18:17:21.0065 3692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:17:21.0190 3692 Rasl2tp - ok
18:17:21.0315 3692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:17:21.0440 3692 RasPppoe - ok
18:17:21.0597 3692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:17:21.0737 3692 Raspti - ok
18:17:21.0894 3692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:17:22.0003 3692 Rdbss - ok
18:17:22.0081 3692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:17:22.0222 3692 RDPCDD - ok
18:17:22.0378 3692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:17:22.0519 3692 rdpdr - ok
18:17:22.0691 3692 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:17:22.0738 3692 RDPWD - ok
18:17:22.0894 3692 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:17:23.0034 3692 redbook - ok
18:17:23.0175 3692 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
18:17:23.0363 3692 Rksample - ok
18:17:23.0597 3692 RTHDMIAzAudService (3aec576178bc1554fd95ef6d4729b105) C:\WINDOWS\system32\drivers\RtHDMI.sys
18:17:24.0175 3692 RTHDMIAzAudService - ok
18:17:24.0316 3692 RTLE8023xp (b52b25f41bf3511071a0e7d10d659c56) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
18:17:24.0379 3692 RTLE8023xp - ok
18:17:24.0519 3692 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
18:17:24.0551 3692 s0016bus - ok
18:17:24.0613 3692 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
18:17:24.0629 3692 s0016mdfl - ok
18:17:24.0754 3692 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
18:17:24.0785 3692 s0016mdm - ok
18:17:24.0832 3692 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
18:17:24.0863 3692 s0016mgmt - ok
18:17:24.0988 3692 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
18:17:25.0004 3692 s0016nd5 - ok
18:17:25.0098 3692 s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
18:17:25.0129 3692 s0016obex - ok
18:17:25.0269 3692 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
18:17:25.0301 3692 s0016unic - ok
18:17:25.0426 3692 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\WINDOWS\system32\DRIVERS\s616bus.sys
18:17:25.0457 3692 s616bus - ok
18:17:25.0535 3692 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\WINDOWS\system32\DRIVERS\s616mdfl.sys
18:17:25.0551 3692 s616mdfl - ok
18:17:25.0707 3692 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\WINDOWS\system32\DRIVERS\s616mdm.sys
18:17:25.0723 3692 s616mdm - ok
18:17:25.0832 3692 s616mgmt (5f0be24e4d4fa134b0b2fef35d3a9d90) C:\WINDOWS\system32\DRIVERS\s616mgmt.sys
18:17:25.0863 3692 s616mgmt - ok
18:17:25.0926 3692 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\WINDOWS\system32\DRIVERS\s616nd5.sys
18:17:25.0957 3692 s616nd5 - ok
18:17:26.0098 3692 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\WINDOWS\system32\DRIVERS\s616obex.sys
18:17:26.0129 3692 s616obex - ok
18:17:26.0270 3692 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\WINDOWS\system32\DRIVERS\s616unic.sys
18:17:26.0301 3692 s616unic - ok
18:17:26.0426 3692 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:17:26.0629 3692 sdbus - ok
18:17:26.0786 3692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:17:26.0926 3692 Secdrv - ok
18:17:27.0004 3692 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:17:27.0129 3692 Serenum - ok
18:17:27.0254 3692 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:17:27.0395 3692 Serial - ok
18:17:27.0567 3692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:17:27.0692 3692 Sfloppy - ok
18:17:27.0770 3692 Simbad - ok
18:17:27.0942 3692 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:17:28.0067 3692 sisagp - ok
18:17:28.0145 3692 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:17:28.0270 3692 SLIP - ok
18:17:28.0442 3692 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
18:17:28.0599 3692 SoftFax - ok
18:17:28.0770 3692 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:17:28.0849 3692 Sparrow - ok
18:17:28.0942 3692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:17:29.0067 3692 splitter - ok
18:17:29.0224 3692 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:17:29.0349 3692 sr - ok
18:17:29.0489 3692 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:17:29.0552 3692 Srv - ok
18:17:29.0724 3692 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:17:29.0849 3692 streamip - ok
18:17:29.0927 3692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:17:30.0115 3692 swenum - ok
18:17:30.0240 3692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:17:30.0365 3692 swmidi - ok
18:17:30.0537 3692 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:17:30.0646 3692 symc810 - ok
18:17:30.0693 3692 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:17:30.0833 3692 symc8xx - ok
18:17:30.0974 3692 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:17:31.0099 3692 sym_hi - ok
18:17:31.0193 3692 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:17:31.0334 3692 sym_u3 - ok
18:17:31.0412 3692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:17:31.0537 3692 sysaudio - ok
18:17:31.0677 3692 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
18:17:31.0709 3692 tapvpn ( UnsignedFile.Multi.Generic ) - warning
18:17:31.0709 3692 tapvpn - detected UnsignedFile.Multi.Generic (1)
18:17:31.0787 3692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:17:31.0865 3692 Tcpip - ok
18:17:32.0021 3692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:17:32.0146 3692 TDPIPE - ok
18:17:32.0209 3692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:17:32.0350 3692 TDTCP - ok
18:17:32.0459 3692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:17:32.0600 3692 TermDD - ok
18:17:32.0772 3692 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
18:17:32.0912 3692 Tones - ok
18:17:32.0975 3692 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:17:33.0115 3692 TosIde - ok
18:17:33.0240 3692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:17:33.0381 3692 Udfs - ok
18:17:33.0522 3692 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:17:33.0616 3692 ultra - ok
18:17:33.0694 3692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:17:33.0850 3692 Update - ok
18:17:34.0006 3692 USBCamera (0c28dd9ec68ccb6e95d49bfd24fd2c11) C:\WINDOWS\system32\Drivers\Bulk533.sys
18:17:34.0022 3692 USBCamera - ok
18:17:34.0178 3692 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:17:34.0303 3692 usbccgp - ok
18:17:34.0381 3692 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:17:34.0585 3692 usbehci - ok
18:17:34.0710 3692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:17:34.0835 3692 usbhub - ok
18:17:34.0991 3692 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:17:35.0116 3692 usbohci - ok
18:17:35.0225 3692 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:17:35.0366 3692 usbprint - ok
18:17:35.0491 3692 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:17:35.0616 3692 usbscan - ok
18:17:35.0710 3692 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:17:35.0835 3692 usbstor - ok
18:17:35.0960 3692 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:17:36.0069 3692 usbuhci - ok
18:17:36.0241 3692 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
18:17:36.0398 3692 USRpdA - ok
18:17:36.0554 3692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:17:36.0694 3692 VgaSave - ok
18:17:36.0757 3692 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:17:36.0882 3692 viaagp - ok
18:17:37.0007 3692 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:17:37.0132 3692 ViaIde - ok
18:17:37.0273 3692 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:17:37.0429 3692 VolSnap - ok
18:17:37.0585 3692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:17:37.0726 3692 Wanarp - ok
18:17:37.0820 3692 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
18:17:37.0851 3692 wanatw - ok
18:17:37.0976 3692 WDICA - ok
18:17:38.0039 3692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:17:38.0179 3692 wdmaud - ok
18:17:38.0351 3692 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:17:38.0429 3692 winachsf - ok
18:17:38.0648 3692 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:17:38.0804 3692 WS2IFSL - ok
18:17:38.0883 3692 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:17:39.0023 3692 WSTCODEC - ok
18:17:39.0180 3692 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:17:39.0242 3692 WudfPf - ok
18:17:39.0383 3692 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:17:39.0414 3692 WudfRd - ok
18:17:39.0539 3692 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
18:17:39.0570 3692 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
18:17:39.0570 3692 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
18:17:39.0633 3692 MBR (0x1B8) (b716b775fcbdabf0e2ddff76f15c6790) \Device\Harddisk1\DR3
18:17:39.0773 3692 \Device\Harddisk1\DR3 - ok
18:17:39.0805 3692 Boot (0x1200) (f5f1ca1dd16be583b1f08fdeb4dfdaf8) \Device\Harddisk0\DR0\Partition0
18:17:39.0805 3692 \Device\Harddisk0\DR0\Partition0 - ok
18:17:39.0805 3692 Boot (0x1200) (6dc48fe364e12d0ad9717ff828eba08b) \Device\Harddisk0\DR0\Partition1
18:17:39.0805 3692 \Device\Harddisk0\DR0\Partition1 - ok
18:17:39.0820 3692 Boot (0x1200) (b4de149e368d9899ae22448f8738a6ef) \Device\Harddisk1\DR3\Partition0
18:17:39.0820 3692 \Device\Harddisk1\DR3\Partition0 - ok
18:17:39.0820 3692 ============================================================
18:17:39.0820 3692 Scan finished
18:17:39.0820 3692 ============================================================
18:17:39.0961 1376 Detected object count: 10
18:17:39.0961 1376 Actual detected object count: 10
18:18:28.0115 1376 atikmdag ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:28.0115 1376 atikmdag ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:28.0115 1376 AVFilter ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:28.0115 1376 AVFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:28.0131 1376 AVHook ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:28.0131 1376 AVHook ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:28.0131 1376 AVRec ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:28.0131 1376 AVRec ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:28.0131 1376 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:28.0131 1376 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:28.0146 1376 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:28.0146 1376 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:28.0146 1376 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:28.0146 1376 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:28.0162 1376 NeroCd2k ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:28.0162 1376 NeroCd2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:28.0162 1376 tapvpn ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:28.0162 1376 tapvpn ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:28.0177 1376 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
18:18:28.0240 1376 \Device\Harddisk0\DR0 - ok
18:18:28.0240 1376 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
18:18:38.0039 2136 Deinitialize success

OTL Fix Log

All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.
File C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
Folder C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ko8dw50z.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Folder C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\ not found.
File C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
File C:\Program Files\Java\jre6\bin\ssv.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
File C:\Program Files\Java\jre6\bin\npjpi160_20.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\fcq.exe not found.
C:\Documents and Settings\All Users\Application Data\t17ii4wl3e0m moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\t17ii4wl3e0m moved successfully.
C:\Documents and Settings\All Users\Application Data\474672s7k507w783d741k4qvb0b4 moved successfully.
C:\WINDOWS\is-RUCSD.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\jrfome35tf08ah35e4cqfgv7wigo7r moved successfully.
C:\Documents and Settings\All Users\Application Data\07385C664C.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner.Lindsay\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner.Lindsay\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 98829 bytes
->FireFox cache emptied: 45597938 bytes
->Flash cache emptied: 930 bytes

User: All Users

User: Anime

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Owner.Lindsay
->Temp folder emptied: 613150 bytes
->Temporary Internet Files folder emptied: 2302909 bytes
->Java cache emptied: 15707194 bytes
->FireFox cache emptied: 76644588 bytes
->Flash cache emptied: 189264 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 314088 bytes
%systemroot%\System32 .tmp files removed: 59060 bytes
%systemroot%\System32\dllcache .tmp files removed: 8814592 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 573448 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 144.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 12272011_201825

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL Quick Scan

OTL logfile created on: 12/27/2011 8:33:05 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner.Lindsay\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 80.81% Memory free
5.34 Gb Paging File | 4.93 Gb Available in Paging File | 92.24% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.51 Gb Total Space | 15.62 Gb Free Space | 6.86% Space Free | Partition Type: NTFS
Drive D: | 5.36 Gb Total Space | 2.11 Gb Free Space | 39.45% Space Free | Partition Type: FAT32
Drive G: | 121.26 Mb Total Space | 7.26 Mb Free Space | 5.99% Space Free | Partition Type: FAT

Computer Name: LINDSAY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/23 19:31:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lindsay\Desktop\OTL.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/21 02:23:28 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/09/20 14:30:46 | 001,185,008 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Workspace\offSyncService.exe
PRC - [2011/09/01 22:01:55 | 000,034,496 | ---- | M] () -- C:\Program Files\Workspace\workspaceupdate.exe
PRC - [2011/08/02 01:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2008/08/03 17:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/20 13:43:16 | 000,331,776 | ---- | M] () -- C:\Program Files\AGEIA Technologies\TrayIcon.exe
PRC - [2005/12/09 20:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/08/02 18:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/07/19 16:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 14:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 13:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/12/08 19:57:36 | 000,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/27 13:03:58 | 001,657,344 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11122702\algo.dll
MOD - [2011/12/19 17:49:56 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11122702\aswRep.dll
MOD - [2011/11/21 17:48:14 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e1a85615ab132405c28590c9d8e6233f\System.Web.ni.dll
MOD - [2011/11/21 17:43:40 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\5756ca113c80af34720b25cfc7a7b445\System.Configuration.ni.dll
MOD - [2011/11/21 17:43:26 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\6d081910258eaa8d51d4d69036a312ac\Accessibility.ni.dll
MOD - [2011/11/21 16:20:39 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c4020fe0dc0b08e7fbf56be3fa2af986\System.Xml.ni.dll
MOD - [2011/11/21 16:20:31 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0f11a9acd451eab539a828efb005c1b6\System.Windows.Forms.ni.dll
MOD - [2011/11/21 16:20:12 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8812414cfc3093d545c71980100970a5\System.Drawing.ni.dll
MOD - [2011/11/21 16:18:05 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\279715bc4706e5e5683f405085a58fa6\System.ni.dll
MOD - [2011/11/21 16:17:55 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b1e18a86c1ee54bf30076d9db209c577\mscorlib.ni.dll
MOD - [2011/10/27 15:45:01 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/09/01 22:01:55 | 000,034,496 | ---- | M] () -- C:\Program Files\Workspace\workspaceupdate.exe
MOD - [2011/02/28 16:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/10/14 20:27:45 | 001,691,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3134.40006__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/10/14 20:27:45 | 000,266,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3134.39961__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:45 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3134.40009__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/10/14 20:27:45 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3134.40160__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:45 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3134.40125__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3134.39999__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/10/14 20:27:45 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3134.40096__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3134.39983__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:44 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3134.40198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/10/14 20:27:44 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3134.40199__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:44 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3134.40008__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:44 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3134.39977__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3134.40007__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:43 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3134.40134__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:43 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3134.40135__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/10/14 20:27:43 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3134.40133__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:41 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3134.40100__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:41 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3134.40149__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/10/14 20:27:40 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3134.40011__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:40 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3134.39985__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:40 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3134.40010__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:40 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3134.40119__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:40 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3134.40099__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:40 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3134.40017__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:40 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3134.40118__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:39 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3134.40089__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:39 | 000,376,832 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3134.40098__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:39 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3134.40097__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:39 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3134.40098__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:39 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3134.40121__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3119.30092__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/10/14 20:27:39 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3119.30104__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/10/14 20:27:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3119.30081__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/10/14 20:27:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3119.30177__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/10/14 20:27:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3119.30120__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/10/14 20:27:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3119.30176__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/10/14 20:27:38 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/10/14 20:27:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/10/14 20:27:37 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3119.30063__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/10/14 20:27:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3119.30065__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/10/14 20:27:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3119.30127__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/10/14 20:27:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3119.30117__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/10/14 20:27:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3119.30171__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/10/14 20:27:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/10/14 20:27:36 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3119.30067__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/10/14 20:27:36 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3119.30096__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3119.30169__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3119.30232__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/10/14 20:27:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3119.30100__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3119.30089__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3119.30082__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3119.30140__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3119.30128__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/10/14 20:27:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/10/14 20:27:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3119.30094__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3119.30139__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3119.30129__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/10/14 20:27:35 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3119.30145__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/10/14 20:27:35 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3119.30146__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/10/14 20:27:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3119.30149__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3134.40215__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/10/14 20:27:34 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3119.30118__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3119.30141__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3119.30122__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3119.30119__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/10/14 20:27:34 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3119.30093__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3134.40228__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009/10/14 20:27:33 | 000,417,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3134.40175__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009/10/14 20:27:33 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3134.39992__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/10/14 20:27:33 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3134.40186__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/10/14 20:27:33 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3134.40183__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/10/14 20:27:33 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3134.39953__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/10/14 20:27:33 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3119.30076__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/10/14 20:27:33 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3119.30085__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/10/14 20:27:33 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3119.30121__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/10/14 20:27:33 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3119.30121__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/10/14 20:27:33 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3119.30074__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009/10/14 20:27:33 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/10/14 20:27:33 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/10/14 20:27:33 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3134.39948__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/10/14 20:27:32 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3134.39951__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/10/14 20:27:32 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3119.30123__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/10/14 20:27:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3119.30113__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/10/14 20:27:31 | 000,999,424 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3134.39970__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/10/14 20:27:31 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3134.39952__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/10/14 20:27:31 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3134.39950__90ba9c70f846762e\APM.Server.dll
MOD - [2009/10/14 20:27:31 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3134.39948__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/10/14 20:27:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3119.30101__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/10/14 20:27:31 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/10/14 20:27:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3134.40186__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/10/14 20:27:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3119.30150__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/08/03 17:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2008/06/23 12:58:36 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/03/20 13:43:16 | 000,331,776 | ---- | M] () -- C:\Program Files\AGEIA Technologies\TrayIcon.exe
MOD - [2004/12/08 19:57:36 | 000,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
MOD - [2003/05/16 22:09:32 | 000,011,776 | ---- | M] () -- C:\WINDOWS\HIDMNT.dll
MOD - [2001/07/02 22:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PCTAVSvc)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/20 14:30:46 | 001,185,008 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2008/06/30 10:10:23 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/11/24 23:01:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Driver Services (SafeList) ==========

DRV - [2011/12/26 18:38:35 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/05/14 12:08:40 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2008/10/24 12:42:28 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/10/24 12:42:27 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/10/24 12:42:27 | 000,244,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2008/08/12 02:10:50 | 004,751,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/01 00:40:28 | 003,894,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/01 00:38:20 | 003,266,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/07/17 19:12:38 | 003,682,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008/07/17 09:39:52 | 000,044,227 | ---- | M] (ahead software gmbh
im stoeckmaedle 6
76307 karlsbad, germany
Fax: ++49-7248-911-888
e-mail: [email protected]) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NeroCd2k.sys -- (NeroCd2k)
DRV - [2008/07/03 14:23:51 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2008/06/30 21:27:44 | 000,108,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/05/16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007/10/07 17:29:33 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/10/07 17:29:32 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/08/07 10:38:02 | 000,015,872 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AVFilter.sys -- (AVFilter)
DRV - [2007/06/18 16:15:18 | 000,022,528 | ---- | M] (PC Tools Research Pty Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVHook.sys -- (AVHook)
DRV - [2007/06/18 16:15:18 | 000,015,872 | ---- | M] (PC Tools Research Pty Ltd ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVRec.sys -- (AVRec)
DRV - [2007/04/03 12:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 12:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 12:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 12:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 12:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 12:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/03/07 17:51:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/03/07 17:51:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/06/19 01:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/07/28 12:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/28 12:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/05/27 08:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 08:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/09/29 14:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2003/09/05 12:47:22 | 000,514,859 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ca536av.sys -- (Ca536av)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/21 10:37:16 | 000,515,803 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca533av.sys -- (Ca533av) Icatch(IV)
DRV - [2002/07/25 10:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) Icatch(IV)
DRV - [2001/08/17 12:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/08/17 12:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USRpdA.sys -- (USRpdA)
DRV - [2001/08/17 12:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 12:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 12:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 12:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 12:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 12:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 12:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 12:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...ys=DTP&M=GT5220
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 35 C6 ED 01 C8 03 82 48 99 14 25 63 25 06 D1 0E [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...ys=DTP&M=GT5220
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 35 C6 ED 01 C8 03 82 48 99 14 25 63 25 06 D1 0E [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 35 C6 ED 01 C8 03 82 48 99 14 25 63 25 06 D1 0E [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 35 C6 ED 01 C8 03 82 48 99 14 25 63 25 06 D1 0E [binary data]

IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.archerytalk.com/vb/
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 35 C6 ED 01 C8 03 82 48 99 14 25 63 25 06 D1 0E [binary data]
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.bdtoolbar.orig_keyword_url: "data:text/plain,keyword.URL=http://search.yahoo.com/search?ei=UTF-8&fr=yff35awe&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.ikesoutdoors.com"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.201
FF - prefs.js..extensions.enabledItems: {2a5e149e-c859-4c51-b16b-ba623b583935}:1.0
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.3

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 17:49:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/24 12:57:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 13:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/27 12:14:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/24 12:57:43 | 000,000,000 | ---D | M]

[2009/06/17 20:34:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Extensions
[2011/12/25 13:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions
[2011/06/24 16:14:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/30 17:52:55 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}
[2011/04/19 18:23:42 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/04/19 18:23:43 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/08/19 09:21:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/02/07 11:30:18 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\[email protected]
[2011/12/27 18:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/24 12:06:32 | 000,000,000 | ---D | M] (Starfield Zoom) -- C:\Program Files\Mozilla Firefox\extensions\zoomext@starfield
[2011/09/01 22:02:42 | 000,000,000 | ---D | M] (WBE Paste) -- C:\DOCUMENTS AND SETTINGS\OWNER.LINDSAY\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\WBEPASTE@STARFIELD
[2011/12/06 18:47:13 | 000,000,000 | ---D | M] (Workspace Email Zoom) -- C:\DOCUMENTS AND SETTINGS\OWNER.LINDSAY\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\ZOOMEXT@STARFIELD
[2010/03/04 17:49:17 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2009/11/20 12:34:44 | 000,218,624 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwbe.dll

O1 HOSTS File: ([2011/12/27 20:18:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006..\Run: [Starfield Updater] C:\Program Files\Workspace\WorkspaceUpdate.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{741894F8-4A75-4632-BFCC-1475BEC1D96C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9285FE47-0669-4854-9785-E023AF4C09FD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D801D433-DE9A-4E4C-B70E-30810B5E1A75}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 03:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/26 15:59:00 | 000,000,016 | -H-- | M] () - G:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/27 20:19:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/27 18:16:00 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.Lindsay\Desktop\tdsskiller(2).exe
[2011/12/27 16:31:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/27 16:31:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/27 16:31:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/27 16:31:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/27 16:31:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/27 16:28:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/27 12:14:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/27 12:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lindsay\Desktop\RK_Quarantine
[2011/12/23 19:31:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lindsay\Desktop\OTL.exe
[2011/11/29 16:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lindsay\My Documents\The Lord of the Rings Online
[2011/11/29 16:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\The Lord of the Rings Online
[2011/11/28 23:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\LOTRO
[2011/11/28 23:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\PMB Files
[2011/11/28 23:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/11/28 23:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[1 C:\Documents and Settings\Owner.Lindsay\Desktop\*.tmp files -> C:\Documents and Settings\Owner.Lindsay\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/27 20:30:11 | 000,521,852 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/27 20:30:11 | 000,097,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/27 20:30:02 | 000,012,648 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/27 20:29:49 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/27 20:29:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/27 20:29:34 | 000,003,568 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/12/27 20:28:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/27 20:18:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/27 18:15:11 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.Lindsay\Desktop\tdsskiller(2).exe
[2011/12/26 18:38:35 | 000,232,512 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/12/25 17:44:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/23 19:31:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lindsay\Desktop\OTL.exe
[2011/12/22 22:00:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/22 13:31:19 | 000,016,444 | --S- | M] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\474672s7k507w783d741k4qvb0b4
[2011/12/21 13:57:04 | 217,793,177 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\ProChronoEdited.wmv
[2011/12/20 22:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/19 22:41:32 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/12/17 09:55:05 | 000,039,608 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\Application Data\wklnhst.dat
[2011/12/07 12:15:30 | 254,248,937 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\Eliminator.wmv
[2011/12/05 11:10:30 | 000,152,192 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\My Documents\USCell.png
[2011/12/04 01:06:03 | 000,260,344 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\My Documents\Gûr Edhellen V5.0.pdf
[2011/11/30 13:40:45 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/11/29 22:10:53 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/29 16:15:39 | 000,001,866 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\The Lord of the Rings Online.lnk
[2011/11/29 16:14:56 | 001,044,651 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\CuzTurkeyDaySM.png
[2011/11/29 16:11:42 | 008,750,593 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\CuzTurkeyDay.png
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/28 11:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[1 C:\Documents and Settings\Owner.Lindsay\Desktop\*.tmp files -> C:\Documents and Settings\Owner.Lindsay\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/27 16:31:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/27 16:31:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/27 16:31:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/27 16:31:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/23 19:32:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/22 13:26:09 | 000,016,444 | --S- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\474672s7k507w783d741k4qvb0b4
[2011/12/22 01:25:11 | 217,793,177 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\ProChronoEdited.wmv
[2011/12/07 13:03:09 | 254,248,937 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\Eliminator.wmv
[2011/12/05 11:10:28 | 000,152,192 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\My Documents\USCell.png
[2011/12/04 01:06:03 | 000,260,344 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\My Documents\Gûr Edhellen V5.0.pdf
[2011/11/29 16:15:39 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\The Lord of the Rings Online.lnk
[2011/11/29 16:14:53 | 001,044,651 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\CuzTurkeyDaySM.png
[2011/11/29 16:11:34 | 008,750,593 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\CuzTurkeyDay.png
[2011/11/20 19:44:34 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/07/30 08:24:43 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0707.old
[2011/07/29 20:31:51 | 000,381,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/16 09:26:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{6B48CC37-9F47-418C-A65B-EB7549DD289C}
[2011/06/16 09:26:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{073B44C5-9107-4F84-A53E-963406EF5240}
[2011/06/15 17:44:10 | 000,016,190 | --S- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\jrfome35tf08ah35e4cqfgv7wigo7r
[2011/02/09 22:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2010/08/28 12:41:56 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat.temp
[2010/08/24 12:50:53 | 000,171,929 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/08/24 12:50:53 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2010/08/19 16:09:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2010/08/19 16:09:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\MKSetting.exe
[2010/08/17 20:45:55 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2010/08/17 20:45:46 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/28 15:21:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/05/24 14:03:34 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/24 14:03:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/05/23 11:43:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/12 14:34:27 | 000,005,018 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/01/29 10:58:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\prvlcl.dat
[2010/01/16 21:33:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/21 13:43:09 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\decdll.dll
[2009/10/14 20:30:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/10/14 20:26:19 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/10/14 20:17:11 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/14 19:37:47 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\atiumdva.dat
[2009/09/22 14:28:11 | 000,001,888 | ---- | C] () -- C:\WINDOWS\CA533A.INI
[2009/09/22 14:28:10 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2009/09/22 14:28:10 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2009/08/20 11:32:05 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/31 07:03:57 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\kodakpcd.ini
[2009/03/26 11:18:00 | 000,028,992 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/01/06 20:55:01 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/09/09 19:26:05 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2008/09/09 19:22:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2008/07/31 22:47:28 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\atitmmxx.dll
[2008/07/31 21:59:05 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/07/31 21:59:05 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/07/31 21:59:05 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/24 15:09:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/06/23 07:47:40 | 000,174,820 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/05/30 15:48:15 | 000,000,275 | ---- | C] () -- C:\WINDOWS\EReg104.dat
[2008/03/05 18:38:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\atibrtmon.exe
[2008/01/23 14:29:17 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2008/01/23 14:29:17 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2008/01/23 14:29:17 | 000,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2007/10/07 17:29:33 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/10/07 17:29:32 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/08/21 15:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007/08/21 13:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/03/29 11:04:25 | 000,000,575 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/16 20:19:28 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\fusioncache.dat
[2007/02/01 20:59:43 | 000,000,048 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2007/01/26 23:08:32 | 000,039,608 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Application Data\wklnhst.dat
[2007/01/09 23:22:20 | 000,161,792 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/16 13:21:51 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/16 13:21:51 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/12/16 13:14:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/27 17:53:56 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/11/27 17:53:55 | 000,000,341 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/11/24 23:01:07 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/11/24 22:59:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/11/24 22:56:07 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/24 22:55:25 | 000,550,912 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2006/11/24 22:55:25 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/11/24 22:55:25 | 000,042,040 | ---- | C] () -- C:\WINDOWS\PatchWnd.exe
[2006/11/24 22:55:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2006/11/24 22:55:25 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/11/24 22:55:25 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006/11/24 22:55:04 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/11/24 22:50:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/24 22:33:58 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2006/11/24 22:18:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/24 22:18:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/11/24 22:18:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/11/24 22:18:25 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/11/24 22:18:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/11/24 22:18:13 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/11/24 22:17:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/11/24 22:17:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/11/24 22:16:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/11/24 22:16:05 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/08/10 09:33:30 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/10 09:33:28 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/10 09:33:28 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/10 09:33:27 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/10 09:33:25 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/10 09:33:25 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/10 09:33:25 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/10 09:33:25 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/10 09:33:21 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/10 09:33:21 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/10 09:33:20 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/06/21 03:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 03:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 03:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 03:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 03:24:58 | 000,001,276 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 03:24:57 | 000,000,521 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 03:23:22 | 000,521,852 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 03:23:22 | 000,097,188 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/16 20:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 20:30:47 | 000,286,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS

========== LOP Check ==========

[2011/12/26 18:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2011/12/26 18:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2006/11/24 23:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/06/16 17:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/11/02 12:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/11/15 04:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/03/15 07:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/08 20:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/11/22 09:54:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/11/21 16:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/11/21 16:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/12/24 10:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo(2)
[2011/12/11 17:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Invoice Expert
[2010/08/21 14:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2010/12/31 12:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/12/30 16:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/03/04 19:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/03/04 19:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/02/07 17:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2010/03/04 19:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
[2011/11/29 15:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/02/12 14:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/03/04 19:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
[2009/12/24 10:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems(2)
[2006/12/16 13:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/11/24 23:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2009/10/27 19:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Any Video Converter
[2011/06/16 16:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Azureus
[2011/11/20 18:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\com.acrobat.createpdf.CreatePDFDesktop
[2010/10/10 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/08 20:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\DAEMON Tools Lite
[2010/01/31 20:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\enchant
[2009/10/21 13:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\FreeVideoConverter
[2010/03/04 18:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\GetRightToGo
[2010/12/31 15:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\gtk-2.0
[2010/08/07 17:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\inkscape
[2010/01/03 18:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Leadertech
[2007/04/10 18:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Microgaming
[2008/11/24 19:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Nvu
[2010/02/21 10:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\OpenOffice.org
[2009/10/15 16:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\OxelonMC
[2011/12/11 23:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\PrimoPDF
[2006/11/24 23:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\SampleView
[2010/10/26 08:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\SecondLife
[2009/03/31 06:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Skinux
[2011/07/29 11:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\SmartDraw
[2007/01/26 23:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Template
[2007/10/03 09:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Viewpoint
[2011/12/19 22:41:32 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-13 14:40:33

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >

#30
CompCav

Posted 27 December 2011 - 10:35 PM

Member 5k

Expert
12,454 posts

My next post to you will involve another multi-step fix, many times when there are multiple malwares the elimination of some of them reveal others. My instructor must review my post, so my next post will be tomorrow about the same time as I posted today.

CompCav