Jump to content

erasmus

Members
  • Posts

    31
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, I keep getting a pop up message saying that avcenter.exe is infected with Trojan-BNK.Win.Keylogger.gen. Would you please be kind enough to advise. best regards, john
  2. No, everything else is fine. Many thanks for all your help.
  3. ok, everything uninstalled and java updated. One thing i have noticed is a lot of ads popping up on facebook that didn't before - ads for stuff like hotel rooms and flashing ads that i've won something.
  4. Hi, things running fine. The otl log is as follows: OTL logfile created on: 15/07/2011 20:46:41 - Run 3 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Merrett\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.25 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 71.28% Memory free 5.09 Gb Paging File | 4.27 Gb Available in Paging File | 83.89% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 460.87 Gb Total Space | 396.48 Gb Free Space | 86.03% Space Free | Partition Type: NTFS Computer Name: JMATTIC | User Name: John Merrett | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\John Merrett\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.) PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Dell Inc.) PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.) PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.) PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe (Sunbelt Software, Inc.) PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\John Merrett\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (DLPWD) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.) SRV - (SPF4) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.) SRV - (SbPF.Launcher) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.) SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (DLSDB) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SbFw) -- C:\WINDOWS\system32\drivers\SbFw.sys (Sunbelt Software, Inc.) DRV - (sbhips) -- C:\WINDOWS\system32\drivers\sbhips.sys (Sunbelt Software, Inc.) DRV - (SBFWIMCL) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (Sunbelt Software, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron ) DRV - (m5288) -- C:\WINDOWS\system32\DRIVERS\m5288.sys (ULi Electronics Inc.) DRV - (m5287) -- C:\WINDOWS\system32\DRIVERS\m5287.sys (ULi Electronics Inc.) DRV - (m5289) -- C:\WINDOWS\system32\DRIVERS\m5289.sys (ULi Electronics Inc.) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (SI3114r) -- C:\WINDOWS\system32\DRIVERS\SI3114R.sys (Silicon Image, Inc) DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.) DRV - (SI3112r) -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys (Silicon Image, Inc) DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0 FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13 FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc697c5&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 7171 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 20:16:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/04 12:39:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/02/08 19:05:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011/07/12 10:17:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins [2010/01/11 16:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Extensions [2010/01/11 16:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/07/12 21:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions [2011/01/29 15:18:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/02/18 15:13:16 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF} [2011/07/12 21:39:44 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions\plugin@yontoo.com File not found (No name found) -- [2009/05/04 12:39:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/10/26 10:17:55 | 000,002,359 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml O1 HOSTS File: ([2011/07/14 15:27:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.) O4 - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.) O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\John Merrett\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/05/22 19:15:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/15 12:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/07/15 12:50:27 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\John Merrett\Desktop\esetsmartinstaller_enu.exe [2011/07/14 17:59:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/07/14 15:03:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/07/14 15:03:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/07/14 15:03:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/07/14 15:03:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/07/14 15:02:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/07/14 15:02:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John Merrett\Start Menu\Programs\Administrative Tools [2011/07/14 15:01:05 | 004,151,632 | R--- | C] (Swearware) -- C:\Documents and Settings\John Merrett\Desktop\ComboFix.exe [2011/07/14 14:46:49 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John Merrett\Desktop\TDSSKiller.exe [2011/07/14 10:04:06 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Merrett\Desktop\OTL.exe [2011/07/13 10:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2011/07/13 10:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM [2011/07/13 10:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2011/07/12 22:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2011/07/12 22:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2011/07/12 21:41:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2011/07/12 21:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage [2011/06/16 15:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InstaCodecs [2011/06/16 15:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\InstaCodecs [2011/06/16 10:11:58 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/15 20:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/07/15 16:15:47 | 000,000,306 | ---- | M] () -- C:\WINDOWS\hpbafd.ini [2011/07/15 12:50:27 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\John Merrett\Desktop\esetsmartinstaller_enu.exe [2011/07/15 10:40:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/07/15 09:51:00 | 000,012,640 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/15 09:50:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/14 15:27:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/07/14 15:07:05 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2011/07/14 15:01:10 | 004,151,632 | R--- | M] (Swearware) -- C:\Documents and Settings\John Merrett\Desktop\ComboFix.exe [2011/07/14 14:46:39 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gtezinexil.dat [2011/07/14 14:46:26 | 001,383,430 | ---- | M] () -- C:\Documents and Settings\John Merrett\Desktop\tdsskiller.zip [2011/07/14 13:29:50 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/07/14 13:02:33 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2011/07/14 13:00:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/07/14 10:15:40 | 000,302,592 | ---- | M] () -- C:\qmpn4v8n.exe [2011/07/14 10:10:38 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\John Merrett\Desktop\tmdwsyyb.exe [2011/07/14 10:09:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Sfoguqizevaxik.bin [2011/07/14 10:04:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Merrett\Desktop\OTL.exe [2011/07/13 10:46:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/07/12 22:30:52 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/07/11 16:58:52 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John Merrett\Desktop\TDSSKiller.exe [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/07/01 09:52:27 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011/07/01 09:52:27 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011/06/28 13:05:41 | 000,542,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/06/28 13:05:41 | 000,108,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/14 15:03:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/07/14 15:03:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/07/14 15:03:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/07/14 15:03:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/07/14 15:03:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/07/14 14:46:25 | 001,383,430 | ---- | C] () -- C:\Documents and Settings\John Merrett\Desktop\tdsskiller.zip [2011/07/14 13:02:33 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011/07/14 10:15:40 | 000,302,592 | ---- | C] () -- C:\qmpn4v8n.exe [2011/07/14 10:10:38 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\John Merrett\Desktop\tmdwsyyb.exe [2011/07/13 10:46:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/07/12 21:41:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gtezinexil.dat [2011/07/12 21:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sfoguqizevaxik.bin [2011/06/16 15:57:48 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011/02/08 14:00:54 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2011/02/08 14:00:54 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2011/02/08 14:00:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2011/02/08 14:00:54 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2011/02/07 12:11:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\housecall.guid.cache [2011/02/06 21:10:15 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe [2011/01/20 16:49:17 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\John Merrett\Application Data\start_pal [2010/02/28 18:36:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2010/01/11 16:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/10/22 18:09:19 | 000,000,306 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2009/06/30 21:36:12 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/08 15:51:21 | 000,000,001 | ---- | C] () -- C:\WINDOWS\msmark2.dat.vir [2009/06/08 14:30:59 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2009/06/08 12:53:10 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2009/06/08 12:53:09 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2007/11/17 13:15:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI [2007/11/15 13:34:05 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini [2007/11/15 13:34:04 | 000,027,136 | ---- | C] () -- C:\WINDOWS\toFront.dll [2007/11/15 13:34:04 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll [2007/11/15 12:51:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/11/15 12:14:53 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\fusioncache.dat [2007/11/08 10:27:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007/11/07 18:14:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2007/06/29 01:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/06/29 01:43:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2007/06/29 01:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/06/29 01:43:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2007/06/29 01:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/06/29 01:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin [2007/06/29 01:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/06/29 01:43:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2007/06/29 01:43:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2007/06/29 01:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007/05/23 02:34:18 | 000,002,679 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2007/05/23 02:13:09 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2007/05/23 02:13:09 | 000,542,818 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2007/05/23 02:13:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2007/05/23 02:13:09 | 000,108,050 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2007/05/23 02:13:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2007/05/23 02:13:09 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2007/05/23 02:13:09 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2007/05/23 02:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2007/05/23 02:13:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2007/05/23 02:13:08 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2007/05/23 02:13:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2007/05/23 02:13:05 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2007/05/22 20:09:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007/05/22 20:09:21 | 000,188,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/05/22 19:19:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2007/05/22 19:17:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2007/05/22 19:13:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2007/05/22 19:13:28 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2007/05/22 19:13:28 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2007/05/22 19:13:15 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2007/05/22 19:13:15 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2007/05/22 19:13:15 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini [2007/05/22 19:13:14 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2004/08/13 03:56:20 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys ========== LOP Check ========== [2011/02/08 19:07:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/05/14 18:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\linnworks [2011/02/09 12:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2009/06/08 14:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2011/02/08 17:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/05/24 21:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TS Support [2007/09/29 15:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2009/06/08 20:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\dtuser [2009/06/08 14:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\pdf995 [2010/03/19 13:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\TeamViewer [2009/05/24 21:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\TS Support ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 < End of report >
  5. sorry for the delay. here's the eset scan: C:\Documents and Settings\LocalService\Application Data\S6Di447m.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\aXRSV2.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\cIeNm3T7.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\cmCCf.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\dKjrMerja.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\ESudkdV8.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\GOWtlb.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\H9odr.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\HH2CJkQi.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\hJjfm1IeM.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\IMHFZ3.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\JAtfxmzX1r.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\kLYIn.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\KtBTOURfE.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\LPvYvGnP7.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\MwKNrWLR.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\oSjdF1OVD9.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\P1XPE.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\q9M0vQ.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\Rd70LVmiO.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\RSya666j.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\S0S6tMgL.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\UD4381.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\VbGomio.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\VOJxzWa.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\wi9odN.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\wLS0t.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\WSgvKUK5e.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\x7rlLGRE.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\XmNj0l9.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\xQGFiD3MD9.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\XvQA5.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\yeHen3YY6L.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\yOHFL2.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\Z7kEm.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\ZxiKxB6yE.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\30\3190d05e-26076cdc Java/Agent.CV trojan deleted - quarantined C:\Program Files\PageRage\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir Win32/Adware.Yontoo.B application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Recycle.Bin\B6232F3A82E.exe.vir Win32/Spy.SpyEye.CA trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\ufawupucus.dll.vir a variant of Win32/Kryptik.NZL trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\wmsrot.dll.vir a variant of Win32/Kryptik.QFM trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{657D8F8D-8F01-4AA1-88FC-4169285A640E}\RP2\A0002170.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined C:\System Volume Information\_restore{657D8F8D-8F01-4AA1-88FC-4169285A640E}\RP2\A0002174.exe Win32/Spy.SpyEye.CA trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{657D8F8D-8F01-4AA1-88FC-4169285A640E}\RP2\A0002176.dll a variant of Win32/Kryptik.NZL trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{657D8F8D-8F01-4AA1-88FC-4169285A640E}\RP2\A0002177.dll a variant of Win32/Kryptik.QFM trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{657D8F8D-8F01-4AA1-88FC-4169285A640E}\RP3\A0002312.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined C:\WINDOWS\system32\345.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
  6. Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7143 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 15/07/2011 12:40:53 mbam-log-2011-07-15 (12-40-53).txt Scan type: Quick scan Objects scanned: 187568 Time elapsed: 4 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. Hi, there were 2 logs: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5722 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 09/02/2011 19:43:20 mbam-log-2011-02-09 (19-43-20).txt Scan type: Quick scan Objects scanned: 165751 Time elapsed: 2 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\3ETECE6I8G (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Rogue.Palladium) -> Value: Shell -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\fheydbueyj.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully. c:\WINDOWS\system32\sysloc (Trojan.BHO) -> Quarantined and deleted successfully. Files Infected: c:\documents and settings\john merrett\my documents\downloads\clickpotatoinstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\s3nr0egd\sd[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully. c:\WINDOWS\ro122366.dat (Worm.KoobFace) -> Quarantined and deleted successfully. c:\WINDOWS\ro122390.dat (Worm.KoobFace) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\documents and settings\john merrett\application data\asdfasfas.bat (Malware.Trace) -> Quarantined and deleted successfully.
  8. just ran tdskiller again and got this log: 2011/07/14 18:00:39.0562 0408 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/14 18:00:39.0750 0408 ================================================================================ 2011/07/14 18:00:39.0750 0408 SystemInfo: 2011/07/14 18:00:39.0750 0408 2011/07/14 18:00:39.0750 0408 OS Version: 5.1.2600 ServicePack: 3.0 2011/07/14 18:00:39.0750 0408 Product type: Workstation 2011/07/14 18:00:39.0750 0408 ComputerName: JMATTIC 2011/07/14 18:00:39.0750 0408 UserName: John Merrett 2011/07/14 18:00:39.0750 0408 Windows directory: C:\WINDOWS 2011/07/14 18:00:39.0750 0408 System windows directory: C:\WINDOWS 2011/07/14 18:00:39.0750 0408 Processor architecture: Intel x86 2011/07/14 18:00:39.0750 0408 Number of processors: 4 2011/07/14 18:00:39.0750 0408 Page size: 0x1000 2011/07/14 18:00:39.0750 0408 Boot type: Normal boot 2011/07/14 18:00:39.0750 0408 ================================================================================ 2011/07/14 18:00:40.0000 0408 Initialize success 2011/07/14 18:00:42.0000 0272 ================================================================================ 2011/07/14 18:00:42.0000 0272 Scan started 2011/07/14 18:00:42.0000 0272 Mode: Manual; 2011/07/14 18:00:42.0000 0272 ================================================================================ 2011/07/14 18:00:42.0218 0272 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/07/14 18:00:42.0265 0272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/07/14 18:00:42.0296 0272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/07/14 18:00:42.0312 0272 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/07/14 18:00:42.0375 0272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/07/14 18:00:42.0453 0272 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/07/14 18:00:42.0500 0272 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/07/14 18:00:42.0531 0272 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/07/14 18:00:42.0546 0272 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/07/14 18:00:42.0578 0272 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/07/14 18:00:42.0593 0272 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/07/14 18:00:42.0609 0272 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/07/14 18:00:42.0656 0272 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/07/14 18:00:42.0687 0272 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/07/14 18:00:42.0703 0272 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/07/14 18:00:42.0718 0272 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/07/14 18:00:42.0734 0272 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/07/14 18:00:42.0750 0272 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/07/14 18:00:42.0765 0272 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/07/14 18:00:42.0796 0272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/07/14 18:00:42.0812 0272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/07/14 18:00:42.0843 0272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/07/14 18:00:42.0875 0272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/07/14 18:00:42.0968 0272 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/07/14 18:00:42.0984 0272 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/07/14 18:00:43.0000 0272 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/07/14 18:00:43.0031 0272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/07/14 18:00:43.0046 0272 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/07/14 18:00:43.0062 0272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/07/14 18:00:43.0078 0272 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/07/14 18:00:43.0093 0272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/07/14 18:00:43.0093 0272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/07/14 18:00:43.0156 0272 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/07/14 18:00:43.0187 0272 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/07/14 18:00:43.0203 0272 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/07/14 18:00:43.0234 0272 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/07/14 18:00:43.0265 0272 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/07/14 18:00:43.0281 0272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/07/14 18:00:43.0328 0272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/07/14 18:00:43.0359 0272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/07/14 18:00:43.0375 0272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/07/14 18:00:43.0390 0272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/07/14 18:00:43.0406 0272 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/07/14 18:00:43.0421 0272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/07/14 18:00:43.0437 0272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/07/14 18:00:43.0468 0272 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys 2011/07/14 18:00:43.0500 0272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/07/14 18:00:43.0515 0272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/07/14 18:00:43.0531 0272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/07/14 18:00:43.0546 0272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/07/14 18:00:43.0562 0272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/07/14 18:00:43.0578 0272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/07/14 18:00:43.0593 0272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/07/14 18:00:43.0625 0272 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/07/14 18:00:43.0656 0272 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/07/14 18:00:43.0671 0272 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/07/14 18:00:43.0718 0272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/07/14 18:00:43.0734 0272 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/07/14 18:00:43.0750 0272 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/07/14 18:00:43.0765 0272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/07/14 18:00:43.0812 0272 iaStor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/07/14 18:00:43.0828 0272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/07/14 18:00:43.0875 0272 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/07/14 18:00:44.0000 0272 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/07/14 18:00:44.0046 0272 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/07/14 18:00:44.0078 0272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/07/14 18:00:44.0109 0272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/07/14 18:00:44.0125 0272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/07/14 18:00:44.0156 0272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/07/14 18:00:44.0171 0272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/07/14 18:00:44.0187 0272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/07/14 18:00:44.0218 0272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/07/14 18:00:44.0250 0272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/07/14 18:00:44.0265 0272 iteraid (c53360c1932904fe89c6be55378628cb) C:\WINDOWS\system32\DRIVERS\iteraid.sys 2011/07/14 18:00:44.0281 0272 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys 2011/07/14 18:00:44.0296 0272 JRAID (f4a31e66a61c0783f51157519b03280b) C:\WINDOWS\system32\DRIVERS\jraid.sys 2011/07/14 18:00:44.0328 0272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/07/14 18:00:44.0343 0272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/07/14 18:00:44.0359 0272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/07/14 18:00:44.0406 0272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/07/14 18:00:44.0437 0272 m5287 (87cf2d570f452a5c1b9fc5c5a44389a5) C:\WINDOWS\system32\DRIVERS\m5287.sys 2011/07/14 18:00:44.0453 0272 m5288 (485ed377977dc9661626aaab614504cf) C:\WINDOWS\system32\DRIVERS\m5288.sys 2011/07/14 18:00:44.0484 0272 m5289 (e1ca1ea9ad7c8c50ea533829a6854d63) C:\WINDOWS\system32\DRIVERS\m5289.sys 2011/07/14 18:00:44.0500 0272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/07/14 18:00:44.0531 0272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/07/14 18:00:44.0546 0272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/07/14 18:00:44.0578 0272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/07/14 18:00:44.0593 0272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/07/14 18:00:44.0609 0272 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/07/14 18:00:44.0625 0272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/07/14 18:00:44.0671 0272 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/07/14 18:00:44.0703 0272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/07/14 18:00:44.0718 0272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/07/14 18:00:44.0750 0272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/07/14 18:00:44.0765 0272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/07/14 18:00:44.0812 0272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/07/14 18:00:44.0828 0272 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/07/14 18:00:44.0843 0272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/07/14 18:00:44.0859 0272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/07/14 18:00:44.0859 0272 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/07/14 18:00:44.0921 0272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/07/14 18:00:44.0937 0272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/07/14 18:00:44.0968 0272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/07/14 18:00:44.0984 0272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/07/14 18:00:45.0015 0272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/07/14 18:00:45.0078 0272 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/07/14 18:00:45.0093 0272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/07/14 18:00:45.0125 0272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/07/14 18:00:45.0171 0272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/07/14 18:00:45.0359 0272 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/07/14 18:00:45.0515 0272 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys 2011/07/14 18:00:45.0531 0272 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/07/14 18:00:45.0562 0272 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/07/14 18:00:45.0578 0272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/07/14 18:00:45.0593 0272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/07/14 18:00:45.0609 0272 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/07/14 18:00:45.0625 0272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/07/14 18:00:45.0640 0272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/07/14 18:00:45.0656 0272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/07/14 18:00:45.0671 0272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/07/14 18:00:45.0687 0272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/07/14 18:00:45.0718 0272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/07/14 18:00:45.0781 0272 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/07/14 18:00:45.0796 0272 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/07/14 18:00:45.0843 0272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/07/14 18:00:45.0859 0272 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/07/14 18:00:45.0875 0272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/07/14 18:00:45.0890 0272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/07/14 18:00:45.0906 0272 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/07/14 18:00:45.0921 0272 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/07/14 18:00:45.0937 0272 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/07/14 18:00:45.0953 0272 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/07/14 18:00:45.0968 0272 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/07/14 18:00:45.0984 0272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/07/14 18:00:46.0000 0272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/07/14 18:00:46.0015 0272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/07/14 18:00:46.0031 0272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/07/14 18:00:46.0062 0272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/07/14 18:00:46.0062 0272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/07/14 18:00:46.0078 0272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/07/14 18:00:46.0109 0272 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/07/14 18:00:46.0140 0272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/07/14 18:00:46.0187 0272 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys 2011/07/14 18:00:46.0203 0272 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys 2011/07/14 18:00:46.0234 0272 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys 2011/07/14 18:00:46.0250 0272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/07/14 18:00:46.0265 0272 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/07/14 18:00:46.0281 0272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/07/14 18:00:46.0312 0272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/07/14 18:00:46.0359 0272 SI3112r (8fd2a1128f8f2fd340c096719ad10246) C:\WINDOWS\system32\DRIVERS\SI3112r.sys 2011/07/14 18:00:46.0375 0272 SI3114r (19b8d029bce41c88fc53167726774502) C:\WINDOWS\system32\DRIVERS\SI3114R.sys 2011/07/14 18:00:46.0390 0272 SiFilter (e393a2822fdbb3ec3648fd64e54cdda0) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys 2011/07/14 18:00:46.0437 0272 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/07/14 18:00:46.0468 0272 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/07/14 18:00:46.0500 0272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/07/14 18:00:46.0546 0272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/07/14 18:00:46.0578 0272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/07/14 18:00:46.0609 0272 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/07/14 18:00:46.0609 0272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/07/14 18:00:46.0625 0272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/07/14 18:00:46.0640 0272 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/07/14 18:00:46.0656 0272 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/07/14 18:00:46.0671 0272 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/07/14 18:00:46.0703 0272 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/07/14 18:00:46.0734 0272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/07/14 18:00:46.0781 0272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/07/14 18:00:46.0828 0272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/07/14 18:00:46.0828 0272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/07/14 18:00:46.0843 0272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/07/14 18:00:46.0875 0272 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/07/14 18:00:46.0906 0272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/07/14 18:00:46.0921 0272 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/07/14 18:00:46.0968 0272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/07/14 18:00:47.0015 0272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/07/14 18:00:47.0031 0272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/07/14 18:00:47.0062 0272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/07/14 18:00:47.0062 0272 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/07/14 18:00:47.0109 0272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/07/14 18:00:47.0140 0272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/07/14 18:00:47.0171 0272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/07/14 18:00:47.0203 0272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/07/14 18:00:47.0218 0272 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/07/14 18:00:47.0250 0272 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/07/14 18:00:47.0265 0272 viamraid (65864aba65eee06ea586009301834e43) C:\WINDOWS\system32\DRIVERS\viamraid.sys 2011/07/14 18:00:47.0296 0272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/07/14 18:00:47.0328 0272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/07/14 18:00:47.0343 0272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/07/14 18:00:47.0406 0272 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/07/14 18:00:47.0437 0272 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/07/14 18:00:47.0468 0272 MBR (0x1B8) (564fd35314278444c09289c7d23e0635) \Device\Harddisk0\DR0 2011/07/14 18:00:47.0515 0272 Boot (0x1200) (2b775db2c3f04c9044bf673eff506911) \Device\Harddisk0\DR0\Partition0 2011/07/14 18:00:47.0515 0272 ================================================================================ 2011/07/14 18:00:47.0515 0272 Scan finished 2011/07/14 18:00:47.0515 0272 ================================================================================ 2011/07/14 18:00:47.0515 1948 Detected object count: 0 2011/07/14 18:00:47.0515 1948 Actual detected object count: 0 2011/07/14 18:00:58.0140 0792 Deinitialize success
  9. I beg your pardon. The only other log i have is as follows: 2011/07/14 14:48:46.0312 4476 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/14 14:48:46.0328 4476 ================================================================================ 2011/07/14 14:48:46.0328 4476 SystemInfo: 2011/07/14 14:48:46.0328 4476 2011/07/14 14:48:46.0328 4476 OS Version: 5.1.2600 ServicePack: 3.0 2011/07/14 14:48:46.0328 4476 Product type: Workstation 2011/07/14 14:48:46.0328 4476 ComputerName: JMATTIC 2011/07/14 14:48:46.0328 4476 UserName: John Merrett 2011/07/14 14:48:46.0328 4476 Windows directory: C:\WINDOWS 2011/07/14 14:48:46.0328 4476 System windows directory: C:\WINDOWS 2011/07/14 14:48:46.0328 4476 Processor architecture: Intel x86 2011/07/14 14:48:46.0328 4476 Number of processors: 4 2011/07/14 14:48:46.0328 4476 Page size: 0x1000 2011/07/14 14:48:46.0328 4476 Boot type: Normal boot 2011/07/14 14:48:46.0328 4476 ================================================================================ 2011/07/14 14:48:46.0578 4476 Initialize success 2011/07/14 14:49:01.0828 3652 ================================================================================ 2011/07/14 14:49:01.0828 3652 Scan started 2011/07/14 14:49:01.0828 3652 Mode: Manual; 2011/07/14 14:49:01.0828 3652 ================================================================================ 2011/07/14 14:49:02.0000 3652 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/07/14 14:49:02.0046 3652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/07/14 14:49:02.0078 3652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/07/14 14:49:02.0093 3652 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/07/14 14:49:02.0125 3652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/07/14 14:49:02.0187 3652 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/07/14 14:49:02.0218 3652 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/07/14 14:49:02.0234 3652 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/07/14 14:49:02.0265 3652 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/07/14 14:49:02.0296 3652 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/07/14 14:49:02.0296 3652 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/07/14 14:49:02.0312 3652 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/07/14 14:49:02.0328 3652 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/07/14 14:49:02.0343 3652 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/07/14 14:49:02.0359 3652 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/07/14 14:49:02.0375 3652 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/07/14 14:49:02.0390 3652 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/07/14 14:49:02.0390 3652 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/07/14 14:49:02.0406 3652 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/07/14 14:49:02.0437 3652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/07/14 14:49:02.0453 3652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/07/14 14:49:02.0468 3652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/07/14 14:49:02.0500 3652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/07/14 14:49:02.0578 3652 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/07/14 14:49:02.0578 3652 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/07/14 14:49:02.0609 3652 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/07/14 14:49:02.0625 3652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/07/14 14:49:02.0656 3652 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/07/14 14:49:02.0671 3652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/07/14 14:49:02.0671 3652 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/07/14 14:49:02.0687 3652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/07/14 14:49:02.0703 3652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/07/14 14:49:02.0734 3652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/07/14 14:49:02.0765 3652 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/07/14 14:49:02.0781 3652 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/07/14 14:49:02.0781 3652 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/07/14 14:49:02.0796 3652 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/07/14 14:49:02.0812 3652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/07/14 14:49:02.0859 3652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/07/14 14:49:02.0890 3652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/07/14 14:49:02.0906 3652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/07/14 14:49:02.0906 3652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/07/14 14:49:02.0937 3652 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/07/14 14:49:02.0953 3652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/07/14 14:49:02.0968 3652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/07/14 14:49:02.0984 3652 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys 2011/07/14 14:49:03.0015 3652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/07/14 14:49:03.0031 3652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/07/14 14:49:03.0046 3652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/07/14 14:49:03.0046 3652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/07/14 14:49:03.0062 3652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/07/14 14:49:03.0078 3652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/07/14 14:49:03.0078 3652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/07/14 14:49:03.0093 3652 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/07/14 14:49:03.0125 3652 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/07/14 14:49:03.0156 3652 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/07/14 14:49:03.0187 3652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/07/14 14:49:03.0203 3652 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/07/14 14:49:03.0234 3652 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/07/14 14:49:03.0250 3652 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/07/14 14:49:03.0281 3652 iaStor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/07/14 14:49:03.0312 3652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/07/14 14:49:03.0328 3652 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/07/14 14:49:03.0468 3652 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/07/14 14:49:03.0578 3652 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/07/14 14:49:03.0593 3652 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/07/14 14:49:03.0625 3652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/07/14 14:49:03.0640 3652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/07/14 14:49:03.0671 3652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/07/14 14:49:03.0703 3652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/07/14 14:49:03.0718 3652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/07/14 14:49:03.0750 3652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/07/14 14:49:03.0796 3652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/07/14 14:49:03.0843 3652 iteraid (c53360c1932904fe89c6be55378628cb) C:\WINDOWS\system32\DRIVERS\iteraid.sys 2011/07/14 14:49:03.0859 3652 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys 2011/07/14 14:49:03.0859 3652 JRAID (f4a31e66a61c0783f51157519b03280b) C:\WINDOWS\system32\DRIVERS\jraid.sys 2011/07/14 14:49:03.0890 3652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/07/14 14:49:03.0906 3652 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/07/14 14:49:03.0921 3652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/07/14 14:49:03.0953 3652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/07/14 14:49:03.0984 3652 m5287 (87cf2d570f452a5c1b9fc5c5a44389a5) C:\WINDOWS\system32\DRIVERS\m5287.sys 2011/07/14 14:49:04.0000 3652 m5288 (485ed377977dc9661626aaab614504cf) C:\WINDOWS\system32\DRIVERS\m5288.sys 2011/07/14 14:49:04.0015 3652 m5289 (e1ca1ea9ad7c8c50ea533829a6854d63) C:\WINDOWS\system32\DRIVERS\m5289.sys 2011/07/14 14:49:04.0031 3652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/07/14 14:49:04.0046 3652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/07/14 14:49:04.0062 3652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/07/14 14:49:04.0093 3652 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/07/14 14:49:04.0109 3652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/07/14 14:49:04.0109 3652 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/07/14 14:49:04.0156 3652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/07/14 14:49:04.0218 3652 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/07/14 14:49:04.0234 3652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/07/14 14:49:04.0265 3652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/07/14 14:49:04.0281 3652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/07/14 14:49:04.0312 3652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/07/14 14:49:04.0328 3652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/07/14 14:49:04.0343 3652 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/07/14 14:49:04.0359 3652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/07/14 14:49:04.0375 3652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/07/14 14:49:04.0390 3652 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/07/14 14:49:04.0421 3652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/07/14 14:49:04.0453 3652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/07/14 14:49:04.0468 3652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/07/14 14:49:04.0484 3652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/07/14 14:49:04.0500 3652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/07/14 14:49:04.0562 3652 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/07/14 14:49:04.0593 3652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/07/14 14:49:04.0625 3652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/07/14 14:49:04.0656 3652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/07/14 14:49:04.0843 3652 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/07/14 14:49:04.0953 3652 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys 2011/07/14 14:49:04.0968 3652 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/07/14 14:49:05.0000 3652 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/07/14 14:49:05.0015 3652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/07/14 14:49:05.0015 3652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/07/14 14:49:05.0046 3652 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/07/14 14:49:05.0062 3652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/07/14 14:49:05.0078 3652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/07/14 14:49:05.0093 3652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/07/14 14:49:05.0109 3652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/07/14 14:49:05.0125 3652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/07/14 14:49:05.0140 3652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/07/14 14:49:05.0187 3652 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/07/14 14:49:05.0203 3652 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/07/14 14:49:05.0250 3652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/07/14 14:49:05.0265 3652 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/07/14 14:49:05.0281 3652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/07/14 14:49:05.0296 3652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/07/14 14:49:05.0296 3652 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/07/14 14:49:05.0312 3652 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/07/14 14:49:05.0312 3652 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/07/14 14:49:05.0328 3652 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/07/14 14:49:05.0343 3652 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/07/14 14:49:05.0359 3652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/07/14 14:49:05.0359 3652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/07/14 14:49:05.0375 3652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/07/14 14:49:05.0406 3652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/07/14 14:49:05.0437 3652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/07/14 14:49:05.0484 3652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/07/14 14:49:05.0500 3652 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/07/14 14:49:05.0531 3652 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/07/14 14:49:05.0546 3652 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/07/14 14:49:05.0578 3652 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys 2011/07/14 14:49:05.0593 3652 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys 2011/07/14 14:49:05.0625 3652 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys 2011/07/14 14:49:05.0656 3652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/07/14 14:49:05.0656 3652 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/07/14 14:49:05.0671 3652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/07/14 14:49:05.0687 3652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/07/14 14:49:05.0718 3652 SI3112r (8fd2a1128f8f2fd340c096719ad10246) C:\WINDOWS\system32\DRIVERS\SI3112r.sys 2011/07/14 14:49:05.0718 3652 SI3114r (19b8d029bce41c88fc53167726774502) C:\WINDOWS\system32\DRIVERS\SI3114R.sys 2011/07/14 14:49:05.0734 3652 SiFilter (e393a2822fdbb3ec3648fd64e54cdda0) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys 2011/07/14 14:49:05.0781 3652 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/07/14 14:49:05.0796 3652 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/07/14 14:49:05.0828 3652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/07/14 14:49:05.0875 3652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/07/14 14:49:05.0906 3652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/07/14 14:49:05.0937 3652 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/07/14 14:49:05.0937 3652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/07/14 14:49:05.0953 3652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/07/14 14:49:05.0968 3652 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/07/14 14:49:05.0984 3652 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/07/14 14:49:06.0000 3652 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/07/14 14:49:06.0000 3652 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/07/14 14:49:06.0046 3652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/07/14 14:49:06.0078 3652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/07/14 14:49:06.0109 3652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/07/14 14:49:06.0125 3652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/07/14 14:49:06.0125 3652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/07/14 14:49:06.0156 3652 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/07/14 14:49:06.0187 3652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/07/14 14:49:06.0203 3652 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/07/14 14:49:06.0203 3652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/07/14 14:49:06.0234 3652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/07/14 14:49:06.0265 3652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/07/14 14:49:06.0265 3652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/07/14 14:49:06.0281 3652 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/07/14 14:49:06.0312 3652 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/07/14 14:49:06.0343 3652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/07/14 14:49:06.0375 3652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/07/14 14:49:06.0375 3652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/07/14 14:49:06.0406 3652 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/07/14 14:49:06.0437 3652 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/07/14 14:49:06.0468 3652 viamraid (65864aba65eee06ea586009301834e43) C:\WINDOWS\system32\DRIVERS\viamraid.sys 2011/07/14 14:49:06.0500 3652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/07/14 14:49:06.0515 3652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/07/14 14:49:06.0546 3652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/07/14 14:49:06.0609 3652 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/07/14 14:49:06.0625 3652 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/07/14 14:49:06.0640 3652 MBR (0x1B8) (035ce1c0bf49cb716bd6db7a4cf480b7) \Device\Harddisk0\DR0 2011/07/14 14:49:06.0656 3652 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/07/14 14:49:06.0671 3652 Boot (0x1200) (2b775db2c3f04c9044bf673eff506911) \Device\Harddisk0\DR0\Partition0 2011/07/14 14:49:06.0671 3652 ================================================================================ 2011/07/14 14:49:06.0671 3652 Scan finished 2011/07/14 14:49:06.0671 3652 ================================================================================ 2011/07/14 14:49:06.0671 4624 Detected object count: 1 2011/07/14 14:49:06.0671 4624 Actual detected object count: 1 2011/07/14 14:49:26.0546 4624 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/07/14 14:49:26.0546 4624 \Device\Harddisk0\DR0 - ok 2011/07/14 14:49:26.0546 4624 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/07/14 14:49:36.0921 3748 Deinitialize success
  10. 2011/07/14 16:02:49.0546 5456 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/14 16:02:49.0734 5456 ================================================================================ 2011/07/14 16:02:49.0734 5456 SystemInfo: 2011/07/14 16:02:49.0734 5456 2011/07/14 16:02:49.0734 5456 OS Version: 5.1.2600 ServicePack: 3.0 2011/07/14 16:02:49.0734 5456 Product type: Workstation 2011/07/14 16:02:49.0734 5456 ComputerName: JMATTIC 2011/07/14 16:02:49.0734 5456 UserName: John Merrett 2011/07/14 16:02:49.0734 5456 Windows directory: C:\WINDOWS 2011/07/14 16:02:49.0734 5456 System windows directory: C:\WINDOWS 2011/07/14 16:02:49.0734 5456 Processor architecture: Intel x86 2011/07/14 16:02:49.0734 5456 Number of processors: 4 2011/07/14 16:02:49.0734 5456 Page size: 0x1000 2011/07/14 16:02:49.0734 5456 Boot type: Normal boot 2011/07/14 16:02:49.0734 5456 ================================================================================ 2011/07/14 16:02:49.0984 5456 Initialize success 2011/07/14 16:02:52.0203 5576 ================================================================================ 2011/07/14 16:02:52.0203 5576 Scan started 2011/07/14 16:02:52.0203 5576 Mode: Manual; 2011/07/14 16:02:52.0203 5576 ================================================================================ 2011/07/14 16:02:52.0593 5576 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/07/14 16:02:52.0640 5576 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/07/14 16:02:52.0687 5576 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/07/14 16:02:52.0687 5576 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/07/14 16:02:52.0765 5576 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/07/14 16:02:52.0812 5576 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/07/14 16:02:52.0921 5576 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/07/14 16:02:52.0953 5576 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/07/14 16:02:52.0968 5576 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/07/14 16:02:53.0000 5576 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/07/14 16:02:53.0015 5576 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/07/14 16:02:53.0031 5576 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/07/14 16:02:53.0062 5576 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/07/14 16:02:53.0078 5576 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/07/14 16:02:53.0093 5576 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/07/14 16:02:53.0125 5576 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/07/14 16:02:53.0140 5576 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/07/14 16:02:53.0156 5576 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/07/14 16:02:53.0171 5576 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/07/14 16:02:53.0203 5576 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/07/14 16:02:53.0218 5576 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/07/14 16:02:53.0250 5576 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/07/14 16:02:53.0281 5576 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/07/14 16:02:53.0375 5576 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/07/14 16:02:53.0390 5576 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/07/14 16:02:53.0406 5576 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/07/14 16:02:53.0437 5576 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/07/14 16:02:53.0468 5576 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/07/14 16:02:53.0484 5576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/07/14 16:02:53.0484 5576 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/07/14 16:02:53.0500 5576 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/07/14 16:02:53.0515 5576 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/07/14 16:02:53.0546 5576 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/07/14 16:02:53.0578 5576 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/07/14 16:02:53.0593 5576 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/07/14 16:02:53.0625 5576 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/07/14 16:02:53.0640 5576 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/07/14 16:02:53.0671 5576 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/07/14 16:02:53.0718 5576 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/07/14 16:02:53.0765 5576 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/07/14 16:02:53.0781 5576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/07/14 16:02:53.0796 5576 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/07/14 16:02:53.0828 5576 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/07/14 16:02:53.0843 5576 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/07/14 16:02:53.0859 5576 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/07/14 16:02:53.0890 5576 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys 2011/07/14 16:02:53.0921 5576 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/07/14 16:02:53.0953 5576 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/07/14 16:02:53.0968 5576 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/07/14 16:02:53.0984 5576 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/07/14 16:02:54.0015 5576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/07/14 16:02:54.0031 5576 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/07/14 16:02:54.0046 5576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/07/14 16:02:54.0078 5576 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/07/14 16:02:54.0109 5576 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/07/14 16:02:54.0125 5576 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/07/14 16:02:54.0171 5576 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/07/14 16:02:54.0187 5576 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/07/14 16:02:54.0234 5576 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/07/14 16:02:54.0234 5576 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/07/14 16:02:54.0281 5576 iaStor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/07/14 16:02:54.0296 5576 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/07/14 16:02:54.0312 5576 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/07/14 16:02:54.0453 5576 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/07/14 16:02:54.0515 5576 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/07/14 16:02:54.0531 5576 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/07/14 16:02:54.0562 5576 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/07/14 16:02:54.0578 5576 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/07/14 16:02:54.0609 5576 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/07/14 16:02:54.0625 5576 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/07/14 16:02:54.0656 5576 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/07/14 16:02:54.0687 5576 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/07/14 16:02:54.0718 5576 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/07/14 16:02:54.0734 5576 iteraid (c53360c1932904fe89c6be55378628cb) C:\WINDOWS\system32\DRIVERS\iteraid.sys 2011/07/14 16:02:54.0765 5576 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys 2011/07/14 16:02:54.0781 5576 JRAID (f4a31e66a61c0783f51157519b03280b) C:\WINDOWS\system32\DRIVERS\jraid.sys 2011/07/14 16:02:54.0812 5576 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/07/14 16:02:54.0828 5576 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/07/14 16:02:54.0859 5576 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/07/14 16:02:54.0906 5576 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/07/14 16:02:54.0968 5576 m5287 (87cf2d570f452a5c1b9fc5c5a44389a5) C:\WINDOWS\system32\DRIVERS\m5287.sys 2011/07/14 16:02:54.0984 5576 m5288 (485ed377977dc9661626aaab614504cf) C:\WINDOWS\system32\DRIVERS\m5288.sys 2011/07/14 16:02:55.0000 5576 m5289 (e1ca1ea9ad7c8c50ea533829a6854d63) C:\WINDOWS\system32\DRIVERS\m5289.sys 2011/07/14 16:02:55.0015 5576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/07/14 16:02:55.0046 5576 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/07/14 16:02:55.0062 5576 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/07/14 16:02:55.0093 5576 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/07/14 16:02:55.0109 5576 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/07/14 16:02:55.0125 5576 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/07/14 16:02:55.0140 5576 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/07/14 16:02:55.0203 5576 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/07/14 16:02:55.0218 5576 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/07/14 16:02:55.0250 5576 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/07/14 16:02:55.0281 5576 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/07/14 16:02:55.0296 5576 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/07/14 16:02:55.0328 5576 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/07/14 16:02:55.0343 5576 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/07/14 16:02:55.0359 5576 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/07/14 16:02:55.0375 5576 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/07/14 16:02:55.0375 5576 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/07/14 16:02:55.0390 5576 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/07/14 16:02:55.0406 5576 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/07/14 16:02:55.0437 5576 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/07/14 16:02:55.0468 5576 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/07/14 16:02:55.0484 5576 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/07/14 16:02:55.0531 5576 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/07/14 16:02:55.0562 5576 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/07/14 16:02:55.0609 5576 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/07/14 16:02:55.0640 5576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/07/14 16:02:55.0859 5576 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/07/14 16:02:56.0015 5576 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys 2011/07/14 16:02:56.0046 5576 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/07/14 16:02:56.0078 5576 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/07/14 16:02:56.0109 5576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/07/14 16:02:56.0125 5576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/07/14 16:02:56.0140 5576 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/07/14 16:02:56.0156 5576 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/07/14 16:02:56.0171 5576 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/07/14 16:02:56.0187 5576 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/07/14 16:02:56.0203 5576 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/07/14 16:02:56.0234 5576 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/07/14 16:02:56.0250 5576 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/07/14 16:02:56.0328 5576 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/07/14 16:02:56.0343 5576 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/07/14 16:02:56.0406 5576 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/07/14 16:02:56.0421 5576 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/07/14 16:02:56.0437 5576 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/07/14 16:02:56.0453 5576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/07/14 16:02:56.0468 5576 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/07/14 16:02:56.0484 5576 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/07/14 16:02:56.0500 5576 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/07/14 16:02:56.0515 5576 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/07/14 16:02:56.0531 5576 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/07/14 16:02:56.0546 5576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/07/14 16:02:56.0562 5576 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/07/14 16:02:56.0578 5576 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/07/14 16:02:56.0593 5576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/07/14 16:02:56.0625 5576 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/07/14 16:02:56.0640 5576 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/07/14 16:02:56.0656 5576 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/07/14 16:02:56.0718 5576 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/07/14 16:02:56.0750 5576 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/07/14 16:02:56.0796 5576 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys 2011/07/14 16:02:56.0812 5576 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys 2011/07/14 16:02:56.0828 5576 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys 2011/07/14 16:02:56.0875 5576 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/07/14 16:02:56.0890 5576 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/07/14 16:02:56.0906 5576 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/07/14 16:02:56.0937 5576 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/07/14 16:02:56.0968 5576 SI3112r (8fd2a1128f8f2fd340c096719ad10246) C:\WINDOWS\system32\DRIVERS\SI3112r.sys 2011/07/14 16:02:56.0984 5576 SI3114r (19b8d029bce41c88fc53167726774502) C:\WINDOWS\system32\DRIVERS\SI3114R.sys 2011/07/14 16:02:57.0015 5576 SiFilter (e393a2822fdbb3ec3648fd64e54cdda0) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys 2011/07/14 16:02:57.0062 5576 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/07/14 16:02:57.0093 5576 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/07/14 16:02:57.0125 5576 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/07/14 16:02:57.0171 5576 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/07/14 16:02:57.0218 5576 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/07/14 16:02:57.0234 5576 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/07/14 16:02:57.0250 5576 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/07/14 16:02:57.0265 5576 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/07/14 16:02:57.0296 5576 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/07/14 16:02:57.0312 5576 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/07/14 16:02:57.0328 5576 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/07/14 16:02:57.0343 5576 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/07/14 16:02:57.0375 5576 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/07/14 16:02:57.0437 5576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/07/14 16:02:57.0468 5576 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/07/14 16:02:57.0500 5576 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/07/14 16:02:57.0515 5576 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/07/14 16:02:57.0546 5576 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/07/14 16:02:57.0578 5576 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/07/14 16:02:57.0593 5576 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/07/14 16:02:57.0625 5576 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/07/14 16:02:57.0656 5576 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/07/14 16:02:57.0671 5576 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/07/14 16:02:57.0703 5576 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/07/14 16:02:57.0718 5576 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/07/14 16:02:57.0750 5576 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/07/14 16:02:57.0781 5576 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/07/14 16:02:57.0812 5576 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/07/14 16:02:57.0828 5576 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/07/14 16:02:57.0875 5576 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/07/14 16:02:57.0890 5576 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/07/14 16:02:57.0921 5576 viamraid (65864aba65eee06ea586009301834e43) C:\WINDOWS\system32\DRIVERS\viamraid.sys 2011/07/14 16:02:57.0953 5576 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/07/14 16:02:57.0968 5576 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/07/14 16:02:58.0000 5576 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/07/14 16:02:58.0078 5576 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/07/14 16:02:58.0109 5576 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/07/14 16:02:58.0140 5576 MBR (0x1B8) (035ce1c0bf49cb716bd6db7a4cf480b7) \Device\Harddisk0\DR0 2011/07/14 16:02:58.0156 5576 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/07/14 16:02:58.0156 5576 Boot (0x1200) (2b775db2c3f04c9044bf673eff506911) \Device\Harddisk0\DR0\Partition0 2011/07/14 16:02:58.0171 5576 ================================================================================ 2011/07/14 16:02:58.0171 5576 Scan finished 2011/07/14 16:02:58.0171 5576 ================================================================================ 2011/07/14 16:02:58.0171 5388 Detected object count: 1 2011/07/14 16:02:58.0171 5388 Actual detected object count: 1 2011/07/14 16:03:18.0859 5388 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/07/14 16:03:18.0859 5388 \Device\Harddisk0\DR0 - ok 2011/07/14 16:03:18.0859 5388 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/07/14 16:03:27.0109 5316 Deinitialize success
  11. ComboFix 11-07-13.04 - John Merrett 14/07/2011 15:11:29.4.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3326.2737 [GMT 1:00] Running from: c:\documents and settings\John Merrett\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FW: Sunbelt Personal Firewall *Disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Tarma Installer c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico c:\documents and settings\John Merrett\Local Settings\Application Data\{18795C75-AFFA-4E5B-8E86-78307203F8D3} c:\documents and settings\John Merrett\Local Settings\Application Data\{18795C75-AFFA-4E5B-8E86-78307203F8D3}\chrome.manifest c:\documents and settings\John Merrett\Local Settings\Application Data\{18795C75-AFFA-4E5B-8E86-78307203F8D3}\chrome\content\_cfg.js c:\documents and settings\John Merrett\Local Settings\Application Data\{18795C75-AFFA-4E5B-8E86-78307203F8D3}\chrome\content\overlay.xul c:\documents and settings\John Merrett\Local Settings\Application Data\{18795C75-AFFA-4E5B-8E86-78307203F8D3}\install.rdf C:\Recycle.Bin c:\recycle.bin\B6232F3A82E.exe c:\recycle.bin\BFFD213F479D787 c:\windows\$xntuninstall643$ c:\windows\$xntuninstall643$\apUninstall.exe c:\windows\ufawupucus.dll c:\windows\wmsrot.dll . . ((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 ))))))))))))))))))))))))))))))) . . 2011-07-14 09:15 . 2011-07-14 09:15 302592 ----a-w- C:\qmpn4v8n.exe 2011-07-13 17:11 . 2011-07-13 17:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira 2011-07-13 09:03 . 2011-07-13 09:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-07-12 20:41 . 2011-07-13 12:32 -------- d-----w- c:\windows\system32\NtmsData 2011-07-12 20:41 . 2011-07-14 09:09 0 ----a-w- c:\windows\Sfoguqizevaxik.bin 2011-07-12 20:39 . 2011-07-12 20:39 -------- d-----w- c:\program files\PageRage 2011-06-16 14:57 . 2010-03-31 17:43 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2011-06-16 14:57 . 2011-06-16 14:57 -------- d-----w- c:\program files\InstaCodecs 2011-06-16 09:11 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-01 08:52 . 2011-02-10 16:10 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-01 08:52 . 2011-02-10 16:10 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-06-02 14:02 . 2007-05-23 01:13 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 15:31 . 2007-05-22 18:14 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2007-05-23 01:13 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2007-05-23 01:13 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2007-05-23 01:13 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-26 11:07 . 2007-05-23 01:13 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-25 15:51 . 2007-05-23 01:13 832512 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 15:51 . 2009-06-08 16:35 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-04-25 15:51 . 2007-05-23 01:13 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 15:51 . 2007-05-23 01:13 17408 ----a-w- c:\windows\system32\corpol.dll 2011-04-25 12:01 . 2007-05-23 01:13 389120 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2007-05-23 01:13 105472 ----a-w- c:\windows\system32\drivers\mup.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2011-02-17 20:49 191488 ------w- c:\program files\PageRage\YontooIEClient.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-14 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432] "nwiz"="nwiz.exe" [2007-06-29 1626112] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2009-07-08 406840] "DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2009-07-08 243008] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\John Merrett\Start Menu\Programs\Startup\ Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2007-11-15 194775] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\MAC SNIFFER\\DHCP Sniffer-0.2.3.91b.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"= . R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [10/02/2011 17:38 270888] R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21/06/2008 05:54 66600] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/02/2011 17:10 136360] R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [16/09/2010 14:41 140184] R2 MSSQL$FINAWARE;SQL Server (FINAWARE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/12/2010 19:29 29293408] R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 08:24 95528] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [10/02/2011 17:38 65576] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 12:04 135664] S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 08:24 1365288] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 12:04 135664] S4 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [23/05/2007 02:32 24971] S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [23/05/2007 02:32 103680] S4 m5288;m5288;c:\windows\system32\drivers\m5288.sys [23/05/2007 02:32 210304] S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [23/05/2007 02:32 52480] S4 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [23/05/2007 02:32 89749] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 11:04] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 11:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc697c5&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q= . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Tlamexof - c:\windows\wmsrot.dll HKCU-Run-4Y3Y0C3AXF7XZA5VJBLRNKE - c:\recycle.bin\B6232F3A82E.exe HKLM-Run-bipro - (no file) HKLM-Run-Ajovanisap - c:\windows\ufawupucus.dll AddRemove-$XNTUninstall643$ - c:\windows\$XNTUninstall643$\apUninstall.exe AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-14 15:28 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: SAMSUNG_HD501LJ rev.CR100-11 -> Harddisk0\DR0 -> \Device\00000032 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AFF94D0]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8afff7d0]; MOV EAX, [0x8afff84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B09FAB8] 3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006d[0x8B094F18] 5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B03A030] \Driver\nvata[0x8B0C8C38] -> IRP_MJ_CREATE -> 0x8AFF94D0 error: Read Incorrect function. kernel: MBR read successfully _asm { XOR AX, AX; MOV ES, AX; MOV DS, AX; MOV SS, AX; MOV SP, 0x7c00; CLD ; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x100; REPNZ MOVSW ; JMP FAR 0x0:0x675; } detected disk devices: \Device\0000006b -> \??\IDE#DiskSAMSUNG_HD501LJ_________________________CR100-11#3053554D314A5044343936313537202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1036) c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(1096) c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(668) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll c:\program files\Microsoft Office\Office10\msohev.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-07-14 15:36:40 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-14 14:36 ComboFix2.txt 2011-02-11 15:27 . Pre-Run: 426,099,691,520 bytes free Post-Run: 426,455,932,928 bytes free . - - End Of File - - 0E1956454B7147B2B224A92A33875E08
  12. Hi, I would like to clean this machine & have followed your instructions. The logs are as follows: 2011/07/14 14:48:46.0312 4476 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/14 14:48:46.0328 4476 ================================================================================ 2011/07/14 14:48:46.0328 4476 SystemInfo: 2011/07/14 14:48:46.0328 4476 2011/07/14 14:48:46.0328 4476 OS Version: 5.1.2600 ServicePack: 3.0 2011/07/14 14:48:46.0328 4476 Product type: Workstation 2011/07/14 14:48:46.0328 4476 ComputerName: JMATTIC 2011/07/14 14:48:46.0328 4476 UserName: John Merrett 2011/07/14 14:48:46.0328 4476 Windows directory: C:\WINDOWS 2011/07/14 14:48:46.0328 4476 System windows directory: C:\WINDOWS 2011/07/14 14:48:46.0328 4476 Processor architecture: Intel x86 2011/07/14 14:48:46.0328 4476 Number of processors: 4 2011/07/14 14:48:46.0328 4476 Page size: 0x1000 2011/07/14 14:48:46.0328 4476 Boot type: Normal boot 2011/07/14 14:48:46.0328 4476 ================================================================================ 2011/07/14 14:48:46.0578 4476 Initialize success 2011/07/14 14:49:01.0828 3652 ================================================================================ 2011/07/14 14:49:01.0828 3652 Scan started 2011/07/14 14:49:01.0828 3652 Mode: Manual; 2011/07/14 14:49:01.0828 3652 ================================================================================ 2011/07/14 14:49:02.0000 3652 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/07/14 14:49:02.0046 3652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/07/14 14:49:02.0078 3652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/07/14 14:49:02.0093 3652 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/07/14 14:49:02.0125 3652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/07/14 14:49:02.0187 3652 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/07/14 14:49:02.0218 3652 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/07/14 14:49:02.0234 3652 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/07/14 14:49:02.0265 3652 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/07/14 14:49:02.0296 3652 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/07/14 14:49:02.0296 3652 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/07/14 14:49:02.0312 3652 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/07/14 14:49:02.0328 3652 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/07/14 14:49:02.0343 3652 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/07/14 14:49:02.0359 3652 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/07/14 14:49:02.0375 3652 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/07/14 14:49:02.0390 3652 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/07/14 14:49:02.0390 3652 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/07/14 14:49:02.0406 3652 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/07/14 14:49:02.0437 3652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/07/14 14:49:02.0453 3652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/07/14 14:49:02.0468 3652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/07/14 14:49:02.0500 3652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/07/14 14:49:02.0578 3652 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/07/14 14:49:02.0578 3652 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/07/14 14:49:02.0609 3652 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/07/14 14:49:02.0625 3652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/07/14 14:49:02.0656 3652 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/07/14 14:49:02.0671 3652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/07/14 14:49:02.0671 3652 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/07/14 14:49:02.0687 3652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/07/14 14:49:02.0703 3652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/07/14 14:49:02.0734 3652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/07/14 14:49:02.0765 3652 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/07/14 14:49:02.0781 3652 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/07/14 14:49:02.0781 3652 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/07/14 14:49:02.0796 3652 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/07/14 14:49:02.0812 3652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/07/14 14:49:02.0859 3652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/07/14 14:49:02.0890 3652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/07/14 14:49:02.0906 3652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/07/14 14:49:02.0906 3652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/07/14 14:49:02.0937 3652 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/07/14 14:49:02.0953 3652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/07/14 14:49:02.0968 3652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/07/14 14:49:02.0984 3652 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys 2011/07/14 14:49:03.0015 3652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/07/14 14:49:03.0031 3652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/07/14 14:49:03.0046 3652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/07/14 14:49:03.0046 3652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/07/14 14:49:03.0062 3652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/07/14 14:49:03.0078 3652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/07/14 14:49:03.0078 3652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/07/14 14:49:03.0093 3652 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/07/14 14:49:03.0125 3652 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/07/14 14:49:03.0156 3652 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/07/14 14:49:03.0187 3652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/07/14 14:49:03.0203 3652 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/07/14 14:49:03.0234 3652 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/07/14 14:49:03.0250 3652 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/07/14 14:49:03.0281 3652 iaStor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/07/14 14:49:03.0312 3652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/07/14 14:49:03.0328 3652 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/07/14 14:49:03.0468 3652 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/07/14 14:49:03.0578 3652 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/07/14 14:49:03.0593 3652 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/07/14 14:49:03.0625 3652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/07/14 14:49:03.0640 3652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/07/14 14:49:03.0671 3652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/07/14 14:49:03.0703 3652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/07/14 14:49:03.0718 3652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/07/14 14:49:03.0750 3652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/07/14 14:49:03.0796 3652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/07/14 14:49:03.0843 3652 iteraid (c53360c1932904fe89c6be55378628cb) C:\WINDOWS\system32\DRIVERS\iteraid.sys 2011/07/14 14:49:03.0859 3652 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys 2011/07/14 14:49:03.0859 3652 JRAID (f4a31e66a61c0783f51157519b03280b) C:\WINDOWS\system32\DRIVERS\jraid.sys 2011/07/14 14:49:03.0890 3652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/07/14 14:49:03.0906 3652 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/07/14 14:49:03.0921 3652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/07/14 14:49:03.0953 3652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/07/14 14:49:03.0984 3652 m5287 (87cf2d570f452a5c1b9fc5c5a44389a5) C:\WINDOWS\system32\DRIVERS\m5287.sys 2011/07/14 14:49:04.0000 3652 m5288 (485ed377977dc9661626aaab614504cf) C:\WINDOWS\system32\DRIVERS\m5288.sys 2011/07/14 14:49:04.0015 3652 m5289 (e1ca1ea9ad7c8c50ea533829a6854d63) C:\WINDOWS\system32\DRIVERS\m5289.sys 2011/07/14 14:49:04.0031 3652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/07/14 14:49:04.0046 3652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/07/14 14:49:04.0062 3652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/07/14 14:49:04.0093 3652 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/07/14 14:49:04.0109 3652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/07/14 14:49:04.0109 3652 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/07/14 14:49:04.0156 3652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/07/14 14:49:04.0218 3652 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/07/14 14:49:04.0234 3652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/07/14 14:49:04.0265 3652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/07/14 14:49:04.0281 3652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/07/14 14:49:04.0312 3652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/07/14 14:49:04.0328 3652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/07/14 14:49:04.0343 3652 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/07/14 14:49:04.0359 3652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/07/14 14:49:04.0375 3652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/07/14 14:49:04.0390 3652 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/07/14 14:49:04.0421 3652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/07/14 14:49:04.0453 3652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/07/14 14:49:04.0468 3652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/07/14 14:49:04.0484 3652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/07/14 14:49:04.0500 3652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/07/14 14:49:04.0562 3652 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/07/14 14:49:04.0593 3652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/07/14 14:49:04.0625 3652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/07/14 14:49:04.0656 3652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/07/14 14:49:04.0843 3652 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/07/14 14:49:04.0953 3652 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys 2011/07/14 14:49:04.0968 3652 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/07/14 14:49:05.0000 3652 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/07/14 14:49:05.0015 3652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/07/14 14:49:05.0015 3652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/07/14 14:49:05.0046 3652 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/07/14 14:49:05.0062 3652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/07/14 14:49:05.0078 3652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/07/14 14:49:05.0093 3652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/07/14 14:49:05.0109 3652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/07/14 14:49:05.0125 3652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/07/14 14:49:05.0140 3652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/07/14 14:49:05.0187 3652 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/07/14 14:49:05.0203 3652 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/07/14 14:49:05.0250 3652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/07/14 14:49:05.0265 3652 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/07/14 14:49:05.0281 3652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/07/14 14:49:05.0296 3652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/07/14 14:49:05.0296 3652 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/07/14 14:49:05.0312 3652 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/07/14 14:49:05.0312 3652 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/07/14 14:49:05.0328 3652 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/07/14 14:49:05.0343 3652 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/07/14 14:49:05.0359 3652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/07/14 14:49:05.0359 3652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/07/14 14:49:05.0375 3652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/07/14 14:49:05.0406 3652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/07/14 14:49:05.0437 3652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/07/14 14:49:05.0484 3652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/07/14 14:49:05.0500 3652 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/07/14 14:49:05.0531 3652 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/07/14 14:49:05.0546 3652 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/07/14 14:49:05.0578 3652 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys 2011/07/14 14:49:05.0593 3652 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys 2011/07/14 14:49:05.0625 3652 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys 2011/07/14 14:49:05.0656 3652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/07/14 14:49:05.0656 3652 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/07/14 14:49:05.0671 3652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/07/14 14:49:05.0687 3652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/07/14 14:49:05.0718 3652 SI3112r (8fd2a1128f8f2fd340c096719ad10246) C:\WINDOWS\system32\DRIVERS\SI3112r.sys 2011/07/14 14:49:05.0718 3652 SI3114r (19b8d029bce41c88fc53167726774502) C:\WINDOWS\system32\DRIVERS\SI3114R.sys 2011/07/14 14:49:05.0734 3652 SiFilter (e393a2822fdbb3ec3648fd64e54cdda0) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys 2011/07/14 14:49:05.0781 3652 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/07/14 14:49:05.0796 3652 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/07/14 14:49:05.0828 3652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/07/14 14:49:05.0875 3652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/07/14 14:49:05.0906 3652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/07/14 14:49:05.0937 3652 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/07/14 14:49:05.0937 3652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/07/14 14:49:05.0953 3652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/07/14 14:49:05.0968 3652 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/07/14 14:49:05.0984 3652 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/07/14 14:49:06.0000 3652 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/07/14 14:49:06.0000 3652 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/07/14 14:49:06.0046 3652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/07/14 14:49:06.0078 3652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/07/14 14:49:06.0109 3652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/07/14 14:49:06.0125 3652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/07/14 14:49:06.0125 3652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/07/14 14:49:06.0156 3652 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/07/14 14:49:06.0187 3652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/07/14 14:49:06.0203 3652 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/07/14 14:49:06.0203 3652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/07/14 14:49:06.0234 3652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/07/14 14:49:06.0265 3652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/07/14 14:49:06.0265 3652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/07/14 14:49:06.0281 3652 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/07/14 14:49:06.0312 3652 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/07/14 14:49:06.0343 3652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/07/14 14:49:06.0375 3652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/07/14 14:49:06.0375 3652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/07/14 14:49:06.0406 3652 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/07/14 14:49:06.0437 3652 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/07/14 14:49:06.0468 3652 viamraid (65864aba65eee06ea586009301834e43) C:\WINDOWS\system32\DRIVERS\viamraid.sys 2011/07/14 14:49:06.0500 3652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/07/14 14:49:06.0515 3652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/07/14 14:49:06.0546 3652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/07/14 14:49:06.0609 3652 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/07/14 14:49:06.0625 3652 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/07/14 14:49:06.0640 3652 MBR (0x1B8) (035ce1c0bf49cb716bd6db7a4cf480b7) \Device\Harddisk0\DR0 2011/07/14 14:49:06.0656 3652 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/07/14 14:49:06.0671 3652 Boot (0x1200) (2b775db2c3f04c9044bf673eff506911) \Device\Harddisk0\DR0\Partition0 2011/07/14 14:49:06.0671 3652 ================================================================================ 2011/07/14 14:49:06.0671 3652 Scan finished 2011/07/14 14:49:06.0671 3652 ================================================================================ 2011/07/14 14:49:06.0671 4624 Detected object count: 1 2011/07/14 14:49:06.0671 4624 Actual detected object count: 1 2011/07/14 14:49:26.0546 4624 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/07/14 14:49:26.0546 4624 \Device\Harddisk0\DR0 - ok 2011/07/14 14:49:26.0546 4624 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/07/14 14:49:36.0921 3748 Deinitialize success
  13. Hi, Firstly, many thanks for your help - much appreciated. I tried to post the contents of the results file, but the post was too long. I have attcahed the results file. best regards, john Results.log
  14. OTL Extras logfile created on: 09/02/2011 17:28:44 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\John Merrett\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 460.87 Gb Total Space | 400.05 Gb Free Space | 86.80% Space Free | Partition Type: NTFS Computer Name: JMATTIC | User Name: John Merrett | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "80:TCP" = 80:TCP:*:Enabled:SYSDLL "7171:TCP" = 7171:TCP:*:Enabled:SYSDLL "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation) "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.) "C:\Program Files\CyberLink\PowerDirector Express\PDX.exe" = C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express -- (CyberLink Corp.) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\MAC SNIFFER\DHCP Sniffer-0.2.3.91b.exe" = C:\MAC SNIFFER\DHCP Sniffer-0.2.3.91b.exe:*:Enabled:DHCP Sniffer -- (Solster) "C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox "C:\Documents and Settings\John Merrett\Local Settings\Temp\Rar$EX00.890\DHCP Sniffer-0.2.3.91b.exe" = C:\Documents and Settings\John Merrett\Local Settings\Temp\Rar$EX00.890\DHCP Sniffer-0.2.3.91b.exe:*:Enabled:DHCP Sniffer "C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Disabled:Java Web Start Launcher -- (Sun Microsystems, Inc.) "C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation) "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell Printer Software "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18FB61AB-2160-42CB-8FC6-F16F4D2A5465}" = Linnworks Order Management - Anywhere "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 17 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (FINAWARE) "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35A3A4F4-B792-11D6-A78A-00B0D0142130}" = Java 2 SDK, SE v1.4.2_13 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7CA4F780-7AD0-417A-82A1-46EB825CFD53}" = HP Managed Printing Admin "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABD16075-4780-4612-9E53-A6610BFB323C}" = MultiCharts "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{AC76BA86-7AD7-5A76-5A64-7E8A45000001}" = Adobe Reader Japanese Fonts "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{DD61FE64-6ACB-401D-9458-6F75BFF129C8}" = TradeStation 8.3 (Build 1419) "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011 "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard "274c5407c4fa26908310cb5c1c5000001954585180" = NetBeans IDE 5.0 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AVG" = AVG 2011 "HijackThis" = HijackThis 1.99.1 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "InstallShield_{DD61FE64-6ACB-401D-9458-6F75BFF129C8}" = TradeStation 8.3 (Build 1419) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mozilla Firefox 4.0b11 (x86 en-GB)" = Mozilla Firefox 4.0b11 (x86 en-GB) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MultiCharts" = MultiCharts "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Trader Workstation 4.0" = Trader Workstation 4.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEP" = XPS Essentials Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 4.0.0.320 "Trader Workstation" = Trader Workstation ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09/02/2011 09:41:54 | Computer Name = JMATTIC | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 09/02/2011 09:41:54 | Computer Name = JMATTIC | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error - 09/02/2011 10:58:54 | Computer Name = JMATTIC | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 09/02/2011 10:58:54 | Computer Name = JMATTIC | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error - 09/02/2011 11:29:55 | Computer Name = JMATTIC | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 09/02/2011 11:29:55 | Computer Name = JMATTIC | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error - 09/02/2011 12:33:54 | Computer Name = JMATTIC | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 09/02/2011 12:33:54 | Computer Name = JMATTIC | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error - 09/02/2011 13:20:55 | Computer Name = JMATTIC | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 09/02/2011 13:20:55 | Computer Name = JMATTIC | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. [ System Events ] Error - 09/02/2011 07:50:18 | Computer Name = JMATTIC | Source = DCOM | ID = 10020 Description = The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool. Error - 09/02/2011 07:50:18 | Computer Name = JMATTIC | Source = DCOM | ID = 10020 Description = The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool. Error - 09/02/2011 07:50:58 | Computer Name = JMATTIC | Source = DCOM | ID = 10020 Description = The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool. Error - 09/02/2011 07:50:58 | Computer Name = JMATTIC | Source = DCOM | ID = 10020 Description = The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool. Error - 09/02/2011 07:51:38 | Computer Name = JMATTIC | Source = DCOM | ID = 10020 Description = The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool. Error - 09/02/2011 08:02:32 | Computer Name = JMATTIC | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer VIRTUALXP-76148 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{34224414-543. The master browser is stopping or an election is being forced. Error - 09/02/2011 09:14:29 | Computer Name = JMATTIC | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer VIRTUALXP-76148 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{34224414-543. The master browser is stopping or an election is being forced. Error - 09/02/2011 10:26:22 | Computer Name = JMATTIC | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer VIRTUALXP-76148 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{34224414-543. The master browser is stopping or an election is being forced. Error - 09/02/2011 11:26:24 | Computer Name = JMATTIC | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer VIRTUALXP-76148 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{34224414-543. The master browser is stopping or an election is being forced. Error - 09/02/2011 12:37:05 | Computer Name = JMATTIC | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer VIRTUALXP-76148 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{34224414-543. The master browser is stopping or an election is being forced. < End of report >
  15. OTL logfile created on: 14/07/2011 10:06:09 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Merrett\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.25 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 79.38% Memory free 5.09 Gb Paging File | 4.51 Gb Available in Paging File | 88.68% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 460.87 Gb Total Space | 395.91 Gb Free Space | 85.90% Space Free | Partition Type: NTFS Computer Name: JMATTIC | User Name: John Merrett | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\John Merrett\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.) PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Dell Inc.) PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.) PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.) PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe (Sunbelt Software, Inc.) PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\John Merrett\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\ufawupucus.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (DLPWD) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.) SRV - (SPF4) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.) SRV - (SbPF.Launcher) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.) SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (DLSDB) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SbFw) -- C:\WINDOWS\system32\drivers\SbFw.sys (Sunbelt Software, Inc.) DRV - (sbhips) -- C:\WINDOWS\system32\drivers\sbhips.sys (Sunbelt Software, Inc.) DRV - (SBFWIMCL) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (Sunbelt Software, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron ) DRV - (m5288) -- C:\WINDOWS\system32\DRIVERS\m5288.sys (ULi Electronics Inc.) DRV - (m5287) -- C:\WINDOWS\system32\DRIVERS\m5287.sys (ULi Electronics Inc.) DRV - (m5289) -- C:\WINDOWS\system32\DRIVERS\m5289.sys (ULi Electronics Inc.) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (SI3114r) -- C:\WINDOWS\system32\DRIVERS\SI3114R.sys (Silicon Image, Inc) DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.) DRV - (SI3112r) -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys (Silicon Image, Inc) DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0 FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13 FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc697c5&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 7171 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 20:16:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/04 12:39:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/02/08 19:05:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{18795C75-AFFA-4E5B-8E86-78307203F8D3}: C:\Documents and Settings\John Merrett\Local Settings\Application Data\{18795C75-AFFA-4E5B-8E86-78307203F8D3} [2011/07/12 21:40:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011/07/12 10:17:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins [2010/01/11 16:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Extensions [2010/01/11 16:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/07/12 21:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions [2011/01/29 15:18:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/02/18 15:13:16 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF} [2011/07/12 21:39:44 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions\plugin@yontoo.com File not found (No name found) -- [2011/07/12 21:40:59 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\JOHN MERRETT\LOCAL SETTINGS\APPLICATION DATA\{18795C75-AFFA-4E5B-8E86-78307203F8D3} [2009/05/04 12:39:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/10/26 10:17:55 | 000,002,359 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml Hosts file not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\PageRage\YontooIEClient.dll (Yontoo Technology, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Ajovanisap] C:\WINDOWS\ufawupucus.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [bipro] File not found O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.) O4 - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.) O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe () O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [Tlamexof] C:\WINDOWS\wmsrot.dll (Greatis Software) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\John Merrett\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/05/22 19:15:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/14 10:04:06 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Merrett\Desktop\OTL.exe [2011/07/14 09:12:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2011/07/13 10:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2011/07/13 10:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM [2011/07/13 10:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2011/07/12 22:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2011/07/12 22:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2011/07/12 21:41:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2011/07/12 21:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\{18795C75-AFFA-4E5B-8E86-78307203F8D3} [2011/07/12 21:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2011/07/12 21:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage [2011/07/12 21:39:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\$XNTUninstall643$ [2011/06/16 15:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InstaCodecs [2011/06/16 15:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\InstaCodecs [2011/06/16 10:11:58 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/14 10:04:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Merrett\Desktop\OTL.exe [2011/07/14 09:40:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/07/14 09:11:06 | 000,012,640 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/14 09:10:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/07/14 09:10:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/13 17:44:59 | 000,000,305 | ---- | M] () -- C:\WINDOWS\hpbafd.ini [2011/07/13 17:07:52 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gtezinexil.dat [2011/07/13 10:46:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/07/13 10:08:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Sfoguqizevaxik.bin [2011/07/12 22:30:52 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/07/01 09:52:27 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011/07/01 09:52:27 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011/06/28 13:05:41 | 000,542,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/06/28 13:05:41 | 000,108,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/06/16 16:00:45 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2011/06/16 13:08:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/13 10:46:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/07/12 21:41:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gtezinexil.dat [2011/07/12 21:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sfoguqizevaxik.bin [2011/06/16 15:57:48 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011/02/10 13:44:00 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\dKjrMerja.js [2011/02/10 12:44:00 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\RSya666j.js [2011/02/10 11:44:00 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\wLS0t.js [2011/02/10 10:44:00 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\wi9odN.js [2011/02/10 09:44:00 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\HH2CJkQi.js [2011/02/10 08:44:00 | 000,015,200 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\LPvYvGnP7.js [2011/02/10 07:44:00 | 000,015,201 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WSgvKUK5e.js [2011/02/10 06:44:00 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\cIeNm3T7.js [2011/02/10 04:44:01 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\Rd70LVmiO.js [2011/02/10 03:44:00 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ZxiKxB6yE.js [2011/02/10 00:44:00 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\xQGFiD3MD9.js [2011/02/09 23:44:00 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\KtBTOURfE.js [2011/02/09 21:44:00 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\VOJxzWa.js [2011/02/09 20:44:03 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\XmNj0l9.js [2011/02/09 19:44:00 | 000,015,201 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\XvQA5.js [2011/02/09 18:44:00 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\GOWtlb.js [2011/02/09 17:44:02 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\yeHen3YY6L.js [2011/02/09 13:44:02 | 000,015,205 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\aXRSV2.js [2011/02/09 12:44:01 | 000,015,201 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\MwKNrWLR.js [2011/02/09 11:44:02 | 000,015,205 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\yOHFL2.js [2011/02/08 18:44:02 | 000,015,205 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ESudkdV8.js [2011/02/08 16:44:00 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\Z7kEm.js [2011/02/08 15:44:00 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\VbGomio.js [2011/02/08 14:44:01 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\P1XPE.js [2011/02/08 14:00:54 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2011/02/08 14:00:54 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2011/02/08 14:00:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2011/02/08 14:00:54 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2011/02/08 12:44:00 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\x7rlLGRE.js [2011/02/08 11:44:01 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\kLYIn.js [2011/02/07 22:44:09 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\H9odr.js [2011/02/07 21:44:04 | 000,015,205 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\JAtfxmzX1r.js [2011/02/07 16:44:00 | 000,015,205 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\S0S6tMgL.js [2011/02/07 15:44:01 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\hJjfm1IeM.js [2011/02/07 13:44:00 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\IMHFZ3.js [2011/02/07 12:44:00 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\oSjdF1OVD9.js [2011/02/07 12:11:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\housecall.guid.cache [2011/02/07 11:44:00 | 000,015,200 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\UD4381.js [2011/02/07 10:44:01 | 000,015,201 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\q9M0vQ.js [2011/02/06 21:10:15 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe [2011/02/06 19:44:02 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\S6Di447m.js [2011/02/03 11:44:03 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\cmCCf.js [2011/01/20 16:49:17 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\John Merrett\Application Data\start_pal [2010/02/28 18:36:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2010/01/11 16:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/10/22 18:09:19 | 000,000,305 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2009/06/30 21:36:12 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/08 15:51:21 | 000,000,001 | ---- | C] () -- C:\WINDOWS\msmark2.dat.vir [2009/06/08 14:30:59 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2009/06/08 12:53:10 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2009/06/08 12:53:09 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2007/11/17 13:15:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI [2007/11/15 13:34:05 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini [2007/11/15 13:34:04 | 000,027,136 | ---- | C] () -- C:\WINDOWS\toFront.dll [2007/11/15 13:34:04 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll [2007/11/15 12:51:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/11/15 12:14:53 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\fusioncache.dat [2007/11/08 10:27:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007/11/07 18:14:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2007/06/29 01:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/06/29 01:43:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2007/06/29 01:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/06/29 01:43:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2007/06/29 01:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/06/29 01:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin [2007/06/29 01:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/06/29 01:43:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2007/06/29 01:43:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2007/06/29 01:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007/05/23 02:34:18 | 000,002,679 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2007/05/23 02:13:10 | 000,359,424 | ---- | C] () -- C:\WINDOWS\ufawupucus.dll [2007/05/23 02:13:09 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2007/05/23 02:13:09 | 000,542,818 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2007/05/23 02:13:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2007/05/23 02:13:09 | 000,108,050 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2007/05/23 02:13:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2007/05/23 02:13:09 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2007/05/23 02:13:09 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2007/05/23 02:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2007/05/23 02:13:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2007/05/23 02:13:08 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2007/05/23 02:13:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2007/05/23 02:13:05 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2007/05/22 20:09:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007/05/22 20:09:21 | 000,188,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/05/22 19:19:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2007/05/22 19:17:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2007/05/22 19:13:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2007/05/22 19:13:28 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2007/05/22 19:13:28 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2007/05/22 19:13:15 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2007/05/22 19:13:15 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2007/05/22 19:13:15 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini [2007/05/22 19:13:14 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2004/08/13 03:56:20 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys ========== LOP Check ========== [2011/02/08 19:07:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/05/14 18:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\linnworks [2011/02/09 12:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2009/06/08 14:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2011/07/12 21:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2011/02/08 17:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/05/24 21:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TS Support [2007/09/29 15:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2009/06/08 20:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\dtuser [2009/06/08 14:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\pdf995 [2010/03/19 13:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\TeamViewer [2009/05/24 21:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\TS Support ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.