epoclick popups

[DoiC]

Hello,

I got windows 7 x64 professional for 1 week and Avira 30 days free trial.

Abot 3 days ago I noticed a party poker popup, and now about every 10-15 minutes when browsing internet a new tab opens with http://www.epoclick.com/?ad=1287830027 . Sometimes the link si called google-analytics then redirect to yahoo.com or other site.

I can't update Malwarebytes (MBAM_ERROR_UPDATING (12007,0,WinhhtpSendRequest) ) - rooter problem?

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/23/2010 2:20:59 PM

mbam-log-2010-10-23 (14-20-59).txt

Scan type: Quick scan

Objects scanned: 123282

Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

GMER found nothing - log is empty

attach.zip

[MrCharlie]

Welcome to the forum.

Are you using a router? MrC

[DoiC]

Yes. I was using a router, but now I pluged the internet cable right into PC and same problem.

Malwarebytes' Anti-Malware update is not working without router too

[MrCharlie]

Update and run a quick scan with MBAM.

You can download the latest MBAM definitions here

MrC

[DoiC]

When I try to download the definition from that link I get:

Internet Explorer cannot display the webpage

I asked a friend to download the update for me and send it throug skype. The update process was strangely fast, almost instant, I am not sure if it really updated. STill nothing found!

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4874

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/23/2010 3:36:55 PM

mbam-log-2010-10-23 (15-36-55).txt

Scan type: Quick scan

Objects scanned: 145712

Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[MrCharlie]

Please download OTL from the link below:

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the "Scan All Users" checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here:

OTListIt.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[DoiC]

Only one report opened: OTL.txt (I scanned 2 times to be sure)

OTL logfile created on: 10/23/2010 4:27:44 PM - Run 2

OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\DoiC\Downloads

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 72.00% Memory free

16.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 39.06 Gb Total Space | 5.71 Gb Free Space | 14.62% Space Free | Partition Type: NTFS

Drive D: | 117.19 Gb Total Space | 1.94 Gb Free Space | 1.66% Space Free | Partition Type: NTFS

Drive E: | 117.19 Gb Total Space | 0.29 Gb Free Space | 0.25% Space Free | Partition Type: NTFS

Drive F: | 115.69 Gb Total Space | 26.24 Gb Free Space | 22.68% Space Free | Partition Type: NTFS

Drive G: | 193.82 Gb Total Space | 28.80 Gb Free Space | 14.86% Space Free | Partition Type: NTFS

Drive H: | 115.69 Gb Total Space | 0.34 Gb Free Space | 0.30% Space Free | Partition Type: NTFS

Drive J: | 326.04 Gb Total Space | 96.09 Gb Free Space | 29.47% Space Free | Partition Type: NTFS

Drive K: | 292.97 Gb Total Space | 5.06 Gb Free Space | 1.73% Space Free | Partition Type: NTFS

Drive L: | 312.50 Gb Total Space | 127.38 Gb Free Space | 40.76% Space Free | Partition Type: NTFS

Computer Name: DOICROMOY | User Name: DoiC | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/23 16:18:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\DoiC\Downloads\OTL.com

PRC - [2010/10/18 03:04:31 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2010/10/18 03:04:22 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2010/10/18 03:04:20 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

PRC - [2010/10/18 03:04:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/10/18 03:04:18 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/10/15 23:37:47 | 002,748,416 | ---- | M] (Mikogo) -- C:\Users\DoiC\AppData\Roaming\Mikogo\Mikogo-Host.exe

PRC - [2010/10/15 11:42:18 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe

PRC - [2010/10/06 14:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

PRC - [2010/08/10 16:57:24 | 000,049,321 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe

PRC - [2010/07/12 19:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe

PRC - [2010/06/09 16:25:32 | 002,920,448 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFDTV\WFWIZ.exe

PRC - [2010/06/09 13:53:26 | 000,101,888 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2010/10/23 16:18:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\DoiC\Downloads\OTL.com

MOD - [2010/08/21 08:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/03 23:36:01 | 000,111,104 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe -- (postgresql-x64-9.0)

SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2010/10/18 03:04:31 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/10/18 03:04:22 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2010/10/18 03:04:20 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2010/10/18 03:04:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/10/15 23:39:06 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\DoiC\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service)

SRV - [2010/10/06 14:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/18 03:04:40 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2010/10/18 03:04:39 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/07/14 04:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/14 04:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 23:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/07/22 07:42:58 | 000,060,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)

DRV:64bit: - [2007/09/19 10:22:24 | 000,469,248 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cxavsvid.sys -- (CX88VID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2340287755-2909183757-1135167088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/

IE - HKU\S-1-5-21-2340287755-2909183757-1135167088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-2340287755-2909183757-1135167088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-2340287755-2909183757-1135167088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 CE 79 80 44 6C CB 01 [binary data]

IE - HKU\S-1-5-21-2340287755-2909183757-1135167088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2340287755-2909183757-1135167088-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-2340287755-2909183757-1135167088-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-2340287755-2909183757-1135167088-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 CE 79 80 44 6C CB 01 [binary data]

IE - HKU\S-1-5-21-2340287755-2909183757-1135167088-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2010/10/17 23:27:32 | 000,000,000 | ---D | M] -- C:\Users\DoiC\AppData\Roaming\Mozilla\Extensions

[2010/10/17 23:27:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DoiC\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2010/10/23 12:55:36 | 000,000,816 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKLM..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe (Leadtek Research Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2340287755-2909183757-1135167088-1001..\Run: [Mikogo] C:\Users\DoiC\AppData\Roaming\Mikogo\Mikogo-Host.exe (Mikogo)

O4 - HKU\S-1-5-21-2340287755-2909183757-1135167088-1001..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe (Leadtek Research Inc.)

O4 - HKU\S-1-5-21-2340287755-2909183757-1135167088-1003..\Run: [Mikogo] C:\Users\DoiC\AppData\Roaming\Mikogo\Mikogo-Host.exe (Mikogo)

O4 - HKU\S-1-5-21-2340287755-2909183757-1135167088-1003..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2340287755-2909183757-1135167088-1003..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe (Leadtek Research Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-21-2340287755-2909183757-1135167088-1003..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-21-2340287755-2909183757-1135167088-1001\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-21-2340287755-2909183757-1135167088-1001\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-21-2340287755-2909183757-1135167088-1003\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-21-2340287755-2909183757-1135167088-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O13 - gopher Prefix: missing

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (bootdelete) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-2340287755-2909183757-1135167088-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/10/23 15:51:08 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2010/10/23 15:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2010/10/23 15:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2010/10/23 15:31:08 | 006,259,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\DoiC\Desktop\mbam-rules.exe

[2010/10/23 13:28:51 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/10/23 13:10:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/10/23 12:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard

[2010/10/23 12:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3

[2010/10/23 12:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!

[2010/10/23 11:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010/10/23 10:35:01 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\Malwarebytes

[2010/10/23 10:34:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/10/23 10:34:54 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/10/23 10:34:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/10/23 10:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/10/21 20:28:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

[2010/10/21 20:20:10 | 000,000,000 | ---D | C] -- C:\Users\DoiC\.filestore

[2010/10/21 20:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\B2BPOKER

[2010/10/21 00:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Potraiser

[2010/10/20 23:45:41 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Local\Potraiser

[2010/10/20 23:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Potraiser

[2010/10/20 15:25:18 | 000,000,000 | ---D | C] -- C:\Users\DoiC\Documents\My Games

[2010/10/20 15:25:18 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Local\FalloutNV

[2010/10/20 15:10:45 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\DAEMON Tools Lite

[2010/10/20 15:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite

[2010/10/20 14:55:28 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\WinRAR

[2010/10/20 14:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010/10/20 10:57:47 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\HEM Data

[2010/10/19 16:46:47 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\gtk-2.0

[2010/10/19 16:38:51 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\.purple

[2010/10/19 16:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin

[2010/10/19 13:16:36 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Local\Diagnostics

[2010/10/19 12:54:25 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\vlc

[2010/10/19 12:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2010/10/18 22:24:15 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\TeamViewer

[2010/10/18 22:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer

[2010/10/18 22:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ventrilo

[2010/10/18 22:11:36 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\Ventrilo

[2010/10/18 22:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo

[2010/10/18 22:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2010/10/18 17:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2010/10/18 17:45:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2010/10/18 17:44:55 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll

[2010/10/18 17:44:55 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2010/10/18 17:44:55 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll

[2010/10/18 17:44:55 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2010/10/18 17:44:55 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2010/10/18 17:44:55 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2010/10/18 17:44:55 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll

[2010/10/18 17:44:55 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll

[2010/10/18 17:44:55 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll

[2010/10/18 17:44:54 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll

[2010/10/18 17:44:54 | 001,756,160 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll

[2010/10/18 17:44:54 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2010/10/18 17:44:54 | 000,334,848 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll

[2010/10/18 17:44:54 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll

[2010/10/18 17:44:54 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2010/10/18 17:44:54 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2010/10/18 17:44:54 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2010/10/18 17:44:54 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2010/10/18 17:44:54 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2010/10/18 17:44:54 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2010/10/18 17:44:53 | 001,325,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll

[2010/10/18 17:44:53 | 001,178,336 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll

[2010/10/18 17:44:53 | 001,110,240 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll

[2010/10/18 17:44:53 | 000,503,520 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll

[2010/10/18 17:44:53 | 000,489,696 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll

[2010/10/18 17:44:53 | 000,474,336 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll

[2010/10/18 17:44:53 | 000,338,336 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2010/10/18 17:44:53 | 000,315,616 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll

[2010/10/18 17:44:53 | 000,268,512 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll

[2010/10/18 17:44:53 | 000,265,440 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll

[2010/10/18 17:44:53 | 000,124,640 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll

[2010/10/18 17:44:53 | 000,124,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll

[2010/10/18 17:44:53 | 000,123,616 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll

[2010/10/18 17:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2010/10/18 17:44:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp

[2010/10/18 13:39:59 | 000,000,000 | ---D | C] -- C:\RedKings

[2010/10/18 12:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2010/10/18 12:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2010/10/18 12:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2010/10/18 12:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2010/10/18 11:42:36 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Local\P5

[2010/10/18 11:42:34 | 000,000,000 | ---D | C] -- C:\EuroBet

[2010/10/18 11:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent

[2010/10/18 11:11:50 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\uTorrent

[2010/10/18 03:19:08 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\Avira

[2010/10/18 03:08:18 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2010/10/18 03:08:18 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2010/10/18 03:08:18 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys

[2010/10/18 03:08:18 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys

[2010/10/18 03:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/10/18 03:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2010/10/18 00:39:52 | 000,000,000 | ---D | C] -- C:\PMAIL

[2010/10/17 23:46:34 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\The Bat!

[2010/10/17 23:27:32 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\Mozilla

[2010/10/17 23:27:30 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\Thunderbird

[2010/10/17 23:27:30 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Local\Thunderbird

[2010/10/17 22:52:29 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Local\Programs

[2010/10/16 01:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub

[2010/10/16 00:20:19 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\skypePM

[2010/10/16 00:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2010/10/16 00:19:18 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2010/10/16 00:19:18 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\Skype

[2010/10/16 00:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2010/10/15 23:37:48 | 000,000,000 | ---D | C] -- C:\Users\DoiC\Documents\Mikogo

[2010/10/15 23:37:47 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\Mikogo

[2010/10/15 23:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GR88

[2010/10/15 22:23:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2010/10/15 22:22:47 | 000,000,000 | -HSD | C] -- C:\Boot

[2010/10/15 21:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2010/10/15 21:27:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2010/10/15 21:24:32 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2010/10/15 21:23:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2010/10/15 20:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady

[2010/10/15 20:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2010/10/15 20:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2010/10/15 20:19:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/10/15 20:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2010/10/15 20:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2010/10/15 20:16:24 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2010/10/15 20:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2010/10/15 19:53:46 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Local\ArcSoft

[2010/10/15 19:52:44 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\ArcSoft

[2010/10/15 19:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft

[2010/10/15 19:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft

[2010/10/15 19:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems

[2010/10/15 19:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2010/10/15 19:52:21 | 000,000,000 | ---D | C] -- C:\Users\DoiC\Documents\WFRCConfig

[2010/10/15 19:52:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WinFast

[2010/10/15 19:52:12 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information

[2010/10/15 19:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\WinFast

[2010/10/15 19:52:09 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\InstallShield

[2010/10/15 19:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2010/10/15 19:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2010/10/15 15:46:45 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Local\Microsoft Help

[2010/10/15 15:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2010/10/15 13:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2010/10/15 13:29:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2010/10/15 13:29:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2010/10/15 13:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect

[2010/10/15 13:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine

[2010/10/15 13:14:13 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\Winamp

[2010/10/15 13:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp

[2010/10/15 12:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

[2010/10/15 12:50:15 | 000,000,000 | ---D | C] -- C:\Users\DoiC\Documents\StarCraft II

[2010/10/15 12:47:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment

[2010/10/15 12:35:11 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Local\In The Money

[2010/10/15 12:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\PostgreSQL

[2010/10/15 12:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\XHEO INC

[2010/10/15 12:24:42 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Local\IsolatedStorage

[2010/10/15 12:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RVG Software

[2010/10/15 12:03:26 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\QuickScan

[2010/10/15 12:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender

[2010/10/15 11:42:58 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Local\Yahoo

[2010/10/15 11:42:38 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\Macromedia

[2010/10/15 11:42:38 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\Adobe

[2010/10/15 11:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion

[2010/10/15 11:42:19 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\Yahoo!

[2010/10/15 11:42:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2010/10/15 11:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!

[2010/10/15 11:41:52 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2010/10/15 11:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!

[2010/10/15 11:38:51 | 000,000,000 | R--D | C] -- C:\Users\DoiC\Searches

[2010/10/15 11:38:51 | 000,000,000 | -H-D | C] -- C:\Users\DoiC\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2010/10/15 11:38:40 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\Identities

[2010/10/15 11:38:37 | 000,000,000 | R--D | C] -- C:\Users\DoiC\Contacts

[2010/10/15 11:38:35 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Local\VirtualStore

[2010/10/15 11:38:25 | 000,000,000 | --SD | C] -- C:\Users\DoiC\AppData\Roaming\Microsoft

[2010/10/15 11:38:25 | 000,000,000 | R--D | C] -- C:\Users\DoiC\Videos

[2010/10/15 11:38:25 | 000,000,000 | R--D | C] -- C:\Users\DoiC\Saved Games

[2010/10/15 11:38:25 | 000,000,000 | R--D | C] -- C:\Users\DoiC\Pictures

[2010/10/15 11:38:25 | 000,000,000 | R--D | C] -- C:\Users\DoiC\Music

[2010/10/15 11:38:25 | 000,000,000 | R--D | C] -- C:\Users\DoiC\Links

[2010/10/15 11:38:25 | 000,000,000 | R--D | C] -- C:\Users\DoiC\Favorites

[2010/10/15 11:38:25 | 000,000,000 | R--D | C] -- C:\Users\DoiC\Downloads

[2010/10/15 11:38:25 | 000,000,000 | R--D | C] -- C:\Users\DoiC\My Documents

[2010/10/15 11:38:25 | 000,000,000 | R--D | C] -- C:\Users\DoiC\Desktop

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\AppData\Local\Temporary Internet Files

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\Templates

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\Start Menu

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\SendTo

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\Recent

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\PrintHood

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\NetHood

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\Documents\My Videos

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\Documents\My Pictures

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\Documents\My Music

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\My Documents

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\Local Settings

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\AppData\Local\History

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\Cookies

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\Application Data

[2010/10/15 11:38:25 | 000,000,000 | -HSD | C] -- C:\Users\DoiC\AppData\Local\Application Data

[2010/10/15 11:38:25 | 000,000,000 | -H-D | C] -- C:\Users\DoiC\AppData

[2010/10/15 11:38:25 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Local\Temp

[2010/10/15 11:38:25 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Local\Microsoft

[2010/10/15 11:38:25 | 000,000,000 | ---D | C] -- C:\Users\DoiC\AppData\Roaming\Media Center Programs

[2010/10/15 11:38:12 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 90 Days ==========

[2010/10/23 15:51:08 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2010/10/23 15:51:08 | 000,000,724 | ---- | M] () -- C:\Windows\SysNative\bootdelete.lst

[2010/10/23 15:48:00 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys

[2010/10/23 15:47:59 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/10/23 15:31:12 | 006,259,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\DoiC\Desktop\mbam-rules.exe

[2010/10/23 14:44:42 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/23 14:44:42 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/23 14:43:30 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/10/23 14:43:30 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/10/23 14:43:30 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/10/23 14:37:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/23 14:37:10 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/23 14:28:28 | 000,007,627 | ---- | M] () -- C:\Users\DoiC\Desktop\attach.zip

[2010/10/23 12:55:36 | 000,000,816 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2010/10/23 12:39:01 | 000,001,392 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg

[2010/10/23 11:18:56 | 000,002,971 | ---- | M] () -- C:\Users\DoiC\Desktop\HiJackThis.lnk

[2010/10/23 10:34:58 | 000,001,037 | ---- | M] () -- C:\Users\DoiC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/10/22 19:52:51 | 000,001,989 | ---- | M] () -- C:\Users\DoiC\Desktop\45Bet.lnk

[2010/10/21 22:33:43 | 000,000,218 | ---- | M] () -- C:\Users\DoiC\.recently-used.xbel

[2010/10/21 22:08:29 | 005,421,499 | ---- | M] () -- C:\Users\DoiC\Desktop\all.m3u

[2010/10/21 20:20:07 | 000,002,081 | ---- | M] () -- C:\Users\DoiC\Desktop\Blackseapoker.lnk

[2010/10/20 23:45:12 | 000,001,939 | ---- | M] () -- C:\Users\DoiC\Desktop\Potraiser Poker.lnk

[2010/10/20 23:45:12 | 000,001,931 | ---- | M] () -- C:\Users\DoiC\Application Data\Microsoft\Internet Explorer\Quick Launch\Potraiser Poker.lnk

[2010/10/20 11:06:07 | 000,007,090 | ---- | M] () -- C:\Users\DoiC\Documents\HoldemManager.Config

[2010/10/19 16:46:49 | 000,000,136 | ---- | M] () -- C:\Users\DoiC\Documents\euro.jpg

[2010/10/19 16:32:32 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Pidgin.lnk

[2010/10/18 22:24:15 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk

[2010/10/18 22:16:43 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk

[2010/10/18 22:16:16 | 002,010,624 | ---- | M] () -- C:\Users\DoiC\Documents\Ventrilo Client v2.3.0 Windows.exe

[2010/10/18 22:03:28 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2010/10/18 11:42:35 | 000,001,466 | ---- | M] () -- C:\Users\Public\Desktop\Eurobet Poker.lnk

[2010/10/18 03:04:40 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2010/10/18 03:04:39 | 000,081,072 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2010/10/18 03:04:39 | 000,051,992 | ---- | M] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys

[2010/10/18 03:04:39 | 000,017,016 | ---- | M] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys

[2010/10/18 01:15:45 | 000,083,065 | ---- | M] () -- C:\ProgramData\bdinstall.bin

[2010/10/16 00:20:21 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

[2010/10/16 00:19:22 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2010/10/15 23:53:49 | 000,000,000 | ---- | M] () -- C:\Windows\HMHud.INI

[2010/10/15 23:37:47 | 000,001,838 | ---- | M] () -- C:\Users\DoiC\Desktop\Mikogo.lnk

[2010/10/15 23:37:47 | 000,001,818 | ---- | M] () -- C:\Users\DoiC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mikogo.lnk

[2010/10/15 23:13:16 | 000,001,829 | ---- | M] () -- C:\Users\DoiC\Desktop\GR88.lnk

[2010/10/15 22:31:42 | 000,310,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/10/15 22:22:48 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2010/10/15 21:46:34 | 000,001,093 | ---- | M] () -- C:\Users\DoiC\Desktop\StarCraft II.exe - Shortcut.lnk

[2010/10/15 21:33:55 | 000,042,049 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2010/10/15 21:33:55 | 000,042,049 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2010/10/15 19:58:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/10/15 13:14:47 | 000,001,007 | ---- | M] () -- C:\Users\DoiC\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk

[2010/10/15 13:14:47 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk

[2010/10/15 12:22:14 | 000,001,760 | ---- | M] () -- C:\Users\DoiC\Desktop\HoldemManager - Shortcut.lnk

[2010/10/15 12:12:11 | 000,000,415 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml

[2010/10/15 11:39:32 | 000,001,441 | ---- | M] () -- C:\Users\DoiC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/09/27 09:34:30 | 000,318,808 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2010/09/16 19:35:08 | 000,474,336 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll

[2010/09/16 19:35:06 | 000,489,696 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll

[2010/09/16 19:35:02 | 001,325,792 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll

[2010/09/16 19:34:58 | 001,178,336 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll

[2010/09/16 19:34:56 | 000,315,616 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll

[2010/09/16 19:34:52 | 000,268,512 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll

[2010/09/16 19:34:48 | 000,124,640 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll

[2010/09/16 19:34:46 | 000,123,616 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll

[2010/09/16 19:34:42 | 000,124,128 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll

[2010/09/16 19:34:38 | 000,265,440 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll

[2010/09/16 19:34:36 | 001,110,240 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll

[2010/09/16 19:34:32 | 000,503,520 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll

[2010/09/03 07:47:54 | 000,338,336 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

========== Files Created - No Company Name ==========

[2010/10/23 15:51:08 | 000,000,724 | ---- | C] () -- C:\Windows\SysNative\bootdelete.lst

[2010/10/23 15:48:00 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys

[2010/10/23 15:47:59 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/10/23 14:28:28 | 000,007,627 | ---- | C] () -- C:\Users\DoiC\Desktop\attach.zip

[2010/10/23 12:25:59 | 000,001,392 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg

[2010/10/23 11:18:56 | 000,002,971 | ---- | C] () -- C:\Users\DoiC\Desktop\HiJackThis.lnk

[2010/10/23 10:34:58 | 000,001,037 | ---- | C] () -- C:\Users\DoiC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/10/22 19:52:51 | 000,001,989 | ---- | C] () -- C:\Users\DoiC\Desktop\45Bet.lnk

[2010/10/21 22:33:43 | 000,000,218 | ---- | C] () -- C:\Users\DoiC\.recently-used.xbel

[2010/10/21 22:08:29 | 005,421,499 | ---- | C] () -- C:\Users\DoiC\Desktop\all.m3u

[2010/10/21 20:20:08 | 000,005,874 | ---- | C] () -- C:\Users\DoiC\pokerclient.log

[2010/10/21 20:20:07 | 000,002,081 | ---- | C] () -- C:\Users\DoiC\Desktop\Blackseapoker.lnk

[2010/10/20 23:45:12 | 000,001,939 | ---- | C] () -- C:\Users\DoiC\Desktop\Potraiser Poker.lnk

[2010/10/20 23:45:12 | 000,001,931 | ---- | C] () -- C:\Users\DoiC\Application Data\Microsoft\Internet Explorer\Quick Launch\Potraiser Poker.lnk

[2010/10/20 11:06:07 | 000,007,090 | ---- | C] () -- C:\Users\DoiC\Documents\HoldemManager.Config

[2010/10/19 16:46:49 | 000,000,136 | ---- | C] () -- C:\Users\DoiC\Documents\euro.jpg

[2010/10/19 16:32:32 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Pidgin.lnk

[2010/10/18 22:24:15 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk

[2010/10/18 22:16:43 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk

[2010/10/18 22:16:12 | 002,010,624 | ---- | C] () -- C:\Users\DoiC\Documents\Ventrilo Client v2.3.0 Windows.exe

[2010/10/18 22:03:22 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2010/10/18 11:42:35 | 000,001,466 | ---- | C] () -- C:\Users\Public\Desktop\Eurobet Poker.lnk

[2010/10/16 00:20:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/10/16 00:19:22 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2010/10/15 23:53:49 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI

[2010/10/15 23:37:47 | 000,001,838 | ---- | C] () -- C:\Users\DoiC\Desktop\Mikogo.lnk

[2010/10/15 23:37:47 | 000,001,818 | ---- | C] () -- C:\Users\DoiC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mikogo.lnk

[2010/10/15 23:13:16 | 000,001,829 | ---- | C] () -- C:\Users\DoiC\Desktop\GR88.lnk

[2010/10/15 22:22:48 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK

[2010/10/15 22:22:47 | 000,383,562 | RHS- | C] () -- C:\bootmgr

[2010/10/15 21:46:34 | 000,001,093 | ---- | C] () -- C:\Users\DoiC\Desktop\StarCraft II.exe - Shortcut.lnk

[2010/10/15 21:23:52 | 2146,295,807 | -HS- | C] () -- C:\hiberfil.sys

[2010/10/15 19:58:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/10/15 19:52:21 | 000,000,350 | ---- | C] () -- C:\Windows\SysWow64\AF15IRTBL.bin

[2010/10/15 13:14:47 | 000,001,007 | ---- | C] () -- C:\Users\DoiC\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk

[2010/10/15 13:14:47 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk

[2010/10/15 12:22:14 | 000,001,760 | ---- | C] () -- C:\Users\DoiC\Desktop\HoldemManager - Shortcut.lnk

[2010/10/15 12:12:11 | 000,000,415 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml

[2010/10/15 12:02:44 | 000,083,065 | ---- | C] () -- C:\ProgramData\bdinstall.bin

[2010/10/15 11:39:32 | 000,001,441 | ---- | C] () -- C:\Users\DoiC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/15 11:38:25 | 000,000,290 | ---- | C] () -- C:\Users\DoiC\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2010/10/15 11:38:25 | 000,000,272 | ---- | C] () -- C:\Users\DoiC\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/10/23 16:22:34 | 000,000,000 | ---D | M] -- C:\Users\DoiC\AppData\Roaming\.purple

[2010/10/20 15:18:12 | 000,000,000 | ---D | M] -- C:\Users\DoiC\AppData\Roaming\DAEMON Tools Lite

[2010/10/21 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\DoiC\AppData\Roaming\gtk-2.0

[2010/10/20 10:57:47 | 000,000,000 | ---D | M] -- C:\Users\DoiC\AppData\Roaming\HEM Data

[2010/10/15 23:39:06 | 000,000,000 | ---D | M] -- C:\Users\DoiC\AppData\Roaming\Mikogo

[2010/10/15 12:03:26 | 000,000,000 | ---D | M] -- C:\Users\DoiC\AppData\Roaming\QuickScan

[2010/10/18 22:24:15 | 000,000,000 | ---D | M] -- C:\Users\DoiC\AppData\Roaming\TeamViewer

[2010/10/22 20:41:57 | 000,000,000 | ---D | M] -- C:\Users\DoiC\AppData\Roaming\The Bat!

[2010/10/17 23:27:31 | 000,000,000 | ---D | M] -- C:\Users\DoiC\AppData\Roaming\Thunderbird

[2010/10/22 19:52:01 | 000,000,000 | ---D | M] -- C:\Users\DoiC\AppData\Roaming\uTorrent

[2009/07/14 08:08:49 | 000,006,944 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Potraiser:MID

< End of report >

[MrCharlie]

Please find this file and upload it to VirusTotal for a scan and let me know the results:

C:\Windows\SysNative\drivers\kgpcpy.cfg

http://www.virustotal.com/

-------------------------------------------------------------------------------

Please do this:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  

  :OTL
  O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
  O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
  O4 - HKU\S-1-5-21-2340287755-2909183757-1135167088-1003..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  
  :Commands
  [EMPTYFLASH]
  [emptytemp]
  [resethosts]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  

MrC

[DoiC]

Strage I don;t have any SysNative director in Windows.

I found kgpcpy.cfg in C:/windows/system32/drivers

But to upload it to virustotal I had to copy it to desktop and then upload. If I was browsing the C:/windows/system32/drivers

from VirusTotal webpage I was seeing only 5 or 6 files.

File name: kgpcpy.cfg

Submission date: 2010-10-23 14:48:40 (UTC)

Current status: queued queued analysing finished

Result: 0/ 42 (0.0%)

VT Community

not reviewed

Safety score: -

Compact Print results Antivirus Version Last Update Result

AhnLab-V3 2010.10.23.01 2010.10.23 -

AntiVir 7.10.13.27 2010.10.22 -

Antiy-AVL 2.0.3.7 2010.10.23 -

Authentium 5.2.0.5 2010.10.23 -

Avast 4.8.1351.0 2010.10.23 -

Avast5 5.0.594.0 2010.10.23 -

AVG 9.0.0.851 2010.10.23 -

BitDefender 7.2 2010.10.23 -

CAT-QuickHeal 11.00 2010.10.22 -

ClamAV 0.96.2.0-git 2010.10.23 -

Comodo 6484 2010.10.23 -

DrWeb 5.0.2.03300 2010.10.23 -

eSafe 7.0.17.0 2010.10.21 -

eTrust-Vet 36.1.7929 2010.10.22 -

F-Prot 4.6.2.117 2010.10.22 -

F-Secure 9.0.16160.0 2010.10.23 -

Fortinet 4.2.249.0 2010.10.23 -

GData 21 2010.10.23 -

Ikarus T3.1.1.90.0 2010.10.23 -

Jiangmin 13.0.900 2010.10.23 -

K7AntiVirus 9.66.2813 2010.10.22 -

Kaspersky 7.0.0.125 2010.10.23 -

McAfee 5.400.0.1158 2010.10.23 -

McAfee-GW-Edition 2010.1C 2010.10.22 -

Microsoft 1.6301 2010.10.23 -

NOD32 5557 2010.10.23 -

Norman 6.06.10 2010.10.23 -

nProtect 2010-10-23.01 2010.10.23 -

Panda 10.0.2.7 2010.10.23 -

PCTools 7.0.3.5 2010.10.23 -

Prevx 3.0 2010.10.23 -

Rising 22.70.03.04 2010.10.22 -

Sophos 4.58.0 2010.10.23 -

Sunbelt 7125 2010.10.23 -

SUPERAntiSpyware 4.40.0.1006 2010.10.23 -

Symantec 20101.2.0.161 2010.10.23 -

TheHacker 6.7.0.1.065 2010.10.23 -

TrendMicro 9.120.0.1004 2010.10.23 -

TrendMicro-HouseCall 9.120.0.1004 2010.10.23 -

VBA32 3.12.14.1 2010.10.22 -

ViRobot 2010.8.31.4017 2010.10.23 -

VirusBuster 12.69.14.0 2010.10.22 -

Additional informationShow all

MD5 : 5451b331955f3fcacd370237cf86110e

SHA1 : 9e7a3764b451759389b4767ff00659da0fd880a7

SHA256: 513155ff273729488f2d41dc84cdfd01d7acc5ac2f48e254c277b39f9602e76e

ssdeep: 24:1OoNcGh0hbOo3lGh0hoBn5X32ldqp7HqHldceCl+l41IV7MlzesEhP:xqE61E7EqpzUBV7M9

esUP

File size : 1392 bytes

First seen: 2010-10-23 14:48:40

Last seen : 2010-10-23 14:48:40

TrID:

Unknown!

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

[MrCharlie]

You may have to enable hidden files:

http://www.bleepingcomputer.com/tutorials/tutorial151.html

-----------------------------------

Carry out the rest with OTL, MrC

[DoiC]

I see all the hidden files and system files. I searched for kgpcpy.cfg and the only file found was the one in windows/system32/drivers

Runed the fix in OTL and after reboot:

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2340287755-2909183757-1135167088-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.

File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.

File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 56504 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: DoiC

->Flash cache emptied: 91899 bytes

User: postgres

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: DoiC

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 48697325 bytes

->Flash cache emptied: 0 bytes

User: postgres

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1216 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes

RecycleBin emptied: 862 bytes

Total Files Cleaned = 47.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.16.0 log created on 10232010_175918

Files\Folders moved on Reboot...

C:\Users\DoiC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X73ITQ2O\index[1].htm moved successfully.

C:\Users\DoiC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\79B6VWOL\google_ro[1].htm moved successfully.

C:\Users\DoiC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\79B6VWOL\report[1].html moved successfully.

C:\Users\DoiC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\430YXE7O\iframe[1].htm moved successfully.

C:\Users\DoiC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\430YXE7O\index[2].htm moved successfully.

C:\Users\DoiC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\430YXE7O\search[7].htm moved successfully.

C:\Users\DoiC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\430YXE7O\virustotal_com[1].htm moved successfully.

C:\Users\DoiC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

C:\Users\DoiC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

[MrCharlie]

Do you have a Windows 7 disk??

If not, please don't run TDSSKiller yet, MrC

----------------------------------------

TDSSKiller

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change These Settings:

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:

Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

[DoiC]

Yes. I have the win 7 DVD

2010/10/23 18:28:10.0339 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/23 18:28:10.0339 ================================================================================

2010/10/23 18:28:10.0339 SystemInfo:

2010/10/23 18:28:10.0339

2010/10/23 18:28:10.0339 OS Version: 6.1.7600 ServicePack: 0.0

2010/10/23 18:28:10.0339 Product type: Workstation

2010/10/23 18:28:10.0339 ComputerName: DOICROMOY

2010/10/23 18:28:10.0339 UserName: DoiC

2010/10/23 18:28:10.0339 Windows directory: C:\Windows

2010/10/23 18:28:10.0339 System windows directory: C:\Windows

2010/10/23 18:28:10.0339 Running under WOW64

2010/10/23 18:28:10.0339 Processor architecture: Intel x64

2010/10/23 18:28:10.0339 Number of processors: 2

2010/10/23 18:28:10.0339 Page size: 0x1000

2010/10/23 18:28:10.0339 Boot type: Normal boot

2010/10/23 18:28:10.0339 ================================================================================

2010/10/23 18:28:10.0339 Utility is running under WOW64

2010/10/23 18:28:10.0574 Initialize success

2010/10/23 18:28:17.0933 ================================================================================

2010/10/23 18:28:17.0933 Scan started

2010/10/23 18:28:17.0933 Mode: Manual;

2010/10/23 18:28:17.0933 ================================================================================

2010/10/23 18:28:18.0855 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/10/23 18:28:18.0917 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2010/10/23 18:28:18.0964 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/10/23 18:28:19.0011 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/10/23 18:28:19.0058 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2010/10/23 18:28:19.0089 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2010/10/23 18:28:19.0152 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2010/10/23 18:28:19.0183 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2010/10/23 18:28:19.0214 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2010/10/23 18:28:19.0230 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2010/10/23 18:28:19.0261 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2010/10/23 18:28:19.0292 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2010/10/23 18:28:19.0308 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

2010/10/23 18:28:19.0355 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/10/23 18:28:19.0371 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

2010/10/23 18:28:19.0449 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2010/10/23 18:28:19.0496 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2010/10/23 18:28:19.0511 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2010/10/23 18:28:19.0542 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/10/23 18:28:19.0558 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2010/10/23 18:28:19.0621 avgntflt (ed2b23707f19ccc1b2a4382b05d31481) C:\Windows\system32\DRIVERS\avgntflt.sys

2010/10/23 18:28:19.0652 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys

2010/10/23 18:28:19.0714 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2010/10/23 18:28:19.0761 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2010/10/23 18:28:19.0808 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2010/10/23 18:28:19.0902 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/10/23 18:28:19.0933 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2010/10/23 18:28:19.0964 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/10/23 18:28:19.0980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/10/23 18:28:20.0011 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2010/10/23 18:28:20.0027 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/10/23 18:28:20.0042 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/10/23 18:28:20.0058 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/10/23 18:28:20.0089 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/10/23 18:28:20.0136 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/10/23 18:28:20.0167 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2010/10/23 18:28:20.0230 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2010/10/23 18:28:20.0277 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2010/10/23 18:28:20.0417 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/10/23 18:28:20.0433 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2010/10/23 18:28:20.0480 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2010/10/23 18:28:20.0527 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2010/10/23 18:28:20.0558 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/10/23 18:28:20.0589 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/10/23 18:28:20.0636 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

2010/10/23 18:28:20.0746 CX88VID (a960db9d518daa405dcbc8e7fc3ede3b) C:\Windows\system32\drivers\cxavsvid.sys

2010/10/23 18:28:20.0792 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2010/10/23 18:28:20.0839 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2010/10/23 18:28:20.0871 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2010/10/23 18:28:20.0933 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2010/10/23 18:28:20.0980 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

2010/10/23 18:28:21.0089 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2010/10/23 18:28:21.0277 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2010/10/23 18:28:21.0308 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2010/10/23 18:28:21.0355 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2010/10/23 18:28:21.0386 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2010/10/23 18:28:21.0417 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2010/10/23 18:28:21.0464 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2010/10/23 18:28:21.0480 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2010/10/23 18:28:21.0511 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/10/23 18:28:21.0527 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2010/10/23 18:28:21.0574 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2010/10/23 18:28:21.0589 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2010/10/23 18:28:21.0636 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2010/10/23 18:28:21.0667 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/10/23 18:28:21.0683 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2010/10/23 18:28:21.0746 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2010/10/23 18:28:21.0777 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/10/23 18:28:21.0808 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/10/23 18:28:21.0824 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2010/10/23 18:28:21.0839 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2010/10/23 18:28:21.0902 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2010/10/23 18:28:21.0949 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/10/23 18:28:21.0996 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2010/10/23 18:28:22.0027 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2010/10/23 18:28:22.0058 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/10/23 18:28:22.0105 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/10/23 18:28:22.0136 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2010/10/23 18:28:22.0246 IntcAzAudAddService (c03463214d23b46b991f582821c8df69) C:\Windows\system32\drivers\RTKVHD64.sys

2010/10/23 18:28:22.0277 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2010/10/23 18:28:22.0308 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2010/10/23 18:28:22.0355 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/10/23 18:28:22.0371 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/10/23 18:28:22.0402 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2010/10/23 18:28:22.0464 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2010/10/23 18:28:22.0511 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2010/10/23 18:28:22.0542 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/10/23 18:28:22.0574 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/10/23 18:28:22.0589 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/10/23 18:28:22.0636 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2010/10/23 18:28:22.0667 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2010/10/23 18:28:22.0699 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2010/10/23 18:28:22.0761 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2010/10/23 18:28:22.0808 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/10/23 18:28:22.0839 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/10/23 18:28:22.0871 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/10/23 18:28:22.0902 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/10/23 18:28:22.0949 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2010/10/23 18:28:22.0980 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2010/10/23 18:28:23.0011 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/10/23 18:28:23.0058 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2010/10/23 18:28:23.0089 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2010/10/23 18:28:23.0121 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2010/10/23 18:28:23.0167 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2010/10/23 18:28:23.0199 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2010/10/23 18:28:23.0230 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2010/10/23 18:28:23.0261 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2010/10/23 18:28:23.0308 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2010/10/23 18:28:23.0339 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/10/23 18:28:23.0371 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/10/23 18:28:23.0417 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/10/23 18:28:23.0433 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2010/10/23 18:28:23.0464 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2010/10/23 18:28:23.0511 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2010/10/23 18:28:23.0527 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2010/10/23 18:28:23.0558 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/10/23 18:28:23.0605 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2010/10/23 18:28:23.0636 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/10/23 18:28:23.0652 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2010/10/23 18:28:23.0667 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2010/10/23 18:28:23.0699 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/10/23 18:28:23.0730 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2010/10/23 18:28:23.0746 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/10/23 18:28:23.0792 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2010/10/23 18:28:23.0824 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2010/10/23 18:28:23.0871 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2010/10/23 18:28:23.0917 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/10/23 18:28:23.0949 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/10/23 18:28:23.0964 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/10/23 18:28:23.0996 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/10/23 18:28:24.0027 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2010/10/23 18:28:24.0042 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2010/10/23 18:28:24.0074 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2010/10/23 18:28:24.0121 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/10/23 18:28:24.0167 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2010/10/23 18:28:24.0199 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2010/10/23 18:28:24.0261 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2010/10/23 18:28:24.0339 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2010/10/23 18:28:24.0667 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/10/23 18:28:24.0792 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/10/23 18:28:24.0824 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2010/10/23 18:28:24.0871 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/10/23 18:28:24.0902 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/10/23 18:28:24.0964 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2010/10/23 18:28:24.0996 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2010/10/23 18:28:25.0027 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2010/10/23 18:28:25.0074 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2010/10/23 18:28:25.0089 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/10/23 18:28:25.0121 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2010/10/23 18:28:25.0152 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2010/10/23 18:28:25.0277 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2010/10/23 18:28:25.0308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2010/10/23 18:28:25.0371 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2010/10/23 18:28:25.0433 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2010/10/23 18:28:25.0496 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/10/23 18:28:25.0527 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2010/10/23 18:28:25.0542 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2010/10/23 18:28:25.0605 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/10/23 18:28:25.0636 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/10/23 18:28:25.0667 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/10/23 18:28:25.0683 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2010/10/23 18:28:25.0714 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2010/10/23 18:28:25.0746 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/10/23 18:28:25.0792 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/10/23 18:28:25.0839 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

2010/10/23 18:28:25.0871 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2010/10/23 18:28:25.0902 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2010/10/23 18:28:25.0933 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2010/10/23 18:28:25.0964 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2010/10/23 18:28:26.0027 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2010/10/23 18:28:26.0074 RTL8023x64 (97b6d72c82b2632b3d1ad60ddac38d46) C:\Windows\system32\DRIVERS\Rtnic64.sys

2010/10/23 18:28:26.0105 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

2010/10/23 18:28:26.0152 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/10/23 18:28:26.0183 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2010/10/23 18:28:26.0230 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/10/23 18:28:26.0277 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2010/10/23 18:28:26.0292 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2010/10/23 18:28:26.0324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2010/10/23 18:28:26.0386 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/10/23 18:28:26.0402 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/10/23 18:28:26.0433 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/10/23 18:28:26.0449 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/10/23 18:28:26.0496 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/10/23 18:28:26.0511 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/10/23 18:28:26.0558 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2010/10/23 18:28:26.0605 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2010/10/23 18:28:26.0667 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys

2010/10/23 18:28:26.0699 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys

2010/10/23 18:28:26.0730 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys

2010/10/23 18:28:26.0761 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2010/10/23 18:28:26.0808 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

2010/10/23 18:28:26.0839 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

2010/10/23 18:28:26.0871 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2010/10/23 18:28:26.0996 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2010/10/23 18:28:27.0074 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2010/10/23 18:28:27.0121 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2010/10/23 18:28:27.0152 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2010/10/23 18:28:27.0167 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2010/10/23 18:28:27.0199 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2010/10/23 18:28:27.0246 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2010/10/23 18:28:27.0292 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/10/23 18:28:27.0339 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2010/10/23 18:28:27.0371 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2010/10/23 18:28:27.0417 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2010/10/23 18:28:27.0496 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/10/23 18:28:27.0511 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2010/10/23 18:28:27.0542 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2010/10/23 18:28:27.0574 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/10/23 18:28:27.0605 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2010/10/23 18:28:27.0636 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

2010/10/23 18:28:27.0667 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

2010/10/23 18:28:27.0730 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2010/10/23 18:28:27.0777 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2010/10/23 18:28:27.0792 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/10/23 18:28:27.0824 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/10/23 18:28:27.0871 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/10/23 18:28:27.0886 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/10/23 18:28:27.0917 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2010/10/23 18:28:27.0933 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/10/23 18:28:27.0964 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2010/10/23 18:28:28.0011 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

2010/10/23 18:28:28.0027 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

2010/10/23 18:28:28.0058 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/10/23 18:28:28.0089 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2010/10/23 18:28:28.0136 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2010/10/23 18:28:28.0183 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/10/23 18:28:28.0199 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2010/10/23 18:28:28.0246 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2010/10/23 18:28:28.0277 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/23 18:28:28.0308 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/23 18:28:28.0371 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2010/10/23 18:28:28.0402 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2010/10/23 18:28:28.0464 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/10/23 18:28:28.0496 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2010/10/23 18:28:28.0574 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/10/23 18:28:28.0621 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2010/10/23 18:28:28.0683 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2010/10/23 18:28:28.0730 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/10/23 18:28:28.0808 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys

2010/10/23 18:28:28.0886 ================================================================================

2010/10/23 18:28:28.0886 Scan finished

2010/10/23 18:28:28.0886 ================================================================================

[MrCharlie]

That scan is clean, you're still experiencing the problem, correct? MrC

[DoiC]

Yes. Sometimes when I click on random links a i get a popup with google-analytics and redirecting to sites. Sometimes the pop up apears on I use the scrool mouse wheel!

Meantime I look for solutions.

Looks like the virus is called: Trojan.OSX.DNSChanger.B and there is an antivirus for MAC who removes it. For windows I couldn't find anything to detect it.

[MrCharlie]

Run through this guide (you already ran TDSSKiller)

http://maddoktor2.com/forums/index.php/topic,32053.0.html

--------------------------------------

Try this: Install opendns:

https://store.opendns.com/setup/operatingsystem/windows-7

You can always undo it.

Be back later, MrC

[MrCharlie]

Also .....................

Please do this:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

MrC

[DoiC]

Sorry I wasn't home for a few hours

I did all the above things. Nothing found

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\DoiC\Desktop\cmd.bat deleted successfully.

C:\Users\DoiC\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: DoiC

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 15899786 bytes

->Java cache emptied: 128094 bytes

->Flash cache emptied: 456 bytes

User: postgres

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 15.00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.17.0 log created on 10232010_232849

Files moved on Reboot...

Registry entries deleted on Reboot...

GooredFix is trying to fix firefox? I don't have firefox. I used only IE 8!

GooredFix by jpshortstuff (03.07.10.1)

Log created at 23:31 on 23/10/2010 (DoiC)

Firefox version [unable to determine]

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\

(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

(Key not found)

-=E.O.F=-

TDSKiller found nothing

Security check also nothing, but I do have the Malwarebytes installed and I can't update it!

Results of screen317's Security Check version 0.99.5

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Premium

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 22

Out of date Java installed!

Adobe Flash Player

Adobe Reader 9.4.0

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

I installed java 3 hours ago to run an online karpsersky scan. Found nothing. I will uninstall java now.

[DoiC]

I fixed it!

It was my stupid mistake.

Last night I made two rescue boot cds from 2 antivirus programs and both detected nothing, but this morning I figured it out!

Yes. I had a linksys rooter and I had the default admin/admin password. For my internet connection I have to set a static ip in the rooter. The worm changed the dns servers, but I didn't notice that. I reset the rooter, I even pluged the internet cable directly to my computer and still set the same BAD dns!

Now I checked my internet contract and saw the real dns servers.

Changed it, runed this steps again http://maddoktor2.com/forums/index.php/topic,32053.0.html and I can see everything is fine now.

My windows found 2 updates and Malwarebytes's Antimalware updates are working too.

And no more popups so far.

Thanks for your help

[MrCharlie]

Good

That's what it usually is, router hijack/DNS......MrC

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.