PDA

View Full Version : Win32.agent.adb and others...



Pikpik
2012-10-01, 11:03
I noticed my computer has been crashing a lot more often in the past couple days than before, including some blue screen errors, and I got concerned. I did an S&D search and several serious looking items came up, including Win32.VB.du, Win32.Banker.prx, Win32.Autorun.dso, and a mention that my browser was infected with Win32.agent.adb. I tried running Malwarebytes, but it would usually crash midway through the scan, although I did get it to work in Safe Mode once, where it didn't find much. I used the Chameleon settings to get it to scan out of safe mode, but it didn't find anything. Spybot tends to lock up on its scan three files from the end. I use Microsoft Security Essentials, but that's also been crashing without warning lately, including during scans, and it doesn't find anything either.

I try to remove things with Spybot, but it says the resources are in use, and asks if it can run when I restart. I tried it, but it bluescreened at the end of its scan. I tried to install another antivirus like Avast, but it bluescreened at the end of installation then refused to start the program when it restarted. I tried the Outpost Security Suite, but it locked up during its initial scan and some fonts disappeared, then when I tried to restart in safe mode, the program wouldn't load. Then the computer wouldn't boot at all, so I had to go back into safe mode and uninstall the security suite, then it booted alright.

I've tried a few times to get rid of these things with Spybot, but they keep coming back... I'm worried something's seriously wrong. Here are the logs.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Zarla at 21:11:44 on 2012-09-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.1297 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Stickies\stickies.exe
svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Winamp5\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Steam\Steam.exe
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRunOnce: [1] c:\program files\malwarebytes' anti-malware\chameleon\mbam-chameleon.exe /r /p
StartupFolder: c:\docume~1\zarla\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\zarla\startm~1\programs\startup\lastfm~1.lnk - c:\program files\last.fm\LastFMHelper.exe
StartupFolder: c:\docume~1\zarla\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344119090125
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344119235656
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3E885F99-6B75-4C9E-AFC6-346B05F06238} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.10.dll
FF - component: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.11.dll
FF - component: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.12.dll
FF - component: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.13.dll
FF - component: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.9.dll
FF - component: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\openxmlviewer@codeplex.com\plugins\npDocX.dll
FF - plugin: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\openxmlviewer@codeplex.com\plugins\npnul32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_07.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: BarTab: bartap@philikon.de - %profile%\extensions\bartap@philikon.de
FF - Ext: OpenXMLViewer: OpenXMLViewer@Codeplex.com - %profile%\extensions\OpenXMLViewer@Codeplex.com
FF - Ext: Rehost Image: rehostimage@engy.us - %profile%\extensions\rehostimage@engy.us
FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Resurrect Pages: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} - %profile%\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Image Search Options: {4a313247-8330-4a81-948e-b79936516f78} - %profile%\extensions\{4a313247-8330-4a81-948e-b79936516f78}
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: Popup ALT Attribute: {61FD08D8-A2CB-46c0-B36D-3F531AC53C12} - %profile%\extensions\{61FD08D8-A2CB-46c0-B36D-3F531AC53C12}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: LJlogin: {ad4ee9e5-49c7-4589-acf3-db9fa76a95c9} - %profile%\extensions\{ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Firefox 2, the theme, reloaded: {fd2f951f-77ea-4938-9493-0c892c027a13} - %profile%\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2010-3-9 188984]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 MpKslbbfa0b08;MpKslbbfa0b08;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f98086c-330e-4dae-b963-0f9dd12d87d3}\MpKslbbfa0b08.sys [2012-9-30 29904]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2012-8-14 1373480]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-5-13 99856]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2012-8-18 472644]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-9-30 35144]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-8-16 11520]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-8-4 1691480]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-9-30 114144]
.
=============== Created Last 30 ================
.
2012-10-01 03:12:59 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-09-30 17:25:35 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2012-09-30 17:25:35 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2012-09-30 17:25:35 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2012-09-30 17:25:34 505816 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
2012-09-30 17:25:33 719832 ----a-w- c:\program files\mozilla firefox\mozcrt19.dll
2012-09-30 17:25:33 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2012-09-30 17:25:33 1014744 ----a-w- c:\program files\mozilla firefox\js3250.dll
2012-09-30 16:58:19 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-30 16:42:56 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f98086c-330e-4dae-b963-0f9dd12d87d3}\MpKslbbfa0b08.sys
2012-09-30 15:33:05 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f98086c-330e-4dae-b963-0f9dd12d87d3}\mpengine.dll
2012-09-30 07:03:45 -------- d-----w- c:\program files\AVAST Software
2012-09-30 07:03:45 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-09-29 16:10:53 -------- d-----w- c:\documents and settings\zarla\local settings\application data\PCHealth
2012-09-29 13:26:04 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-29 13:10:09 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-09-29 07:55:17 -------- d-----w- c:\documents and settings\zarla\application data\Malwarebytes
2012-09-29 07:54:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-29 07:54:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 07:54:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-29 03:19:49 404400 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-25 11:42:36 1409 ----a-w- c:\windows\QTFont.for
2012-09-08 06:05:38 -------- d-----w- c:\documents and settings\zarla\local settings\application data\kiloHearts
2012-09-08 06:04:55 -------- d-----w- c:\documents and settings\zarla\application data\MSPS
2012-09-05 02:22:40 -------- d-----w- c:\documents and settings\zarla\local settings\application data\DOSBox
2012-09-05 01:40:21 -------- d-----w- c:\documents and settings\zarla\local settings\application data\Lazy 8 Studios
2012-09-05 01:40:16 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-09-05 01:40:09 -------- d-----w- c:\windows\Logs
2012-09-01 21:08:06 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-01 21:07:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-09-01 21:07:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 21:07:37 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-20 04:43:37 588 ----a-w- c:\windows\uninstallstickies.bat
2012-08-14 17:11:50 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-08-04 23:32:36 0 ----a-w- c:\windows\ativpsrm.bin
2012-07-20 18:00:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
.
============= FINISH: 21:14:09.51 ===============



Aswmbr logs:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-30 21:24:17
-----------------------------
21:24:17.640 OS Version: Windows 5.1.2600 Service Pack 3
21:24:17.640 Number of processors: 4 586 0x102
21:24:17.640 ComputerName: CEDA-09E6FD4986 UserName: Zarla
21:24:18.703 Initialize success
21:27:40.734 AVAST engine defs: 12093001
21:28:03.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\ahcix861Port2Path0Target0Lun0
21:28:03.578 Disk 0 Vendor: Seagate_ 1AJ1 Size: 953869MB BusType: 1
21:28:03.593 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\ahcix861Port2Path0Target1Lun0
21:28:03.593 Disk 1 Vendor: Seagate_ 3.AA Size: 476940MB BusType: 1
21:28:03.593 Disk 0 MBR read successfully
21:28:03.593 Disk 0 MBR scan
21:28:03.625 Disk 0 Windows XP default MBR code
21:28:03.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
21:28:03.625 Disk 0 scanning sectors +1953504000
21:28:03.703 Disk 0 scanning C:\WINDOWS\system32\drivers
21:28:16.546 Service scanning
21:28:28.812 Service MpKsld4a42852 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F98086C-330E-4DAE-B963-0F9DD12D87D3}\MpKsld4a42852.sys **LOCKED** 32
21:28:33.125 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:28:37.046 Modules scanning
21:28:40.625 Disk 0 trace - called modules:
21:28:40.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ac061e8]<<
21:28:40.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a288030]
21:28:40.656 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\Scsi\ahcix861Port2Path0Target0Lun0[0x8ab1b998]
21:28:40.656 \Driver\ahcix86[0x8aac8f38] -> IRP_MJ_CREATE -> 0x8ac061e8
21:28:41.812 AVAST engine scan C:\WINDOWS
21:28:53.015 AVAST engine scan C:\WINDOWS\system32
21:31:29.281 AVAST engine scan C:\WINDOWS\system32\drivers
21:31:52.609 AVAST engine scan C:\Documents and Settings\Zarla
21:52:01.171 AVAST engine scan C:\Documents and Settings\All Users
00:11:40.640 Scan finished successfully
00:18:13.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Zarla\My Documents\MBR.dat"
00:18:13.718 The log file has been saved successfully to "C:\Documents and Settings\Zarla\My Documents\aswMBR.txt"



And the Spybot log:

Win32.VB.du: [SBI $C471BC2C] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt

Win32.VB.du: [SBI $5DDE6C15] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden

Microsoft.Windows.InfectedHostfile: [SBI $50865E77] Data (File, nothing done)
C:\WINDOWS\system32\drivers\etc\hosts_infected

Win32.Banker.prx: [SBI $22E68569] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates

Win32.Banker.prx: [SBI $25582D55] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft\Internet Explorer\IETld\StaleIETldCache

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\AMD

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\ATI

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Policies

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Mediamatics

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Classes

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Mediamatics

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Policies

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Classes

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Adobe

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\ATI

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\AVAST Software

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Clients

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Gabest

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Google

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\JavaSoft

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Last.fm

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Macromedia

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Malwarebytes' Anti-Malware

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Mediamatics

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Memeo

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Mozilla

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\MozillaPlugins

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Netscape

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Nintendo

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Policies

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Realtek

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Safer Networking Limited

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Trolltech

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Valve

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\WinampAC3

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\WinRAR

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Classes

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\AMD

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\ATI

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Policies

Win32.Autorun.dc3: [SBI $3958106B] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}


--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-08-15 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2012-04-04 Includes\Adware.sbi (*)
2012-09-25 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2012-09-26 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-06-18 Includes\Hijackers.sbi (*)
2012-09-25 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-08-28 Includes\Malware.sbi (*)
2012-09-25 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-08-21 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-06-18 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-09-05 Includes\Spyware.sbi (*)
2012-09-04 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-27 Includes\Trojans.sbi (*)
2012-09-27 Includes\TrojansC-02.sbi (*)
2012-09-20 Includes\TrojansC-03.sbi (*)
2012-09-28 Includes\TrojansC-04.sbi (*)
2012-08-31 Includes\TrojansC-05.sbi (*)
2012-09-07 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll

torreattack
2012-10-09, 14:23
Please note that all instructions given are customised for this computer only.
Tthe tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Safer-Networking (http://forums.spybot.info/forumdisplay.php?f=22) forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hi Pikpik and welcome to Safer-Networking :)

My name is torreattack, and I will be helping you with your malware problems. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer (http://support.microsoft.com/kb/971759)
Backup your data - Vista (http://www.vista4beginners.com/How-to-backup-your-data)
Backup your data - windows 7 (http://windows.microsoft.com/en-us/windows7/Back-up-your-files)

Please observe these rules while we work:
Perform all actions in the order given.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with it till you're given the all clear.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.

If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given.
As sometimes it is necessary to go offline and you will lose access to them.

If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.

==============================================================================================================================================
Sorry for being late.

Since you logs is quite old now, I need to get the latest logs. Please do the following:

1. RogueKiller
Please download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your programs.
Right click on RogueKiller.exe and select " Run as administrator " to run it.
If it does not run, please try a few times.
Wait for PreScan to finish, then click on Scan.
Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
Please copy and paste the contents of that log in your next reply.



2. TDSSKiller
Please download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
When the TDSSKiller finish loading, click on Change parameters.
Tick the Detect TDLFS file system and click ok.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT



3. OTL
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) ... by Old Timer . Save it to your Desktop.
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.



4. Checklist
Please post:
RKreport[x].txt
TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
OTL.txt and Extra.txt
An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.


Thank you for your GREAT patience.
torreattack

Pikpik
2012-10-10, 09:13
RKreport3.txt


RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 10/09/2012 22:47:32

¤¤¤ Bad processes : 2 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71F1B40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71F1B40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71F1B40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71F1B40)
IRP[IRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71F1B40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71F1B40)
IRP[IRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71F1B40)
IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71EF864)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Seagate ST1000DM005 HD10 SCSI Disk Device +++++
--- User ---
[MBR] 5a93c3bb77973e0df9d4bba454bb703a
[BSP] 77ca3c46127bfbf073c5756b4778880a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Seagate ST3500630AS SCSI Disk Device +++++
--- User ---
[MBR] e1203746f124325972c21b90178ce4f0
[BSP] 08d74e8d21ec574dfeb1e1982d1504ee : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WD My Book 1110 USB Device +++++
--- User ---
[MBR] 501e0d6900b18b534a9fcc91650fc670
[BSP] d17cd76fdfd3323b5fe85b518ea94d94 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953198 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



TDSSreport:


22:33:09.0492 1844 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:33:09.0961 1844 ============================================================
22:33:09.0961 1844 Current date / time: 2012/10/09 22:33:09.0961
22:33:09.0961 1844 SystemInfo:
22:33:09.0961 1844
22:33:09.0961 1844 OS Version: 5.1.2600 ServicePack: 3.0
22:33:09.0961 1844 Product type: Workstation
22:33:09.0961 1844 ComputerName: CEDA-09E6FD4986
22:33:09.0961 1844 UserName: Administrator
22:33:09.0961 1844 Windows directory: C:\WINDOWS
22:33:09.0961 1844 System windows directory: C:\WINDOWS
22:33:09.0961 1844 Processor architecture: Intel x86
22:33:09.0961 1844 Number of processors: 4
22:33:09.0961 1844 Page size: 0x1000
22:33:09.0961 1844 Boot type: Normal boot
22:33:09.0961 1844 ============================================================
22:33:10.0617 1844 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:33:10.0633 1844 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:33:10.0649 1844 Drive \Device\Harddisk2\DR4 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:33:10.0664 1844 ============================================================
22:33:10.0664 1844 \Device\Harddisk0\DR0:
22:33:10.0664 1844 MBR partitions:
22:33:10.0664 1844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
22:33:10.0664 1844 \Device\Harddisk1\DR1:
22:33:10.0664 1844 MBR partitions:
22:33:10.0664 1844 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
22:33:10.0680 1844 \Device\Harddisk2\DR4:
22:33:10.0680 1844 MBR partitions:
22:33:10.0680 1844 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B7000
22:33:10.0680 1844 ============================================================
22:33:10.0695 1844 C: <-> \Device\Harddisk0\DR0\Partition1
22:33:10.0695 1844 H: <-> \Device\Harddisk2\DR4\Partition1
22:33:10.0727 1844 D: <-> \Device\Harddisk1\DR1\Partition1
22:33:10.0727 1844 ============================================================
22:33:10.0727 1844 Initialize success
22:33:10.0727 1844 ============================================================
22:33:45.0274 5392 ============================================================
22:33:45.0274 5392 Scan started
22:33:45.0274 5392 Mode: Manual; TDLFS;
22:33:45.0274 5392 ============================================================
22:33:45.0461 5392 ================ Scan system memory ========================
22:33:45.0461 5392 System memory - ok
22:33:45.0477 5392 ================ Scan services =============================
22:33:45.0555 5392 Abiosdsk - ok
22:33:45.0555 5392 abp480n5 - ok
22:33:45.0586 5392 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:33:45.0586 5392 ACPI - ok
22:33:45.0617 5392 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:33:45.0617 5392 ACPIEC - ok
22:33:45.0617 5392 adpu160m - ok
22:33:45.0649 5392 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:33:45.0649 5392 aec - ok
22:33:45.0680 5392 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:33:45.0680 5392 AFD - ok
22:33:45.0695 5392 Aha154x - ok
22:33:45.0711 5392 [ FD26D4B471E614C2A9B92A272FAFFDAC ] ahcix86 C:\WINDOWS\system32\drivers\ahcix86.sys
22:33:45.0711 5392 ahcix86 - ok
22:33:45.0711 5392 aic78u2 - ok
22:33:45.0727 5392 aic78xx - ok
22:33:45.0774 5392 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:33:45.0774 5392 Alerter - ok
22:33:45.0805 5392 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
22:33:45.0805 5392 ALG - ok
22:33:45.0805 5392 AliIde - ok
22:33:45.0852 5392 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
22:33:45.0867 5392 Ambfilt - ok
22:33:45.0867 5392 [ 6E58654CB25730B2579E45E1FD116A47 ] amdide C:\WINDOWS\system32\DRIVERS\amdide.sys
22:33:45.0867 5392 amdide - ok
22:33:45.0914 5392 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
22:33:45.0914 5392 AmdPPM - ok
22:33:45.0914 5392 amsint - ok
22:33:45.0945 5392 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:33:45.0961 5392 AppMgmt - ok
22:33:45.0977 5392 [ 4F9CBBF95E8F7A0D4C0EDCFE3B78102E ] ASAPIW2k C:\WINDOWS\system32\drivers\ASAPIW2k.sys
22:33:45.0977 5392 ASAPIW2k - ok
22:33:45.0977 5392 asc - ok
22:33:45.0992 5392 asc3350p - ok
22:33:45.0992 5392 asc3550 - ok
22:33:46.0039 5392 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:33:46.0039 5392 aspnet_state - ok
22:33:46.0055 5392 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:33:46.0055 5392 AsyncMac - ok
22:33:46.0086 5392 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:33:46.0086 5392 atapi - ok
22:33:46.0086 5392 Atdisk - ok
22:33:46.0117 5392 [ 7EEB8386F9AC3721EDAD9B21E5C2F2D4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
22:33:46.0133 5392 Ati HotKey Poller - ok
22:33:46.0258 5392 [ 28F1B6CCD2E0A184DA7D9F266BFEB267 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:33:46.0320 5392 ati2mtag - ok
22:33:46.0336 5392 [ F3C66593C93776A7614569137C74C724 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
22:33:46.0336 5392 AtiHDAudioService - ok
22:33:46.0367 5392 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:33:46.0367 5392 Atmarpc - ok
22:33:46.0383 5392 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:33:46.0383 5392 AudioSrv - ok
22:33:46.0414 5392 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:33:46.0414 5392 audstub - ok
22:33:46.0445 5392 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:33:46.0445 5392 Beep - ok
22:33:46.0461 5392 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
22:33:46.0508 5392 BITS - ok
22:33:46.0508 5392 BLKWGU(Belkin) - ok
22:33:46.0539 5392 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
22:33:46.0539 5392 Browser - ok
22:33:46.0570 5392 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:33:46.0570 5392 cbidf2k - ok
22:33:46.0586 5392 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:33:46.0586 5392 CCDECODE - ok
22:33:46.0586 5392 cd20xrnt - ok
22:33:46.0586 5392 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:33:46.0602 5392 Cdaudio - ok
22:33:46.0602 5392 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:33:46.0602 5392 Cdfs - ok
22:33:46.0617 5392 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:33:46.0617 5392 Cdrom - ok
22:33:46.0617 5392 Changer - ok
22:33:46.0664 5392 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:33:46.0664 5392 CiSvc - ok
22:33:46.0664 5392 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:33:46.0664 5392 ClipSrv - ok
22:33:46.0695 5392 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:33:46.0695 5392 clr_optimization_v2.0.50727_32 - ok
22:33:46.0711 5392 CmdIde - ok
22:33:46.0711 5392 COMSysApp - ok
22:33:46.0711 5392 Cpqarray - ok
22:33:46.0742 5392 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:33:46.0742 5392 CryptSvc - ok
22:33:46.0742 5392 dac2w2k - ok
22:33:46.0742 5392 dac960nt - ok
22:33:46.0774 5392 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:33:46.0789 5392 DcomLaunch - ok
22:33:46.0805 5392 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:33:46.0805 5392 Dhcp - ok
22:33:46.0805 5392 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:33:46.0805 5392 Disk - ok
22:33:46.0805 5392 dmadmin - ok
22:33:46.0867 5392 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:33:46.0867 5392 dmboot - ok
22:33:46.0867 5392 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:33:46.0883 5392 dmio - ok
22:33:46.0883 5392 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:33:46.0883 5392 dmload - ok
22:33:46.0883 5392 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:33:46.0883 5392 dmserver - ok
22:33:46.0899 5392 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:33:46.0899 5392 DMusic - ok
22:33:46.0930 5392 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:33:46.0930 5392 Dnscache - ok
22:33:46.0961 5392 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:33:46.0977 5392 Dot3svc - ok
22:33:46.0977 5392 dpti2o - ok
22:33:46.0977 5392 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:33:46.0977 5392 drmkaud - ok
22:33:47.0008 5392 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:33:47.0008 5392 EapHost - ok
22:33:47.0024 5392 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:33:47.0039 5392 ERSvc - ok
22:33:47.0039 5392 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:33:47.0039 5392 Eventlog - ok
22:33:47.0086 5392 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
22:33:47.0086 5392 EventSystem - ok
22:33:47.0117 5392 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:33:47.0117 5392 Fastfat - ok
22:33:47.0149 5392 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:33:47.0149 5392 FastUserSwitchingCompatibility - ok
22:33:47.0149 5392 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:33:47.0149 5392 Fdc - ok
22:33:47.0164 5392 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:33:47.0164 5392 Fips - ok
22:33:47.0164 5392 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:33:47.0164 5392 Flpydisk - ok
22:33:47.0195 5392 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:33:47.0195 5392 FltMgr - ok
22:33:47.0242 5392 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:33:47.0242 5392 FontCache3.0.0.0 - ok
22:33:47.0258 5392 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:33:47.0258 5392 Fs_Rec - ok
22:33:47.0258 5392 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:33:47.0258 5392 Ftdisk - ok
22:33:47.0274 5392 [ 32A73A8952580B284A47290ADB62032A ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:33:47.0274 5392 GEARAspiWDM - ok
22:33:47.0274 5392 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:33:47.0274 5392 Gpc - ok
22:33:47.0305 5392 [ E4AEF0DAACBE59B048BE0224A6D0E601 ] HCWBT8xx C:\WINDOWS\system32\drivers\HCWBT8XX.sys
22:33:47.0305 5392 HCWBT8xx - ok
22:33:47.0320 5392 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:33:47.0320 5392 HDAudBus - ok
22:33:47.0352 5392 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:33:47.0352 5392 helpsvc - ok
22:33:47.0367 5392 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:33:47.0367 5392 HidServ - ok
22:33:47.0367 5392 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:33:47.0367 5392 hidusb - ok
22:33:47.0383 5392 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:33:47.0399 5392 hkmsvc - ok
22:33:47.0399 5392 hpn - ok
22:33:47.0430 5392 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:33:47.0430 5392 HTTP - ok
22:33:47.0445 5392 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:33:47.0445 5392 HTTPFilter - ok
22:33:47.0445 5392 i2omgmt - ok
22:33:47.0445 5392 i2omp - ok
22:33:47.0461 5392 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:33:47.0461 5392 i8042prt - ok
22:33:47.0539 5392 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:33:47.0586 5392 IDriverT - ok
22:33:47.0633 5392 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:33:47.0649 5392 idsvc - ok
22:33:47.0649 5392 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:33:47.0649 5392 Imapi - ok
22:33:47.0664 5392 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:33:47.0664 5392 ImapiService - ok
22:33:47.0680 5392 ini910u - ok
22:33:47.0805 5392 [ 5D138ADC44C43BF37634C8E528D75B1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:33:47.0867 5392 IntcAzAudAddService - ok
22:33:47.0867 5392 IntelIde - ok
22:33:47.0899 5392 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:33:47.0899 5392 Ip6Fw - ok
22:33:47.0914 5392 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:33:47.0914 5392 IpFilterDriver - ok
22:33:47.0930 5392 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:33:47.0930 5392 IpInIp - ok
22:33:47.0945 5392 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:33:47.0945 5392 IpNat - ok
22:33:47.0992 5392 [ 962BC769D1008D83F6A00B9DE887EEF4 ] iPodService C:\Program Files\iPod\bin\iPodService.exe
22:33:47.0992 5392 iPodService - ok
22:33:48.0008 5392 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:33:48.0008 5392 IPSec - ok
22:33:48.0024 5392 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:33:48.0024 5392 IRENUM - ok
22:33:48.0039 5392 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:33:48.0039 5392 isapnp - ok
22:33:48.0117 5392 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
22:33:48.0117 5392 JavaQuickStarterService - ok
22:33:48.0117 5392 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:33:48.0117 5392 Kbdclass - ok
22:33:48.0133 5392 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:33:48.0133 5392 kbdhid - ok
22:33:48.0133 5392 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:33:48.0133 5392 kmixer - ok
22:33:48.0149 5392 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:33:48.0149 5392 KSecDD - ok
22:33:48.0180 5392 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:33:48.0180 5392 lanmanserver - ok
22:33:48.0211 5392 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:33:48.0211 5392 lanmanworkstation - ok
22:33:48.0211 5392 lbrtfdc - ok
22:33:48.0258 5392 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:33:48.0258 5392 LmHosts - ok
22:33:48.0305 5392 [ A8382713F5870E4AF1DE4E8F7AF9D882 ] Macromedia Licensing Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
22:33:48.0305 5392 Macromedia Licensing Service - ok
22:33:48.0320 5392 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:33:48.0320 5392 Messenger - ok
22:33:48.0320 5392 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:33:48.0336 5392 mnmdd - ok
22:33:48.0352 5392 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:33:48.0352 5392 mnmsrvc - ok
22:33:48.0367 5392 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:33:48.0367 5392 Modem - ok
22:33:48.0399 5392 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
22:33:48.0414 5392 Monfilt - ok
22:33:48.0430 5392 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:33:48.0430 5392 Mouclass - ok
22:33:48.0445 5392 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:33:48.0445 5392 mouhid - ok
22:33:48.0445 5392 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:33:48.0461 5392 MountMgr - ok
22:33:48.0492 5392 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:33:48.0492 5392 MozillaMaintenance - ok
22:33:48.0524 5392 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:33:48.0524 5392 MpFilter - ok
22:33:48.0617 5392 [ A69630D039C38018689190234F866D77 ] MpKsl8f6c6478 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD916C67-892D-4FDC-A7F6-F9CCDC7D8DBD}\MpKsl8f6c6478.sys
22:33:48.0617 5392 MpKsl8f6c6478 - ok
22:33:48.0617 5392 mraid35x - ok
22:33:48.0617 5392 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:33:48.0617 5392 MRxDAV - ok
22:33:48.0649 5392 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:33:48.0664 5392 MRxSmb - ok
22:33:48.0664 5392 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:33:48.0664 5392 MSDTC - ok
22:33:48.0664 5392 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:33:48.0664 5392 Msfs - ok
22:33:48.0664 5392 MSIServer - ok
22:33:48.0680 5392 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:33:48.0680 5392 MSKSSRV - ok
22:33:48.0758 5392 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:33:48.0758 5392 MsMpSvc - ok
22:33:48.0758 5392 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:33:48.0758 5392 MSPCLOCK - ok
22:33:48.0774 5392 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:33:48.0774 5392 MSPQM - ok
22:33:48.0774 5392 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:33:48.0774 5392 mssmbios - ok
22:33:48.0805 5392 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:33:48.0805 5392 MSTEE - ok
22:33:48.0805 5392 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:33:48.0805 5392 Mup - ok
22:33:48.0836 5392 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:33:48.0836 5392 NABTSFEC - ok
22:33:48.0899 5392 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:33:48.0899 5392 napagent - ok
22:33:48.0914 5392 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:33:48.0914 5392 NDIS - ok
22:33:48.0914 5392 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:33:48.0914 5392 NdisIP - ok
22:33:48.0945 5392 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:33:48.0945 5392 NdisTapi - ok
22:33:48.0977 5392 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:33:48.0977 5392 Ndisuio - ok
22:33:48.0977 5392 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:33:48.0977 5392 NdisWan - ok
22:33:49.0008 5392 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:33:49.0008 5392 NDProxy - ok
22:33:49.0008 5392 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:33:49.0008 5392 NetBIOS - ok
22:33:49.0024 5392 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:33:49.0024 5392 NetBT - ok
22:33:49.0039 5392 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
22:33:49.0055 5392 NetDDE - ok
22:33:49.0055 5392 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:33:49.0055 5392 NetDDEdsdm - ok
22:33:49.0086 5392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:33:49.0086 5392 Netlogon - ok
22:33:49.0133 5392 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:33:49.0133 5392 Netman - ok
22:33:49.0149 5392 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:33:49.0149 5392 NetTcpPortSharing - ok
22:33:49.0180 5392 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:33:49.0180 5392 Nla - ok
22:33:49.0211 5392 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
22:33:49.0211 5392 NMSAccess - ok
22:33:49.0227 5392 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:33:49.0227 5392 Npfs - ok
22:33:49.0227 5392 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:33:49.0242 5392 Ntfs - ok
22:33:49.0242 5392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:33:49.0242 5392 NtLmSsp - ok
22:33:49.0274 5392 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:33:49.0274 5392 NtmsSvc - ok
22:33:49.0289 5392 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:33:49.0289 5392 Null - ok
22:33:49.0320 5392 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:33:49.0320 5392 NwlnkFlt - ok
22:33:49.0320 5392 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:33:49.0320 5392 NwlnkFwd - ok
22:33:49.0336 5392 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:33:49.0336 5392 Parport - ok
22:33:49.0336 5392 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:33:49.0336 5392 PartMgr - ok
22:33:49.0383 5392 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:33:49.0383 5392 ParVdm - ok
22:33:49.0383 5392 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:33:49.0383 5392 PCI - ok
22:33:49.0383 5392 PCIDump - ok
22:33:49.0383 5392 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:33:49.0383 5392 PCIIde - ok
22:33:49.0414 5392 [ 1BEBE7DE8508A02650CDCE45C664C2A2 ] PCLEPCI C:\WINDOWS\system32\drivers\pclepci.sys
22:33:49.0414 5392 PCLEPCI - ok
22:33:49.0430 5392 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:33:49.0430 5392 Pcmcia - ok
22:33:49.0430 5392 PDCOMP - ok
22:33:49.0430 5392 PDFRAME - ok
22:33:49.0445 5392 PDRELI - ok
22:33:49.0445 5392 PDRFRAME - ok
22:33:49.0445 5392 perc2 - ok
22:33:49.0445 5392 perc2hib - ok
22:33:49.0477 5392 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:33:49.0477 5392 PlugPlay - ok
22:33:49.0477 5392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:33:49.0477 5392 PolicyAgent - ok
22:33:49.0492 5392 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:33:49.0492 5392 PptpMiniport - ok
22:33:49.0492 5392 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
22:33:49.0492 5392 Processor - ok
22:33:49.0492 5392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:33:49.0492 5392 ProtectedStorage - ok
22:33:49.0492 5392 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:33:49.0492 5392 PSched - ok
22:33:49.0508 5392 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:33:49.0508 5392 Ptilink - ok
22:33:49.0508 5392 ql1080 - ok
22:33:49.0508 5392 Ql10wnt - ok
22:33:49.0508 5392 ql12160 - ok
22:33:49.0508 5392 ql1240 - ok
22:33:49.0524 5392 ql1280 - ok
22:33:49.0524 5392 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:33:49.0524 5392 RasAcd - ok
22:33:49.0555 5392 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:33:49.0555 5392 RasAuto - ok
22:33:49.0586 5392 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:33:49.0586 5392 Rasl2tp - ok
22:33:49.0617 5392 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:33:49.0617 5392 RasMan - ok
22:33:49.0617 5392 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:33:49.0617 5392 RasPppoe - ok
22:33:49.0617 5392 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:33:49.0617 5392 Raspti - ok
22:33:49.0617 5392 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:33:49.0633 5392 Rdbss - ok
22:33:49.0633 5392 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:33:49.0633 5392 RDPCDD - ok
22:33:49.0633 5392 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:33:49.0633 5392 rdpdr - ok
22:33:49.0664 5392 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:33:49.0664 5392 RDPWD - ok
22:33:49.0695 5392 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:33:49.0711 5392 RDSessMgr - ok
22:33:49.0711 5392 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:33:49.0711 5392 redbook - ok
22:33:49.0758 5392 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:33:49.0758 5392 RemoteAccess - ok
22:33:49.0789 5392 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:33:49.0789 5392 RemoteRegistry - ok
22:33:49.0789 5392 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
22:33:49.0789 5392 RpcLocator - ok
22:33:49.0820 5392 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:33:49.0836 5392 RpcSs - ok
22:33:49.0852 5392 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:33:49.0852 5392 RSVP - ok
22:33:49.0883 5392 [ 3AE0728E82EDEAE0D9C37651C0451535 ] RT25USBAP C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
22:33:49.0945 5392 RT25USBAP - ok
22:33:49.0977 5392 [ D3578C3806ED545E5C36B2A20F5C0B5A ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:33:49.0977 5392 RTLE8023xp - ok
22:33:49.0977 5392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:33:49.0977 5392 SamSs - ok
22:33:49.0977 5392 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:33:49.0992 5392 SCardSvr - ok
22:33:49.0992 5392 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:33:49.0992 5392 Schedule - ok
22:33:50.0039 5392 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:33:50.0039 5392 Secdrv - ok
22:33:50.0055 5392 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:33:50.0055 5392 seclogon - ok
22:33:50.0055 5392 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:33:50.0055 5392 SENS - ok
22:33:50.0055 5392 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:33:50.0070 5392 serenum - ok
22:33:50.0070 5392 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:33:50.0070 5392 Serial - ok
22:33:50.0102 5392 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:33:50.0102 5392 Sfloppy - ok
22:33:50.0133 5392 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:33:50.0149 5392 SharedAccess - ok
22:33:50.0149 5392 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:33:50.0164 5392 ShellHWDetection - ok
22:33:50.0164 5392 Simbad - ok
22:33:50.0195 5392 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:33:50.0195 5392 SkypeUpdate - ok
22:33:50.0227 5392 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:33:50.0227 5392 SLIP - ok
22:33:50.0242 5392 Sparrow - ok
22:33:50.0258 5392 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:33:50.0258 5392 splitter - ok
22:33:50.0289 5392 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:33:50.0289 5392 Spooler - ok
22:33:50.0320 5392 [ D390675B8CE45E5FB359338E5E649329 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
22:33:50.0320 5392 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: D390675B8CE45E5FB359338E5E649329
22:33:50.0320 5392 sptd ( LockedFile.Multi.Generic ) - warning
22:33:50.0320 5392 sptd - detected LockedFile.Multi.Generic (1)
22:33:50.0352 5392 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:33:50.0352 5392 sr - ok
22:33:50.0367 5392 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:33:50.0367 5392 srservice - ok
22:33:50.0383 5392 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:33:50.0383 5392 Srv - ok
22:33:50.0414 5392 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:33:50.0414 5392 SSDPSRV - ok
22:33:50.0430 5392 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
22:33:50.0430 5392 StarOpen - ok
22:33:50.0430 5392 Steam Client Service - ok
22:33:50.0477 5392 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:33:50.0477 5392 stisvc - ok
22:33:50.0492 5392 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:33:50.0492 5392 streamip - ok
22:33:50.0492 5392 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:33:50.0492 5392 swenum - ok
22:33:50.0524 5392 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:33:50.0524 5392 swmidi - ok
22:33:50.0524 5392 SwPrv - ok
22:33:50.0524 5392 symc810 - ok
22:33:50.0524 5392 symc8xx - ok
22:33:50.0539 5392 sym_hi - ok
22:33:50.0539 5392 sym_u3 - ok
22:33:50.0555 5392 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:33:50.0555 5392 sysaudio - ok
22:33:50.0586 5392 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:33:50.0586 5392 SysmonLog - ok
22:33:50.0649 5392 [ 7855D6371E72EDCE0C4148AC79674DD4 ] TabletServiceWacom C:\WINDOWS\system32\Wacom_Tablet.exe
22:33:50.0664 5392 TabletServiceWacom - ok
22:33:50.0695 5392 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:33:50.0695 5392 TapiSrv - ok
22:33:50.0711 5392 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:33:50.0727 5392 Tcpip - ok
22:33:50.0727 5392 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:33:50.0727 5392 TDPIPE - ok
22:33:50.0742 5392 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:33:50.0742 5392 TDTCP - ok
22:33:50.0758 5392 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:33:50.0758 5392 TermDD - ok
22:33:50.0774 5392 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:33:50.0774 5392 TermService - ok
22:33:50.0774 5392 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:33:50.0789 5392 Themes - ok
22:33:50.0820 5392 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:33:50.0820 5392 TlntSvr - ok
22:33:50.0820 5392 TosIde - ok
22:33:50.0836 5392 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:33:50.0836 5392 TrkWks - ok
22:33:50.0836 5392 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:33:50.0836 5392 Udfs - ok
22:33:50.0852 5392 ultra - ok
22:33:50.0883 5392 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:33:50.0883 5392 Update - ok
22:33:50.0914 5392 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:33:50.0914 5392 upnphost - ok
22:33:50.0930 5392 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:33:50.0930 5392 UPS - ok
22:33:50.0945 5392 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:33:50.0945 5392 usbaudio - ok
22:33:50.0961 5392 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:33:50.0961 5392 usbccgp - ok
22:33:50.0977 5392 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:33:50.0977 5392 usbehci - ok
22:33:50.0977 5392 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:33:50.0977 5392 usbhub - ok
22:33:50.0992 5392 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:33:50.0992 5392 usbohci - ok
22:33:51.0008 5392 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:33:51.0008 5392 usbscan - ok
22:33:51.0024 5392 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:33:51.0024 5392 usbstor - ok
22:33:51.0039 5392 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:33:51.0039 5392 VgaSave - ok
22:33:51.0039 5392 ViaIde - ok
22:33:51.0039 5392 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:33:51.0039 5392 VolSnap - ok
22:33:51.0055 5392 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
22:33:51.0055 5392 VSS - ok
22:33:51.0070 5392 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
22:33:51.0070 5392 W32Time - ok
22:33:51.0070 5392 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
22:33:51.0070 5392 wacommousefilter - ok
22:33:51.0086 5392 [ 73E6F16A1F187D71FB26AF308551E54A ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
22:33:51.0086 5392 wacomvhid - ok
22:33:51.0086 5392 [ 889459833432B161CB99CFDF84A1A9BB ] WacomVKHid C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
22:33:51.0086 5392 WacomVKHid - ok
22:33:51.0086 5392 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:33:51.0086 5392 Wanarp - ok
22:33:51.0102 5392 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
22:33:51.0102 5392 WDC_SAM - ok
22:33:51.0164 5392 [ 0220362DEB2A21551B418D61F3153347 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
22:33:51.0164 5392 WDDMService - ok
22:33:51.0164 5392 WDICA - ok
22:33:51.0180 5392 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:33:51.0180 5392 wdmaud - ok
22:33:51.0195 5392 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
22:33:51.0195 5392 WDSmartWareBackgroundService - ok
22:33:51.0195 5392 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:33:51.0195 5392 WebClient - ok
22:33:51.0258 5392 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:33:51.0258 5392 winmgmt - ok
22:33:51.0289 5392 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
22:33:51.0289 5392 WmdmPmSN - ok
22:33:51.0320 5392 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:33:51.0320 5392 Wmi - ok
22:33:51.0336 5392 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:33:51.0336 5392 WmiAcpi - ok
22:33:51.0336 5392 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:33:51.0336 5392 WmiApSrv - ok
22:33:51.0383 5392 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:33:51.0383 5392 wscsvc - ok
22:33:51.0399 5392 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:33:51.0399 5392 WSTCODEC - ok
22:33:51.0414 5392 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:33:51.0414 5392 wuauserv - ok
22:33:51.0430 5392 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:33:51.0445 5392 WZCSVC - ok
22:33:51.0477 5392 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:33:51.0477 5392 xmlprov - ok
22:33:51.0477 5392 ZDPSp50 - ok
22:33:51.0492 5392 ================ Scan global ===============================
22:33:51.0508 5392 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:33:51.0555 5392 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:33:51.0570 5392 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:33:51.0570 5392 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:33:51.0570 5392 [Global] - ok
22:33:51.0570 5392 ================ Scan MBR ==================================
22:33:51.0602 5392 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:33:51.0774 5392 \Device\Harddisk0\DR0 - ok
22:33:51.0774 5392 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
22:33:51.0836 5392 \Device\Harddisk1\DR1 - ok
22:33:51.0852 5392 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR4
22:33:51.0961 5392 \Device\Harddisk2\DR4 - ok
22:33:51.0961 5392 ================ Scan VBR ==================================
22:33:51.0961 5392 [ 8CCD18D91C414BB76D189EE4F9383670 ] \Device\Harddisk0\DR0\Partition1
22:33:51.0961 5392 \Device\Harddisk0\DR0\Partition1 - ok
22:33:51.0977 5392 [ ABA7BB530658141D9654C85ECD1C0E12 ] \Device\Harddisk1\DR1\Partition1
22:33:51.0977 5392 \Device\Harddisk1\DR1\Partition1 - ok
22:33:51.0977 5392 [ EE3DC49BBC7BDFB67117D318E9B51AA1 ] \Device\Harddisk2\DR4\Partition1
22:33:51.0977 5392 \Device\Harddisk2\DR4\Partition1 - ok
22:33:51.0977 5392 ============================================================
22:33:51.0977 5392 Scan finished
22:33:51.0977 5392 ============================================================
22:33:51.0977 2092 Detected object count: 1
22:33:51.0977 2092 Actual detected object count: 1
22:34:26.0742 2092 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:34:26.0742 2092 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:35:18.0117 4512 Deinitialize success

Pikpik
2012-10-10, 09:19
OTL:

OTL logfile created on: 10/9/2012 10:36:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Zarla\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 76.81% Memory free
4.96 Gb Paging File | 4.35 Gb Available in Paging File | 87.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 563.57 Gb Free Space | 60.50% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 29.32 Gb Free Space | 6.30% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 930.86 Gb Total Space | 61.65 Gb Free Space | 6.62% Space Free | Partition Type: NTFS
Drive X: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CEDA-09E6FD4986 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Zarla\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Last.fm\LastFMHelper.exe (Last.fm)
PRC - C:\Program Files\Last.fm\LastFM.exe (Last.fm)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()


========== Services (SafeList) ==========

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)


========== Driver Services (SafeList) ==========

DRV - (ZDPSp50) -- System32\Drivers\ZDPSp50.sys File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (BLKWGU(Belkin) -- system32\DRIVERS\BLKWGU.sys File not found
DRV - (apgcd1yn) -- File not found
DRV - (MpKsl8f6c6478) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD916C67-892D-4FDC-A7F6-F9CCDC7D8DBD}\MpKsl8f6c6478.sys (Microsoft Corporation)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (ahcix86) -- C:\WINDOWS\system32\drivers\ahcix86.sys (Advanced Micro Devices, Inc)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (amdide) -- C:\WINDOWS\system32\drivers\amdide.sys (Advanced Micro Devices)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (HCWBT8xx) -- C:\WINDOWS\system32\drivers\HCWBT8XX.sys (Hauppauge Computer Works)
DRV - (RT25USBAP) -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 F5 1A 3E B9 A3 CD 01 [binary data]
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-436374069-1202660629-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/30 10:25:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/30 10:25:35 | 000,000,000 | ---D | M]

[2012/09/30 10:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-436374069-1202660629-839522115-1003..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-436374069-1202660629-839522115-1003..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Zarla\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Zarla\Start Menu\Programs\Startup\Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (Last.fm)
O4 - Startup: C:\Documents and Settings\Zarla\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-436374069-1202660629-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-1202660629-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344119090125 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344119235656 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E885F99-6B75-4C9E-AFC6-346B05F06238}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/14 20:21:29 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2012/08/04 02:55:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/28 13:00:27 | 000,000,088 | R--- | M] () - X:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/09 22:30:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/10/09 22:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2012/10/09 22:30:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/10/09 22:30:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/10/09 22:30:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/10/09 22:30:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/10/09 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/10/09 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/10/09 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/10/09 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/10/09 22:30:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/10/09 22:30:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/10/09 22:30:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/10/09 22:30:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/10/09 22:30:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/10/09 22:30:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/10/09 22:30:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/10/09 22:30:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/10/07 15:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Compound File Explorer
[2012/10/07 15:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CoCo Systems
[2012/10/07 15:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\CoCo Systems
[2012/10/06 04:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SourceTec
[2012/10/06 04:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2012/10/06 04:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2012/10/06 04:23:39 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/30 21:09:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/09/30 21:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/09/30 21:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/30 10:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012/09/30 09:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/09/30 09:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/30 00:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/30 00:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/29 00:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/29 00:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/29 00:54:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/29 00:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/29 00:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/09/28 20:19:49 | 000,073,136 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/09 22:27:05 | 025,054,208 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness4.fla
[2012/10/09 21:44:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1202660629-839522115-1003UA.job
[2012/10/09 17:44:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1202660629-839522115-1003Core.job
[2012/10/09 09:24:08 | 003,043,446 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness4.swf
[2012/10/09 07:43:35 | 025,018,368 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness3.fla
[2012/10/09 07:32:01 | 003,088,214 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness3.swf
[2012/10/09 01:14:19 | 024,757,760 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness2.fla
[2012/10/08 22:11:42 | 024,684,032 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness.fla
[2012/10/08 20:16:01 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/10/08 20:16:01 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/10/08 16:10:36 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/08 15:51:01 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/08 15:51:01 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/08 15:47:06 | 000,000,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/10/08 15:46:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/08 15:46:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/07 22:49:10 | 002,958,775 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness2.swf
[2012/10/07 19:27:26 | 002,810,798 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness.swf
[2012/10/06 05:03:13 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/06 05:03:13 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/06 04:28:27 | 000,000,395 | ---- | M] () -- C:\WINDOWS\PKZIPW.INI
[2012/10/01 19:50:10 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/09/30 10:25:38 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/30 09:03:02 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/30 08:01:03 | 000,443,587 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_infected
[2012/09/30 07:08:02 | 000,000,124 | ---- | M] () -- C:\WINDOWS\System32\pixelcity.ini
[2012/09/29 06:32:14 | 000,443,587 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120930-002014.backup
[2012/09/29 06:11:59 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2012/09/25 01:52:04 | 003,778,688 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Love is War chorus.mp3
[2012/09/17 14:23:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/09 22:30:36 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/10/09 22:30:36 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/10/09 09:24:03 | 003,043,446 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness4.swf
[2012/10/09 01:10:03 | 025,054,208 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness4.fla
[2012/10/08 20:16:01 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/10/08 20:16:01 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/10/07 14:19:13 | 003,088,214 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness3.swf
[2012/10/07 12:34:56 | 025,018,368 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness3.fla
[2012/10/07 10:47:48 | 002,958,775 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness2.swf
[2012/10/06 07:08:57 | 024,757,760 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness2.fla
[2012/10/06 05:06:50 | 002,810,798 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness.swf
[2012/10/06 03:04:11 | 024,684,032 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness.fla
[2012/10/01 20:12:53 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/30 10:25:38 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/29 06:12:00 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2012/09/29 06:12:00 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2012/09/29 06:12:00 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
[2012/09/29 06:12:00 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/08/30 23:07:52 | 000,018,073 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2012/08/18 23:57:36 | 000,000,395 | ---- | C] () -- C:\WINDOWS\PKZIPW.INI
[2012/08/17 11:04:17 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/08/17 11:04:17 | 000,601,728 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/08/17 11:04:17 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/08/17 11:01:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/17 00:41:40 | 000,000,124 | ---- | C] () -- C:\WINDOWS\System32\pixelcity.ini
[2012/08/16 02:30:11 | 004,874,240 | ---- | C] () -- C:\WINDOWS\System32\DSE2_DFT.dll
[2012/08/14 15:58:26 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2012/08/14 15:58:20 | 000,000,127 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2012/08/14 15:03:36 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2012/08/14 10:33:09 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2012/08/14 10:33:08 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2012/08/14 10:33:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2012/08/14 10:33:07 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2012/08/14 10:33:07 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2012/08/14 10:33:07 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2012/08/14 09:47:13 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/08/14 08:04:30 | 000,001,110 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2012/08/14 06:16:58 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AlchemyMindworksUpdateList.INI
[2012/08/14 06:16:38 | 000,212,992 | ---- | C] () -- C:\WINDOWS\ALCHUNIN.EXE
[2012/08/04 22:30:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/08/04 22:20:55 | 000,509,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/04 17:56:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/04 17:27:45 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/08/04 17:27:45 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/08/04 17:27:45 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2012/08/04 17:27:41 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/08/04 17:27:37 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/08/04 16:32:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/08/04 16:23:29 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/08/04 16:17:24 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/08/04 02:57:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/08/04 02:53:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/08/04 16:13:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


Extras:

OTL Extras logfile created on: 10/9/2012 10:36:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Zarla\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 76.81% Memory free
4.96 Gb Paging File | 4.35 Gb Available in Paging File | 87.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 563.57 Gb Free Space | 60.50% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 29.32 Gb Free Space | 6.30% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 930.86 Gb Total Space | 61.65 Gb Free Space | 6.62% Space Free | Partition Type: NTFS
Drive X: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CEDA-09E6FD4986 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\auditorium\Auditorium.exe" = C:\Program Files\Steam\steamapps\common\auditorium\Auditorium.exe:*:Enabled:Auditorium -- ()
"C:\Program Files\Steam\steamapps\common\the binding of isaac\Isaac.exe" = C:\Program Files\Steam\steamapps\common\the binding of isaac\Isaac.exe:*:Enabled:The Binding of Isaac -- (Edmund Mcmillen & Florian Himsl )
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe" = C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Program Files\Steam\steamapps\common\cogs\cogs.exe" = C:\Program Files\Steam\steamapps\common\cogs\cogs.exe:*:Enabled:Cogs -- ()
"C:\Program Files\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe" = C:\Program Files\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe:*:Enabled:Audiosurf -- ()
"C:\Program Files\Steam\steamapps\common\the sims 3\Game\Bin\Sims3Launcher.exe" = C:\Program Files\Steam\steamapps\common\the sims 3\Game\Bin\Sims3Launcher.exe:*:Enabled:The Sims(TM) 3 -- (Electronic Arts, Inc.)
"C:\Program Files\Steam\steamapps\common\the sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\steamapps\common\the sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:The Sims(TM) 3 -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B94925-4A1C-D7AC-A851-0E7A9D5ED8BE}" = CCC Help Thai
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11EECEB2-5C76-99CD-2E39-756CBDD73499}" = CCC Help Spanish
"{146303B2-EA46-4BFB-8054-FC75A0D0088B}" = VOCALOID Voice DB (Miriam)
"{18E70170-C334-44BB-ACCA-3DCCC65CE4C7}" = VOCALOID SKIN (Zero-G LOLA)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2154AF92-3049-42C5-A4C0-83AE99436752}" = VOCALOID Expression DB (Leon)
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{2515EAA9-AE9F-4F0A-8301-B40034838B8A}" = Livestream Procaster
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2AE31B63-387A-249C-2124-5C459B07B8E3}" = CCC Help Korean
"{2B1D90C0-F2C0-C20A-0C21-6B2DEEEB33BC}" = CCC Help Dutch
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{2FB56B11-9A6F-4962-8598-FE68F9BDBB52}" = VOCALOID SKIN (Crypton MEIKO)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B786ABD-AA64-0225-3925-8FA3F77FE53B}" = CCC Help Polish
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{44F77FBE-828D-4B04-A02B-C70426F65C86}" = VOCALOID Expression DB (Miriam)
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{54D8C662-ED7A-8B98-2ADD-AE6F2F2D0299}" = CCC Help Danish
"{55EE08EE-77A4-475E-A163-D6A673498ECF}" = VOCALOID Voice DB (Lola)
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5C134C7E-537D-4BA2-913D-A6F163DF10D4}" = UTAU 歌声合成ツール
"{6808A819-8657-8AF7-1351-9702425337E7}" = CCC Help Chinese Traditional
"{6B5AB2D2-1C9D-4513-B086-EF52F89568FB}" = VOCALOID Voice DB (Meiko)
"{70AE4016-BCFD-9B62-5B9A-CCB831A3715B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73F64EE9-AC9A-9585-E6DA-7547AD804820}" = CCC Help Chinese Standard
"{76312427-983B-9524-527B-3E44E4620334}" = CCC Help Greek
"{77E75011-B477-842D-F291-7D0985797D56}" = CCC Help Swedish
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8BA70AE2-35EE-8A73-22BD-F2DB17CDD96D}" = Catalyst Control Center InstallProxy
"{8BBB3758-6759-4086-835B-1D665DBE979F}" = VOCALOID SKIN (Zero-G MIRIAM)
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E58E89-4623-CE23-B743-0BFAA94677A6}" = CCC Help German
"{98A957AC-7BA3-82F7-A273-D8C783B23C5F}" = CCC Help French
"{98B069B8-EF38-CE76-1728-02AC63AC0438}" = Catalyst Control Center
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B89EB0D-68C3-4E5D-A705-CD8D37DABF50}" = VOCALOID Expression DB (Standard)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{9EEC34BF-9682-EE9D-ACE4-6C571E24A7EE}" = CCC Help Japanese
"{9F3B5588-E05C-4D99-AA2C-459AA6C5F31E}" = VOCALOID Voice DB (Leon)
"{A0D08A19-EC76-441B-A264-0E71A8F5ABF8}" = VOCALOID SKIN (Crypton KAITO)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A95FF0B9-5CFB-497E-8872-3A5F41AD9D4F}" = VOCALOID2 VSTi V2.0.2.0
"{AB165295-EA7E-6753-55A8-429C08A85690}" = CCC Help Italian
"{AB3902FC-219F-A3A0-10EC-63CFF24DF707}" = Catalyst Control Center Graphics Previews Common
"{AF1BC708-5329-4545-927C-E44E8EC092D3}" = Compound File Explorer
"{B123B3B1-C2A0-47E7-AAAB-D1E2DBE259CB}" = VOCALOID Editor V1.1.2.0
"{B293548D-735F-1F86-1C9C-1A56B8928FEE}" = AMD Catalyst Install Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B40B1EFB-BA7B-462A-EA58-0AD6A05EC931}" = CCC Help English
"{B6588186-9657-486C-AEB1-F57D8E160F19}" = VOCALOID2 Expression DB (Standard)
"{B67624DE-75CE-4FAD-9F29-5C115773CE61}" = Studio 9 Content CD/DVD
"{B7197A7E-AE3B-4575-90CA-6820EC7E7631}" = VOCALOID2 Voice DB (SweetANN)
"{B7CD2ADE-855E-2A1C-683A-3A4C05A7CA5D}" = Catalyst Control Center Localization All
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C14BEC54-8253-6AC5-D446-506281A5E4F8}" = CCC Help Russian
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1EC6451-68A9-7EC2-2DB4-899A09A1CA09}" = CCC Help Norwegian
"{C542D258-F474-6798-A018-EB480B8EDC6C}" = CCC Help Turkish
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{C7904010-6875-4843-8B82-9FC49B2CCC2E}" = VOCALOID SKIN (Zero-G LEON)
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E60588F9-9961-1136-B5A1-74D15B1C0EA1}" = CCC Help Finnish
"{E7DF9EFA-42AE-475F-2C5C-E2E9AC953AA5}" = CCC Help Hungarian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F01C1DBB-E5DE-49BE-97A6-483F128AEFAF}" = VOCALOID Expression DB (Lola)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C1C21B-F56E-400B-B0B0-270D817889F3}" = VOCALOID2 Editor V2.0.2.3
"{F1C27587-F747-D0C8-907C-054B87A08B64}" = ccc-utility
"{F3292D16-6363-4AB8-85AF-75B61544B678}" = VOCALOID Voice DB (Kaito)
"{F7170995-22B7-082B-63D3-776AD36AE749}" = CCC Help Portuguese
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FA82D553-7A07-43A4-98E8-14C62402A4F2}" = Autodesk SketchBook Copic Edition
"{FAC611DA-E445-4D7A-8311-7389C627FA32}" = VOCALOID VSTi V1.1.2.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"AbiWord2" = AbiWord 2.8.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Photoshop v4.0" = Adobe Photoshop v4.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"CravingExplorer_is1" = Craving Explorer Version 1.4.0
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader_is1" = Foxit Reader
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Fraps" = Fraps (remove only)
"GIF Construction Set Professional 3" = GIF Construction Set Professional 3
"Hollywood FX 5.5 Additional Effects" = Hollywood FX 5.5 Additional Effects
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.1.0
"LastFM_is1" = Last.fm 1.4.2.59470
"ljArchive" = ljArchive
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"proDAD-Heroglyph-1.0" = proDAD Heroglyph 1.0
"proDAD-Heroglyph-2.0" = proDAD Heroglyph 2.0
"REAPER" = REAPER
"Steam App 113200" = The Binding of Isaac
"Steam App 12900" = Audiosurf
"Steam App 205870" = Auditorium
"Steam App 26500" = Cogs
"Steam App 440" = Team Fortress 2
"Steam App 47890" = The Sims(TM) 3
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"SUPER ©" = SUPER © Version 2008.bld.30 (Mar 22, 2008)
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"Wacom Tablet Driver" = Wacom Tablet
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"ZhornStickies" = Stickies 7.1a

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/8/2012 6:36:10 PM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.5.1.1763, faulting module
unknown, version 0.0.0.0, fault address 0x3d79a8eb.

Error - 10/8/2012 6:53:32 PM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.1.522.0, faulting module
unknown, version 0.0.0.0, fault address 0x04d40318.

Error - 10/8/2012 6:53:36 PM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1001
Description = Fault bucket -1100585123.

Error - 10/8/2012 6:57:24 PM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.1.522.0, faulting module
mpengine.dll, version 1.1.8800.0, fault address 0x00272f5a.

Error - 10/8/2012 6:57:26 PM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1001
Description = Fault bucket -1117951277.

Error - 10/8/2012 7:11:46 PM | Computer Name = CEDA-09E6FD4986 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80096010, P2 mpupdateengine, P3 am delta,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 10/9/2012 3:40:21 AM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1000
Description = Faulting application flash.exe, version 7.0.0.470, faulting module
flash.exe, version 7.0.0.470, fault address 0x005f8bcb.

Error - 10/9/2012 3:40:27 AM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1001
Description = Fault bucket 72543518.

Error - 10/9/2012 3:42:17 AM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1000
Description = Faulting application flash.exe, version 7.0.0.470, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00018ea0.

Error - 10/9/2012 3:42:21 AM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1001
Description = Fault bucket -1103495833.

[ System Events ]
Error - 10/8/2012 6:57:27 PM | Computer Name = CEDA-09E6FD4986 | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 10/8/2012 6:57:42 PM | Computer Name = CEDA-09E6FD4986 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Microsoft Antimalware Service
service, but this action failed with the following error: %%1056

Error - 10/8/2012 7:00:29 PM | Computer Name = CEDA-09E6FD4986 | Source = Microsoft Antimalware | ID = 5008
Description = %%860 engine has been terminated due to an unexpected error. Failure
Type: %%830 Exception code: 0xc0000005 Resource: file:C:\Documents and Settings\Zarla\Application
Data\Western Digital\WD SmartWare\instances\F90ED62B-E232-4C56-9B8B-668E9BED9495\f90ed62b-e232-4c56-9b8b-668e9bed9495-preinq.db3-journal

Error - 10/8/2012 7:00:29 PM | Computer Name = CEDA-09E6FD4986 | Source = Microsoft Antimalware | ID = 5008
Description = %%860 engine has been terminated due to an unexpected error. Failure
Type: %%830 Exception code: 0xc0000005 Resource: file:C:\Documents and Settings\Zarla\Application
Data\Western Digital\WD SmartWare\instances\EEC7451A-7EDA-4E64-BF6C-625B986D4849\eec7451a-7eda-4e64-bf6c-625b986d4849-preinq.db3-journal

Error - 10/8/2012 7:00:29 PM | Computer Name = CEDA-09E6FD4986 | Source = Service Control Manager | ID = 7034
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 3 time(s).

Error - 10/8/2012 7:11:45 PM | Computer Name = CEDA-09E6FD4986 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: 1.137.1342.0 Previous Signature Version: 1.137.1157.0 Update Source: %%815

Update
Stage: %%854 Source Path: Signature Type: %%800 Update Type: %%804 User: NT AUTHORITY\SYSTEM

Current
Engine Version: 1.1.8800.0 Previous Engine Version: 1.1.8800.0 Error code: 0x80096010

Error
description: The digital signature of the object did not verify.

Error - 10/8/2012 7:11:45 PM | Computer Name = CEDA-09E6FD4986 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: 1.137.1342.0 Previous Signature Version: 1.137.1157.0 Update Source: %%815

Update
Stage: %%854 Source Path: Signature Type: %%801 Update Type: %%804 User: NT AUTHORITY\SYSTEM

Current
Engine Version: 1.1.8800.0 Previous Engine Version: 1.1.8800.0 Error code: 0x80096010

Error
description: The digital signature of the object did not verify.

Error - 10/8/2012 7:11:47 PM | Computer Name = CEDA-09E6FD4986 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.137.1157.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error
code: 0x80070643 Error description: Fatal error during installation.

Error - 10/8/2012 7:11:52 PM | Computer Name = CEDA-09E6FD4986 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138
(Definition 1.137.1342.0).

Error - 10/8/2012 11:26:48 PM | Computer Name = CEDA-09E6FD4986 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume D:.


< End of report >




Recent problems:

I hit more bluescreens over the past few days, usually for no discernable reason. One mentioned a page fault in a non paged area, and the other didn't seem to list a reason. One time it blue screened while I was tapping the undo button on my tablet pen in Flash, and the other it blue screened while I was reading something online. Firefox in general has been crashing almost non-stop but also crashes when I try to update it to the latest version, so I'm using Chrome for now, which hasn't crashed... although it did lock up once. Once it locked up, most everything else locked up, and when I tried to restart or shut down the process, the Task Manager refused to come up until I held the keys down for like five minutes. I tried to tell it to restart, but it had trouble shutting everything down and then hung on my desktop, so I manually restarted it.
For the past day or so it seems to have been behaving itself, but I feel like things are getting worse. Security Essentials in particular keeps crashing and asking me to restart it seemingly randomly, and when I try to run scans with it, the scans usually crash halfway through, but when they do finish, they don't find anything.

torreattack
2012-10-10, 18:49
Hi Pikpik :

I suspected part of the reason for blue screen was caused by Microsoft Security Essentials. However, let's try with others before we "toy" with MSE.

1. Since you said Firefox keep crashing, I think you better uninstall it and then download the latest version and try it again.



Error - 10/8/2012 11:26:48 PM | Computer Name = CEDA-09E6FD4986 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume D:
2. Please run the chkdsk on each of your hardisk and hardisk partition.


3. Please upload Minidump file

Open your browser and go to this website: http://www.sendspace.com/
Click on the picture that written Click to browse
now, go to C:\Windows\Minidump.
click on the lastest Minidump file accroding to the date.
note: example name of minidump file: Mini100812-07.dmp
Click open and then click upload.
At the Download Link section, click Copy Link.
Paste the link to me.


4. Do the antivirus or anti-malware still detected any virus/malware?

Thank you,
torreattack

Pikpik
2012-10-10, 23:57
I set it to run Chkdsk and then when I tried to restart, it hung again on the desktop. When I manually restarted it, it ran chkdsk on the secondary hard drive D, then when it finished it automatically did C, then Windows loaded. I told it to chkdsk C, restarted, it said the volume was clean immediately without doing any scanning that I saw, it came back to Windows, then said it had recovered from a serious error. Then it bluescreened while I was reporting the error, something about bad_pool. I didn't notice it fix anything in either check... the D hard drive is pretty old though. The C one should be fairly new...

Here's the minidump file - http://www.sendspace.com/file/c21l8y

Security Essentials doesn't pick up anything with a Quick Scan, but the thing is most of the time when I tell it to scan it crashes. I tried a full scan with Malwarebytes a little while before I first posted here, and it didn't find anything. Spybot finds a lot of things every time I scan, but it tends to hang at the end of it and when I try to remove them, they all just keep coming back. I tried installing some other anti-viruses like the Outlook one, but that made Windows refuse to boot entirely and also crashed in the middle of a scan. Avast refused to install properly or work either.

There are some Windows updates available, should I install those in the meantime?

torreattack
2012-10-11, 12:44
Hi Pikpik:

1. While we are try to fix your problem, please don't update windows until I tell you so.

2. What is the type of infection that spybot detected? Cookie?

3. Try to download AVIRA antivirus, then install it. If the installation is ok, uninstall the MSE and run a full scan.

4. If you have other minidump files, please upload them as well.

I will be back as soon as possible.
torreattack

Pikpik
2012-10-11, 13:59
I'll try and install Avira... in the meantime, here's what Spybot picks up.

Win32.Autorun.dc3
Bredolab.fb
Fraud.XPDefender2013
Microsoft.Windows.InfectedHostFile
Win32.Agent.ws (all the others have one or two entries, but this one has 49)
Win32.Autorun.dso
Win32.Banker.prx

And it gave me a warning about my browser being infected with Win32.agent.Adb. When I try to get rid of them, they either come back or say that some of the files are in use and ask if I want to run the scan when I restart my computer... when I tried that, it bluescreened at the end of the scan.
Spybot usually hangs near the end of its scan and gets stuck on "scanning download directories".

Here are all the minidump files I have - http://www.sendspace.com/filegroup/YYzDFq%2BGgunzMkU5ZCoJZwF5X4DU1jgSL7XGPTGQWsOpZWxMGQlF7w

Pikpik
2012-10-11, 14:31
I installed Avira, it seemed to go okay until it was supposed to do its first system scan/update, then it crashed. When I opened it again, it updated properly, but when I told it to scan, it bluescreened with "memory_management" listed as the cause. When it rebooted, the Avira symbol disappeared from the taskbar and when I tried to open it, it kept crashing. I uninstalled MSE and kept trying, but the Avira center wouldn't open so I could scan. I tried right clicking a hard drive and telling Avira to scan it, but it crashed. It did successfully scan a single file later though. Windows said that Avira was still on in the security center, but I couldn't access the control center at all. I ended up reinstalling MSE just to be safe, but it looks like Avira isn't working either. Before it bluescreened on the first scan I think it detected at least one suspicious file but I couldn't see what it was.

torreattack
2012-10-14, 03:42
Hi Pikpik:

Sorry for being late, your BSOD problem seem more toward hardware failure.

1. Did you just install new hardware or make a change to some hardware or a hardware driver?

2. Memtest86 v4.0
Memtest86 is absolutely the best of the free memory testing programs.

Download the zipped ISO image (http://www.memtest86.com/memtest86-4.0a.iso.zip)
Once downloaded, extract the ISO file and burn it to a CD.

If you need help, see How To Burn an ISO Image File to a Disc (http://pcsupport.about.com/od/toolsofthetrade/ht/burnisofile.htm).


Next, restart your computer and boot to the CD during startup.

Memtest86 will start immediately and begin testing your RAM.
If Memtest86 doesn't start (for example, your operating system loads as normal or you see an error), then see these tips on booting from discs (http://pcsupport.about.com/od/tipstricks/ht/bootcddvd.htm).


Once one pass has completed without error, the "Pass complete, no errors, press Esc to exit" message will appear. At this point you can press Esc to stop Memtest86 and reboot your PC.

Memtest86 does not stop on its own but will continue to make passes until you stop it.

I recommend replacing the RAM if Memtest86 finds any errors. Even if you aren't seeing issues with your computer right now, you likely will in the future.


3. Do you have access to XP installation disc? If "yes", please try this out.

SFC
The system file checker command compares the system files in your computer with the original ones.
If one is corrupted or missing it will try to replace it. This is the reason to have installation disc handy:

Click on start
Click on run
Type the following text... do not include the quote box title "Quote'

sfc /scannow
note: let the scan run. If it asks you to insert cd, do so


4. If everything ok, can you kindly remove the defective hard drive and observe whether the BSOD happen?


thanks,
torreattack

Pikpik
2012-10-14, 19:07
I crashed a few more times, once a bluescreen and once where the entire computer froze without an error screen at all, which was strange. After coming back Avira seemed to be functioning properly, so I did some scans it found a few items which I quarantined, but the crashes keep happening. For now I uninstalled MSE though since Avira is working.


1 - I haven't been messing around too much with hardware, but there were a few things I was trying to fix. My video card driver wasn't letting me switch resolutions without restarting for a while, so I tried installing and uninstalling various drivers for that to no avail. In the process I also downloaded a driver for my monitor in general, but those are the only drivers I think I've been toying with. I haven't checked to see if the resolution problem is still happening since my computer's crashing so much it hasn't come up...

2 - I'll try Memtest and the SFC replacement thing as soon as possible. I do have a backup hard drive nearby, so if those do fail, I'll try and switch that in and let you know what happens.

torreattack
2012-10-17, 01:08
Pikpik:

Any good news?

torreattack

Pikpik
2012-10-17, 01:17
I ran the SFC scan but I'm not sure if it did anything or not... it asked for the CD a few times, but didn't say whether it replaced anything or not. It didn't give me any explicit errors though.

I haven't tried Memtest yet, but I did roll back the monitor driver to the original Windows one and updated the video drivers in general, and so far the computer hasn't crashed yet. While restarting while installing the drivers, it did act a little strange, like at one point it didn't load the sound drivers properly, and another Avira had trouble starting, but once I got it to boot up completely without errors it hasn't crashed yet. I haven't tried restarting or running scans since though, it might have trouble booting up again...

Are the things that Spybot found before serious problems or false positives? I just wonder if I should be concerned about them...

torreattack
2012-10-17, 19:42
Hi pikpik:

Don't worry about the malware. We will deal with them. But my todo-list is deal with hardware before software, because unexpected stop from hardware during fixing the software problem may make the problem worst.

Let's try for one or two days, if the blue screen or crash problem resolve, we start to deal with software.

By the way, I am not sure whether you are using the latest Spybot, can you uninstall it and download and install again, after that scan the computer again with latest Spybot and tell me the result.

Please post a new OTL log for me.

thanks,
torreattack

Pikpik
2012-10-18, 20:52
The computer was running fine the past couple days... so I uninstalled Spybot, restarted, and reinstalled it like you said. When I ran the scan, it bluescreened... however, when it rebooted, I was able to run the scan without it crashing. I'm not sure why. It found

Microsoft.Windows.InfectedHostfile: [SBI $50865E77] Data (File, nothing done)
C:\WINDOWS\system32\drivers\etc\hosts_infected
Properties.size=443587
Properties.md5=1697DD08A3E2A40BF8C4E1617DDAAAC4
Properties.filedate=1349017264
Properties.filedatetext=2012-09-30 08:01:03

Statcounter: Tracking cookie
Statcounter: Tracking cookie
WebTrends live: Tracking cookie
DoubleClick: Tracking cookie

It didn't mention win32.adb, but it DID say that the Windows hostfile was infected. It also had some errors opening malware.something while scanning? I should have written it down probably...


Here's the OTL log:


OTL logfile created on: 10/18/2012 10:28:56 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Zarla\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 50.80% Memory free
4.96 Gb Paging File | 3.13 Gb Available in Paging File | 63.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 561.33 Gb Free Space | 60.26% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 29.32 Gb Free Space | 6.30% Space Free | Partition Type: NTFS
Drive H: | 930.86 Gb Total Space | 60.02 Gb Free Space | 6.45% Space Free | Partition Type: NTFS
Drive X: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CEDA-09E6FD4986 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Zarla\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Stickies\stickies.exe (Zhorn Software)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Last.fm\LastFMHelper.exe (Last.fm)
PRC - C:\Program Files\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Program Files\Winamp5\winamp.exe (Nullsoft)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()


========== Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)


========== Driver Services (SafeList) ==========

DRV - (ZDPSp50) -- System32\Drivers\ZDPSp50.sys File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (BLKWGU(Belkin) -- system32\DRIVERS\BLKWGU.sys File not found
DRV - (azwdzz51) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (ahcix86) -- C:\WINDOWS\system32\drivers\ahcix86.sys (Advanced Micro Devices, Inc)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (amdide) -- C:\WINDOWS\system32\drivers\amdide.sys (Advanced Micro Devices)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (HCWBT8xx) -- C:\WINDOWS\system32\drivers\HCWBT8XX.sys (Hauppauge Computer Works)
DRV - (RT25USBAP) -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 F5 1A 3E B9 A3 CD 01 [binary data]
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-436374069-1202660629-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/14 08:46:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/14 08:46:15 | 000,000,000 | ---D | M]

[2012/10/14 08:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-436374069-1202660629-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-436374069-1202660629-839522115-1003..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-436374069-1202660629-839522115-1003..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Zarla\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Zarla\Start Menu\Programs\Startup\Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (Last.fm)
O4 - Startup: C:\Documents and Settings\Zarla\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-436374069-1202660629-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-1202660629-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344119090125 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344119235656 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E885F99-6B75-4C9E-AFC6-346B05F06238}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/14 20:21:29 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2012/08/04 02:55:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/28 13:00:27 | 000,000,088 | R--- | M] () - X:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/18 09:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/14 17:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2012/10/14 17:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2012/10/14 09:31:01 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2012/10/14 09:30:59 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2012/10/14 09:30:54 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2012/10/14 09:30:45 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2012/10/14 09:30:43 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2012/10/14 09:30:42 | 000,019,455 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2012/10/14 09:30:40 | 000,012,063 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2012/10/14 09:30:40 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2012/10/14 09:30:34 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2012/10/14 09:30:32 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2012/10/14 09:30:27 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2012/10/14 09:30:24 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2012/10/14 09:30:22 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2012/10/14 09:30:18 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2012/10/14 09:30:18 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2012/10/14 09:30:18 | 000,023,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2012/10/14 09:30:15 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2012/10/14 09:30:14 | 000,033,599 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2012/10/14 09:30:14 | 000,029,311 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2012/10/14 09:30:14 | 000,019,551 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2012/10/14 09:30:12 | 000,012,127 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2012/10/14 09:30:12 | 000,011,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2012/10/14 09:30:11 | 000,012,415 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2012/10/14 09:30:09 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2012/10/14 09:30:06 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2012/10/14 09:30:04 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2012/10/14 09:29:58 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2012/10/14 09:29:56 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2012/10/14 09:29:53 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2012/10/14 09:29:51 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2012/10/14 09:29:48 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2012/10/14 09:29:47 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2012/10/14 09:29:44 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2012/10/14 09:29:42 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2012/10/14 09:29:39 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2012/10/14 09:29:37 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2012/10/14 09:29:34 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2012/10/14 09:29:32 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2012/10/14 09:29:30 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2012/10/14 09:29:27 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2012/10/14 09:29:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2012/10/14 09:29:26 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2012/10/14 09:29:26 | 000,020,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2012/10/14 09:29:25 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2012/10/14 09:29:22 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2012/10/14 09:29:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2012/10/14 09:29:17 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2012/10/14 09:29:15 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2012/10/14 09:29:12 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2012/10/14 09:29:10 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2012/10/14 09:29:08 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2012/10/14 09:29:05 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2012/10/14 09:29:03 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2012/10/14 09:29:01 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2012/10/14 09:28:58 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2012/10/14 09:28:55 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2012/10/14 09:28:52 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2012/10/14 09:28:50 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2012/10/14 09:28:47 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2012/10/14 09:28:45 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2012/10/14 09:28:43 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2012/10/14 09:28:40 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2012/10/14 09:28:38 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2012/10/14 09:28:35 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2012/10/14 09:28:35 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2012/10/14 09:28:33 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2012/10/14 09:28:30 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2012/10/14 09:28:28 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2012/10/14 09:28:25 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2012/10/14 09:28:23 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2012/10/14 09:28:20 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2012/10/14 09:28:17 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2012/10/14 09:28:15 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2012/10/14 09:28:15 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2012/10/14 09:28:12 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2012/10/14 09:28:10 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2012/10/14 09:28:07 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2012/10/14 09:28:04 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2012/10/14 09:28:02 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2012/10/14 09:27:59 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2012/10/14 09:27:56 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2012/10/14 09:27:54 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2012/10/14 09:27:52 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2012/10/14 09:27:50 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2012/10/14 09:27:48 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2012/10/14 09:27:45 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2012/10/14 09:27:43 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2012/10/14 09:27:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2012/10/14 09:27:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2012/10/14 09:27:37 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2012/10/14 09:27:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2012/10/14 09:27:32 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2012/10/14 09:27:30 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2012/10/14 09:27:28 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2012/10/14 09:27:25 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2012/10/14 09:27:22 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2012/10/14 09:27:20 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2012/10/14 09:27:17 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2012/10/14 09:27:14 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2012/10/14 09:27:12 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2012/10/14 09:27:10 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2012/10/14 09:27:07 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2012/10/14 09:27:05 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2012/10/14 09:27:03 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2012/10/14 09:27:01 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2012/10/14 09:26:59 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2012/10/14 09:26:59 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2012/10/14 09:26:56 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2012/10/14 09:26:47 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2012/10/14 09:26:44 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2012/10/14 09:26:42 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2012/10/14 09:26:40 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012/10/14 09:26:38 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2012/10/14 09:26:36 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2012/10/14 09:26:35 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2012/10/14 09:26:35 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2012/10/14 09:26:33 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2012/10/14 09:26:31 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2012/10/14 09:26:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2012/10/14 09:26:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2012/10/14 09:26:24 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2012/10/14 09:26:21 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2012/10/14 09:26:19 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2012/10/14 09:26:17 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2012/10/14 09:26:15 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2012/10/14 09:26:15 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2012/10/14 09:26:12 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2012/10/14 09:26:10 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2012/10/14 09:26:08 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2012/10/14 09:26:06 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2012/10/14 09:26:04 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2012/10/14 09:26:02 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2012/10/14 09:25:57 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2012/10/14 09:25:55 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2012/10/14 09:25:53 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2012/10/14 09:25:51 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2012/10/14 09:25:49 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2012/10/14 09:25:46 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2012/10/14 09:25:44 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2012/10/14 09:25:40 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2012/10/14 09:25:39 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2012/10/14 09:25:37 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2012/10/14 09:25:24 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2012/10/14 09:25:22 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2012/10/14 09:25:20 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2012/10/14 09:25:18 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2012/10/14 09:25:17 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2012/10/14 09:25:15 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2012/10/14 09:25:12 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2012/10/14 09:25:10 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2012/10/14 09:25:08 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2012/10/14 09:25:06 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2012/10/14 09:25:04 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012/10/14 09:25:02 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012/10/14 09:25:00 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012/10/14 09:24:58 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012/10/14 09:24:56 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012/10/14 09:24:54 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012/10/14 09:24:52 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012/10/14 09:24:50 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2012/10/14 09:24:48 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2012/10/14 09:24:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2012/10/14 09:24:45 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012/10/14 09:24:44 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012/10/14 09:24:43 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2012/10/14 09:24:41 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2012/10/14 09:24:39 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2012/10/14 09:24:36 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2012/10/14 09:24:34 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2012/10/14 09:24:33 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/10/14 09:24:31 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2012/10/14 09:24:29 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2012/10/14 09:23:43 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2012/10/14 09:23:40 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012/10/14 09:23:38 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012/10/14 09:23:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2012/10/14 09:23:34 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2012/10/14 09:23:31 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2012/10/14 09:23:29 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2012/10/14 09:23:27 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2012/10/14 09:23:25 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2012/10/14 09:23:23 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2012/10/14 09:23:22 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2012/10/14 09:23:19 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2012/10/14 09:23:17 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2012/10/14 09:23:15 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2012/10/14 09:23:15 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2012/10/14 09:23:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2012/10/14 09:23:10 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2012/10/14 09:23:08 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012/10/14 09:23:07 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2012/10/14 09:23:05 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2012/10/14 09:23:05 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2012/10/14 09:23:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2012/10/14 09:22:59 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2012/10/14 09:22:57 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2012/10/14 09:22:55 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2012/10/14 09:22:53 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2012/10/14 09:22:51 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2012/10/14 09:22:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2012/10/14 09:22:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2012/10/14 09:22:46 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2012/10/14 09:22:46 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2012/10/14 09:22:45 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2012/10/14 09:22:45 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2012/10/14 09:22:43 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2012/10/14 09:22:41 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2012/10/14 09:22:40 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2012/10/14 09:22:38 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2012/10/14 09:22:36 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2012/10/14 09:22:34 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2012/10/14 09:22:32 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2012/10/14 09:22:30 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012/10/14 09:22:30 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012/10/14 09:22:28 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012/10/14 09:22:20 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2012/10/14 09:22:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2012/10/14 09:22:16 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2012/10/14 09:22:14 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2012/10/14 09:22:12 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2012/10/14 09:22:11 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2012/10/14 09:22:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2012/10/14 09:22:07 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2012/10/14 09:22:05 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2012/10/14 09:22:03 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2012/10/14 09:22:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2012/10/14 09:21:59 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012/10/14 09:21:57 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012/10/14 09:21:55 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012/10/14 09:21:53 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2012/10/14 09:21:51 | 000,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2012/10/14 09:21:48 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2012/10/14 09:21:46 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2012/10/14 09:21:43 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2012/10/14 09:18:22 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2012/10/14 09:18:20 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2012/10/14 09:18:20 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2012/10/14 09:18:17 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2012/10/14 09:18:15 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2012/10/14 09:18:09 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2012/10/14 09:18:07 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012/10/14 09:18:04 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2012/10/14 09:18:02 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012/10/14 09:18:00 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012/10/14 09:17:58 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2012/10/14 09:17:55 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012/10/14 09:17:53 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012/10/14 09:17:51 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012/10/14 09:17:50 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012/10/14 09:17:48 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012/10/14 09:17:46 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012/10/14 09:17:44 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2012/10/14 09:17:42 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2012/10/14 09:17:40 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012/10/14 09:17:38 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012/10/14 09:17:36 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012/10/14 09:17:35 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012/10/14 09:17:33 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012/10/14 09:17:31 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2012/10/14 09:17:27 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2012/10/14 09:17:24 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2012/10/14 09:17:21 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2012/10/14 09:17:20 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2012/10/14 09:17:16 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2012/10/14 09:17:14 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2012/10/14 09:17:13 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2012/10/14 09:17:09 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012/10/14 09:17:07 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2012/10/14 09:17:05 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2012/10/14 09:17:02 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2012/10/14 09:16:59 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2012/10/14 09:16:57 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2012/10/14 09:16:57 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2012/10/14 09:16:55 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2012/10/14 09:16:53 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2012/10/14 09:16:50 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/10/14 09:16:48 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2012/10/14 09:15:55 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2012/10/14 09:15:53 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2012/10/14 09:15:52 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2012/10/14 09:15:50 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2012/10/14 09:15:49 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2012/10/14 09:15:47 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/10/14 09:15:46 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/10/14 09:15:45 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/10/14 09:15:45 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2012/10/14 09:15:43 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/10/14 09:15:43 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/10/14 09:15:41 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/10/14 09:15:39 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2012/10/14 09:15:36 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/10/14 09:15:35 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/10/14 09:15:33 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/10/14 09:15:31 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/10/14 09:15:30 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2012/10/14 09:15:29 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/10/14 09:15:27 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/10/14 09:15:25 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2012/10/14 09:15:24 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2012/10/14 09:15:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2012/10/14 09:15:15 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2012/10/14 09:15:13 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2012/10/14 09:15:13 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2012/10/14 09:15:11 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2012/10/14 09:15:11 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/10/14 09:15:10 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2012/10/14 09:15:07 | 000,045,632 | ---- | C] (Interphase (R) Corporation a Windows (R) 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2012/10/14 09:15:06 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2012/10/14 09:15:04 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2012/10/14 09:15:03 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2012/10/14 09:15:02 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2012/10/14 09:15:00 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2012/10/14 09:14:50 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/10/14 09:14:48 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2012/10/14 09:14:46 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2012/10/14 09:14:45 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2012/10/14 09:14:43 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2012/10/14 09:14:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2012/10/14 09:14:40 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2012/10/14 09:14:38 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2012/10/14 09:14:36 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2012/10/14 09:14:35 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2012/10/14 09:14:33 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2012/10/14 09:14:32 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2012/10/14 09:14:30 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2012/10/14 09:14:28 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2012/10/14 09:14:27 | 000,702,845 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2012/10/14 09:14:27 | 000,161,020 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2012/10/14 09:14:26 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2012/10/14 09:14:24 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2012/10/14 09:14:23 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2012/10/14 09:14:23 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2012/10/14 09:14:18 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2012/10/14 09:14:17 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2012/10/14 09:14:15 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2012/10/14 09:14:13 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2012/10/14 09:14:12 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2012/10/14 09:14:10 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2012/10/14 09:14:09 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2012/10/14 09:14:07 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2012/10/14 09:14:05 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2012/10/14 09:14:04 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2012/10/14 09:14:02 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2012/10/14 09:14:01 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2012/10/14 09:13:59 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2012/10/14 09:13:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2012/10/14 09:13:56 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2012/10/14 09:13:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2012/10/14 09:13:53 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2012/10/14 09:13:51 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2012/10/14 09:13:50 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2012/10/14 09:13:48 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/10/14 09:13:45 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2012/10/14 09:13:42 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/10/14 09:13:39 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2012/10/14 09:13:36 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2012/10/14 09:13:33 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2012/10/14 09:13:31 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2012/10/14 09:13:30 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2012/10/14 09:13:29 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys

Pikpik
2012-10-18, 20:53
[2012/10/14 09:13:27 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2012/10/14 09:13:26 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/10/14 09:13:25 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/10/14 09:13:24 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/10/14 09:13:23 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2012/10/14 09:13:22 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2012/10/14 09:13:21 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2012/10/14 09:13:19 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2012/10/14 09:13:18 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2012/10/14 09:13:17 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2012/10/14 09:13:15 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/10/14 09:13:11 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2012/10/14 09:13:09 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/10/14 09:13:08 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/10/14 09:13:06 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/10/14 09:13:05 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/10/14 09:13:03 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/10/14 09:13:03 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/10/14 09:13:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2012/10/14 09:12:59 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2012/10/14 09:12:55 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2012/10/14 09:12:48 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/10/14 09:12:47 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2012/10/14 09:12:46 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/10/14 09:12:44 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/10/14 09:12:43 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2012/10/14 09:12:41 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2012/10/14 09:12:39 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2012/10/14 09:12:38 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2012/10/14 09:12:37 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2012/10/14 09:12:35 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2012/10/14 09:12:35 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2012/10/14 09:12:34 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2012/10/14 09:12:32 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2012/10/14 09:12:31 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2012/10/14 09:12:30 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2012/10/14 09:12:28 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2012/10/14 09:12:27 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2012/10/14 09:12:26 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2012/10/14 09:12:25 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2012/10/14 09:12:23 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2012/10/14 09:12:22 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2012/10/14 09:12:21 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2012/10/14 09:12:20 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2012/10/14 09:12:18 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2012/10/14 09:12:17 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2012/10/14 09:12:16 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2012/10/14 09:12:15 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
[2012/10/14 09:12:14 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2012/10/14 09:12:12 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2012/10/14 09:12:11 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2012/10/14 09:12:10 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2012/10/14 09:12:09 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2012/10/14 09:12:08 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2012/10/14 09:12:07 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2012/10/14 09:12:07 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2012/10/14 09:12:06 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2012/10/14 09:12:05 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2012/10/14 09:12:04 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2012/10/14 09:12:03 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2012/10/14 09:12:02 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2012/10/14 09:12:01 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2012/10/14 09:12:01 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2012/10/14 09:12:00 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2012/10/14 09:11:59 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2012/10/14 09:11:58 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2012/10/14 09:11:56 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2012/10/14 09:11:56 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2012/10/14 09:11:55 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2012/10/14 09:11:53 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2012/10/14 09:11:52 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/10/14 09:11:51 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2012/10/14 09:11:50 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/10/14 09:11:49 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2012/10/14 09:11:48 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2012/10/14 09:11:47 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2012/10/14 09:11:47 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2012/10/14 09:11:45 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/10/14 09:11:44 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/10/14 09:11:44 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2012/10/14 09:11:43 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/10/14 09:11:40 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/10/14 09:11:39 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/10/14 09:11:38 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/10/14 09:11:38 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/10/14 09:11:36 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2012/10/14 09:11:36 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/10/14 09:11:35 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2012/10/14 09:11:34 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2012/10/14 09:11:33 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2012/10/14 09:11:33 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2012/10/14 09:11:32 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2012/10/14 09:11:31 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2012/10/14 09:11:31 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2012/10/14 09:11:30 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2012/10/14 09:11:29 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2012/10/14 09:11:28 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2012/10/14 09:11:28 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2012/10/14 09:11:27 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2012/10/14 09:11:26 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2012/10/14 09:11:25 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2012/10/14 09:11:24 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/10/14 09:11:23 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/10/14 09:11:23 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2012/10/14 09:11:22 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2012/10/14 09:11:21 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/10/14 09:11:20 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2012/10/14 09:11:19 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2012/10/14 09:11:19 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2012/10/14 09:11:18 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2012/10/14 09:11:17 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2012/10/14 09:11:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2012/10/14 09:11:15 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2012/10/14 09:11:14 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2012/10/14 09:11:13 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2012/10/14 09:11:12 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2012/10/14 09:11:12 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2012/10/14 09:11:11 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2012/10/14 09:11:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2012/10/14 09:11:10 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2012/10/14 09:11:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2012/10/14 09:11:08 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2012/10/14 09:11:07 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/10/14 09:11:07 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/10/14 09:11:07 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2012/10/14 09:11:06 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/10/14 09:11:05 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/10/14 09:11:04 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/10/14 09:11:04 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/10/14 09:11:03 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/10/14 09:11:02 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/10/14 09:11:02 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2012/10/14 09:11:01 | 000,096,256 | ---- | C] (Copyright (C) Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2012/10/14 09:11:01 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2012/10/14 09:11:00 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2012/10/14 09:10:59 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2012/10/14 09:10:58 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2012/10/14 09:10:57 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/10/14 09:10:56 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2012/10/14 09:10:56 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2012/10/14 09:10:55 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2012/10/14 09:10:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2012/10/14 09:10:52 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2012/10/14 09:10:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2012/10/14 09:10:50 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/10/14 09:10:50 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2012/10/14 09:10:49 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2012/10/14 09:10:49 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2012/10/14 09:10:48 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2012/10/14 09:10:48 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2012/10/14 09:10:47 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2012/10/14 09:10:47 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2012/10/14 09:10:46 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2012/10/14 09:10:45 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/10/14 09:10:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2012/10/14 09:10:42 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/10/14 09:10:42 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/10/14 09:10:41 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/10/14 09:10:41 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/10/14 09:10:41 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/10/14 09:10:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2012/10/14 09:10:39 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/10/14 09:10:39 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/10/14 09:10:38 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/10/14 09:10:38 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/10/14 09:10:37 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/10/14 09:10:36 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/10/14 09:10:35 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2012/10/14 09:10:35 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2012/10/14 09:10:34 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2012/10/14 09:10:34 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2012/10/14 09:10:33 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2012/10/14 09:10:33 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2012/10/14 09:10:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2012/10/14 09:10:32 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2012/10/14 09:10:32 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2012/10/14 09:10:26 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2012/10/14 09:10:25 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/10/14 09:10:25 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/10/14 09:10:25 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/10/14 09:10:24 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/10/14 09:10:24 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/10/14 09:10:24 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/10/14 09:10:23 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/10/14 09:10:23 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/10/14 09:10:22 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/10/14 09:10:22 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/10/14 09:10:21 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2012/10/14 09:10:21 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/10/14 09:10:20 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/10/14 09:10:20 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/10/14 09:10:20 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/10/14 09:10:19 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/10/14 09:10:19 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/10/14 09:10:19 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/10/14 09:10:18 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2012/10/14 09:10:18 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/10/14 09:10:17 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/10/14 09:10:17 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2012/10/14 09:10:17 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2012/10/14 09:10:16 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2012/10/14 09:10:16 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2012/10/14 09:10:16 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2012/10/14 09:10:15 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/10/14 09:10:15 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2012/10/14 09:10:14 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/10/14 09:10:14 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2012/10/14 09:10:14 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/10/14 09:10:14 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/10/14 09:10:13 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/10/14 09:10:13 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/10/14 09:10:13 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/10/14 09:10:12 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2012/10/14 09:10:11 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2012/10/14 09:10:11 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2012/10/14 09:10:07 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2012/10/14 09:10:06 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2012/10/14 09:10:06 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2012/10/14 09:10:05 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2012/10/14 09:10:05 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2012/10/14 09:10:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2012/10/14 09:10:04 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2012/10/14 09:10:04 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2012/10/14 09:10:04 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2012/10/14 09:10:02 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2012/10/14 09:10:01 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2012/10/14 09:10:00 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/10/14 09:10:00 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2012/10/14 09:10:00 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2012/10/14 09:09:59 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2012/10/14 09:09:56 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2012/10/14 09:09:56 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2012/10/14 09:09:56 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2012/10/14 09:09:55 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2012/10/14 09:09:55 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2012/10/14 09:09:55 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/10/14 09:09:55 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2012/10/14 09:09:54 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2012/10/14 09:09:54 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2012/10/14 09:09:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2012/10/14 09:09:53 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2012/10/14 09:09:46 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2012/10/14 09:09:45 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/10/14 09:09:45 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/10/14 09:09:44 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/10/14 09:09:44 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/10/14 09:09:44 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/10/14 09:09:44 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2012/10/14 09:09:43 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/10/14 09:09:43 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2012/10/14 09:09:42 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2012/10/14 09:09:42 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2012/10/14 09:09:42 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2012/10/14 09:09:41 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/10/14 09:09:41 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2012/10/14 09:09:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2012/10/14 09:09:40 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/10/14 09:09:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2012/10/14 09:09:40 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2012/10/14 09:09:39 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/10/14 09:09:39 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/10/14 09:09:39 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/10/14 09:09:39 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2012/10/14 09:09:38 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2012/10/14 09:09:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2012/10/14 09:09:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2012/10/14 08:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012/10/13 01:29:03 | 000,000,000 | ---D | C] -- C:\1da8f621714b45561fd86f83fdc1
[2012/10/12 21:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2012/10/12 19:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2012/10/11 03:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/10/11 03:53:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/10/11 03:53:00 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/10/11 03:53:00 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/10/11 03:53:00 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/10/11 03:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/10/11 03:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/10/09 22:30:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/10/09 22:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2012/10/09 22:30:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/10/09 22:30:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/10/09 22:30:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/10/09 22:30:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/10/09 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/10/09 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/10/09 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/10/09 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/10/09 22:30:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/10/09 22:30:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/10/09 22:30:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/10/09 22:30:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/10/09 22:30:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/10/09 22:30:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/10/09 22:30:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/10/09 22:30:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/10/07 15:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Compound File Explorer
[2012/10/07 15:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CoCo Systems
[2012/10/07 15:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\CoCo Systems
[2012/10/06 04:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SourceTec
[2012/10/06 04:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2012/10/06 04:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2012/10/06 04:23:39 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/30 21:09:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/09/30 21:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/09/30 21:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/30 09:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/09/30 00:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/30 00:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/29 00:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/29 00:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/29 00:54:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/29 00:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/29 00:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/09/28 20:19:49 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/18 10:12:18 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/18 10:12:18 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/18 10:09:34 | 000,000,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/10/18 10:09:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/18 10:07:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/18 09:44:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1202660629-839522115-1003UA.job
[2012/10/17 17:44:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1202660629-839522115-1003Core.job
[2012/10/14 17:32:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/10/14 11:10:42 | 081,330,688 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madnessj.fla
[2012/10/14 11:08:26 | 007,747,960 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madnessj.swf
[2012/10/14 11:00:21 | 085,454,336 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madnesse.fla
[2012/10/14 10:37:30 | 002,825,608 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madnesse.swf
[2012/10/14 08:46:16 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/14 01:53:03 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/13 02:52:22 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/10/13 01:48:25 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/13 01:48:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/11 19:44:57 | 081,469,952 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness.fla
[2012/10/11 18:16:18 | 002,824,333 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness.swf
[2012/10/11 18:15:49 | 023,515,136 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness5.fla
[2012/10/11 17:50:01 | 002,823,105 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness5.swf
[2012/10/11 09:42:00 | 023,490,048 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness4.fla
[2012/10/11 09:07:21 | 023,368,192 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness3.fla
[2012/10/11 09:06:41 | 002,834,634 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness3.swf
[2012/10/11 08:24:45 | 002,837,009 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness4.swf
[2012/10/10 09:39:43 | 024,473,600 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness2.fla
[2012/10/10 07:21:35 | 002,958,084 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness2.swf
[2012/10/08 20:16:01 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/10/06 04:28:27 | 000,000,395 | ---- | M] () -- C:\WINDOWS\PKZIPW.INI
[2012/10/01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/09/30 09:03:02 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/30 08:01:03 | 000,443,587 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_infected
[2012/09/30 07:08:02 | 000,000,124 | ---- | M] () -- C:\WINDOWS\System32\pixelcity.ini
[2012/09/29 06:32:14 | 000,443,587 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120930-002014.backup
[2012/09/29 06:11:59 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2012/09/25 01:52:04 | 003,778,688 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Love is War chorus.mp3
[2012/09/24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/14 09:30:59 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2012/10/14 09:30:56 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2012/10/14 09:23:12 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012/10/14 09:23:10 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012/10/14 09:17:13 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/10/14 09:13:47 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/10/14 09:13:44 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/10/14 09:13:41 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/10/14 09:13:38 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/10/14 09:13:34 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/10/14 09:11:42 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/10/14 09:11:41 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/10/14 09:11:41 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/10/14 09:10:09 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/10/14 09:10:09 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/10/14 09:10:08 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/10/14 09:10:08 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/10/14 09:10:08 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/10/14 09:10:08 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/10/14 09:10:07 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/10/14 09:10:07 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/10/14 09:10:06 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/10/14 09:10:04 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/10/14 08:46:16 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/11 19:52:28 | 002,825,608 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madnesse.swf
[2012/10/11 19:44:53 | 085,454,336 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madnesse.fla
[2012/10/11 19:08:40 | 007,747,960 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madnessj.swf
[2012/10/11 19:07:15 | 081,330,688 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madnessj.fla
[2012/10/11 09:07:24 | 002,823,105 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness5.swf
[2012/10/11 09:07:21 | 023,515,136 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness5.fla
[2012/10/11 09:06:34 | 002,834,634 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness3.swf
[2012/10/09 22:30:36 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/10/09 22:30:36 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/10/09 09:24:03 | 002,837,009 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness4.swf
[2012/10/09 01:10:03 | 023,490,048 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness4.fla
[2012/10/08 20:16:01 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/10/08 20:16:01 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/10/07 12:34:56 | 023,368,192 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness3.fla
[2012/10/07 10:47:48 | 002,958,084 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness2.swf
[2012/10/06 07:08:57 | 024,473,600 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness2.fla
[2012/10/06 05:06:50 | 002,824,333 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness.swf
[2012/10/06 03:04:11 | 081,469,952 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness.fla
[2012/10/01 20:12:53 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/29 06:12:00 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2012/09/29 06:12:00 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2012/09/29 06:12:00 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
[2012/09/29 06:12:00 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/08/30 23:07:52 | 000,018,073 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2012/08/18 23:57:36 | 000,000,395 | ---- | C] () -- C:\WINDOWS\PKZIPW.INI
[2012/08/17 11:04:17 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/08/17 11:04:17 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/08/17 11:04:17 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/08/17 11:01:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/17 00:41:40 | 000,000,124 | ---- | C] () -- C:\WINDOWS\System32\pixelcity.ini
[2012/08/16 02:30:11 | 004,874,240 | ---- | C] () -- C:\WINDOWS\System32\DSE2_DFT.dll
[2012/08/14 15:58:26 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2012/08/14 15:58:20 | 000,000,127 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2012/08/14 15:03:36 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2012/08/14 10:33:09 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2012/08/14 10:33:08 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2012/08/14 10:33:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2012/08/14 10:33:07 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2012/08/14 10:33:07 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2012/08/14 10:33:07 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2012/08/14 09:47:13 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/08/14 08:04:30 | 000,001,110 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2012/08/14 06:16:58 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AlchemyMindworksUpdateList.INI
[2012/08/14 06:16:38 | 000,212,992 | ---- | C] () -- C:\WINDOWS\ALCHUNIN.EXE
[2012/08/04 22:30:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/08/04 22:20:55 | 000,509,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/04 17:56:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/04 17:27:45 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/08/04 17:27:45 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/08/04 17:27:45 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2012/08/04 17:27:41 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/08/04 17:27:37 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/08/04 16:32:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/08/04 16:23:29 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/08/04 16:17:24 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/08/04 02:57:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/08/04 02:53:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/08/04 16:13:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

torreattack
2012-10-20, 18:38
Hi Pikpik:

Sorry for being late again.

Please disable spybot during OTL fix.

1. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Copy the following text... do not include the quote box title "Quote'

:OTL
[2012/10/14 01:53:03 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/30 08:01:03 | 000,443,587 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_infected

:Files
ipconfig /flushdns /c

:Commands
[EmptyTemp]
[ResetHosts]
[CreateRestorePoint]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.
note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.




2. What is the result of Memtest86 v4.0 test?




3. Please re-run spybot, fix any the items found. If possible, post the log.



4. ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
First please Disable any Antivirus you have active, as shown in This topic (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html).
Note: Don't forget to re-enable it after the scan.
Next hold down Control then click on the following link to open a new window to ESET online scannner (http://www.eset.com/home/products/online-scanner)
Then click on Run ESET Online Scanner

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on Start.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following: Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology Now click on Start.
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on Finish.
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.




5. Please give me an update regarding your problem.

thanks,
torreattack

Pikpik
2012-10-22, 02:12
1 - I ran OTL and it didn't seem to have any problems. When it rebooted, the computer said it had recovered from a serious error several times, but was otherwise functioning. Here's the log:

All processes killed
========== OTL ==========
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts_infected moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Zarla\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Zarla\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 647168 bytes
->Temporary Internet Files folder emptied: 65850 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: In the documents and settings folder

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 510834 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Zarla
->Temp folder emptied: 1795156 bytes
->Temporary Internet Files folder emptied: 12232551 bytes
->FireFox cache emptied: 171859065 bytes
->Google Chrome cache emptied: 14696908 bytes
->Flash cache emptied: 29204 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132035 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 195.00 mb

Error: Unble to create default HOSTS file!
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10212012_082206

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


2. Memtest didn't find anything.

3. Spybot went through the search without crashing or giving me errors.

--- Search result list ---
WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

It found these two cookies which I then got rid of.

4. The ESET scan went okay for a few hours, then hung on a file on the external hard drive, making me have to manually restart. When it rebooted it ran chkdsk again on drive C.
Before it hung, I wrote down a few of the things it found.

Win32/Adware.WBug.A
Win32/OpenCandy
Win32/PrcView
variant of Win32/AdInstaller multiple times
Win32/Adware.Virtumonde.NEO twice
variant of Win32/Keygen.CY twice
variant of Win32/Keygen.AR

All in all it had found 18 things before it hung.


5. I just ran the tests/OTL fix today, but I'll come back and report if I run into any other problems.

torreattack
2012-10-22, 10:42
Hi Pikpik:

1. ESET online scannner
Please check this file, C:\Program Files\ESET\EsetOnlineScanner\log.txt.
If you have it, post it.
If not, I hope you don't mind to try it again.

The name of the virus ifself does not help much unless we know which file.



2. Does the external hardrive was the "problem child" that we mentioned before?



3. Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform Quick scan, then click on Scan
When done, you will be prompted. Click OK. If Items are found, then click on Show Results
Check all items then click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
Note: If MBAM doesn't return after an update, please start it again.


Please disable spybot before you continue.

4. Hosts File Corrupted

Download HostsXpert (http://www.funkytoad.com/download/HostsXpert.zip) and unzip it to your computer, somewhere where you can find it.
Double click on HostsXpert.exe to launch the program.
Click on Restore MS Hosts File to restore your Hosts file to its default condition.
Click on Make ReadOnly to secure it against further infection.
Exit the program.



thanks,
torreattack

Pikpik
2012-10-23, 16:17
1. The log is empty, I'm sorry. I tried to run the scan again, but it keeps saying that it can't download the update, and that I need to configure the proxy?

2. H:/ is the external hard drive and D:/ is an older hard drive. I think D:/ is the one that's causing most the problems, although H is set up to backup D automatically, so they might be connected.

3. MBAM kept crashing midway through the scan. I eventually had to go into Safe Mode and run it there, and it still crashed once before I got it to finish the scan. It didn't find anything though...

4. Done, although when I opened the program it said I didn't have a hosts file period, if that makes a difference? So when I told it to restore to the MS default it created one, I think.

torreattack
2012-10-23, 21:08
Hi pikpik:


The log is empty, I'm sorry. I tried to run the scan again, but it keeps saying that it can't download the update, and that I need to configure the proxy?
If you did not use proxy, you don't need to configure it.
Try again if you can, but if not, just ignore it. We will try another tool.


H:/ is the external hard drive and D:/ is an older hard drive. I think D:/ is the one that's causing most the problems, although H is set up to backup D automatically, so they might be connected.
1. Is that possible to remove the "old man" temporary until we close this thread? I need to verify whether the "crash" was caused by malware or hardware.


MBAM kept crashing midway through the scan.
2. Correct me if I am wrong, you really mean "crash" and not "blue screen" right? Which files is causing the "crash"? Is that file located in the "old man"?



Done, although when I opened the program it said I didn't have a hosts file period, if that makes a difference? So when I told it to restore to the MS default it created one, I think. :bigthumb:



3. ComboFix
Please download http://i526.photobucket.com/albums/cc345/MPKwings/ComboFixicon1.gifComboFix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)... ?Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download sites: Mirror #2 (http://www.forospyware.com/sUBs/ComboFix.exe) or Mirror #3 (http://subs.geekstogo.com/ComboFix.exe)

If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

This program is a powerful tool, intended by its creator, to be "used under the guidance and supervision of trained malware removers".
Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!

The first thing you need to do is print out How-To-Use-ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix). Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please disable any Antivirus or Firewall you have active, as shown in this topic (http://www.bleepingcomputer.com/forums/topic114351.html). Please close all open application windows.
Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
Press Yes to the Disclaimer prompt.
ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
If not already installed... Press Yes to the "Install Recovery Console" prompt.
Press Yes at the Recovery Console installation results prompt... Even if unsuccessful, have ComboFix continue the scan.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
ComboFix will disconnect you from the Internet, may cause your desktop to disappear and also change your clock settings... this is normal, so don't worry. They will be restored when finished. The ComboFix window data will be changing with various "Stages"... completed. When finished the screen will show that a log is being created.
ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
Please copy/paste the contents of log.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer (http://img.photobucket.com/albums/v666/sUBs/New_Disclaimer_090525.gif).
** Enable your Antivirus and Firewall, before connecting to the Internet again! **

thanks,
torreattack

Pikpik
2012-10-24, 04:36
I unplugged the external drive and after a restart and a few tries got the ESET scanner to run. Here's the log:

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9258fdba14c30c48be70f8ed5daf0075
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-10-23 04:45:39
# local_time=2012-10-23 09:45:39 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 124286 124286 0 0
# compatibility_mode=6912 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=724536
# found=16
# cleaned=0
# scan_time=12073
C:\AOL30\Download\Programs\cdbxp_setup_4.4.1.3341.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\AOL30\Download\Programs\Install_AIM.exe Win32/Adware.WBug.A application (unable to clean) 00000000000000000000000000000000 I
C:\AOL30\Download\Programs\Nero-7.10.1.0_eng_update.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\AOL30\Download\Programs\SkipScreen-Setup.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\AOL30\Download\Programs\SkipScreen-Setup_a.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\AOL30\Download\Programs\VirtumundoBeGone.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\AOL30\Download\Programs\zlsSetup_70_470_000_en.exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Documents\C\AOL30\Download\Programs\Install_AIM.exe Win32/Adware.WBug.A application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Documents\C\AOL30\Download\Programs\VirtumundoBeGone.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Documents\C\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Documents\C\VundoFix Backups\jmppo.bak1.bad Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Documents\C\VundoFix Backups\jmppo.ini.bad Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\May-maynot want to reinstall\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application (unable to clean) 00000000000000000000000000000000 I
C:\Temp\zlsSetup_70_462_000_en.exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I
C:\Temp\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I
C:\To Reinstall\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application (unable to clean) 00000000000000000000000000000000 I


1. I think I can pull it out... I can give it a try.

2. Yeah, the program itself crashed, not the computer, which is a bit of a relief. It happened pretty fast, but I noticed it did it multiple times in the middle of the C:\Windows\Fonts folder. I was doing a quickscan, so I don't think it would have looked in D at all...

3. I'll give ComboFix a try and report back!

torreattack
2012-10-26, 08:26
Hi pikpik:

1. I am still waiting for your combofix report.

2. By the way, according to the Eset report,
a. Do you still want to keep those software and it installer?
b. Do you create these folders?

C:\Documents and Settings\All Users\Documents\C\AOL30\Download\Programs\
C:\Documents and Settings\All Users\Documents\C\VundoFix Backups\
C:\Program Files\May-maynot want to reinstall\AIM\Sysfiles\
C:\To Reinstall\AIM\Sysfiles\

3. Can you re-run the MalwareByte's antimalware in Full Scan?

4. Please give me an update of your computer's problem.

thanks,
torreattack

Pikpik
2012-10-27, 05:15
Ah sorry, here is the Combofix report. I was a little nervous to run it given how unstable my computer's been running scans lately, but I think it ran okay. I was a little startled when it restarted the computer but I guess it's supposed to do that?


ComboFix 12-10-26.05 - Zarla 10/26/2012 11:27:16.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2632 [GMT -7:00]
Running from: c:\documents and settings\Zarla\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Outpost Security Suite *Disabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Outpost Security Suite *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Zarla\WINDOWS
c:\windows\Fonts\Pokemon Unown GB.fon
c:\windows\system32\PowerToyReadme.htm
.
.
((((((((((((((((((((((((( Files Created from 2012-09-26 to 2012-10-26 )))))))))))))))))))))))))))))))
.
.
2012-10-22 21:37 . 2011-03-21 23:27 708760 ----a-w- c:\windows\system32\drivers\SandBox.sys
2012-10-22 21:37 . 2011-02-03 00:04 242040 ----a-w- c:\windows\system32\drivers\VBEngNT.sys
2012-10-22 21:37 . 2010-09-27 22:40 267624 ----a-w- c:\windows\system32\drivers\afwcore.sys
2012-10-22 21:37 . 2010-04-20 23:05 34280 ----a-w- c:\windows\system32\drivers\afw.sys
2012-10-22 21:36 . 2012-10-26 17:01 -------- d-----w- c:\windows\system32\Filt
2012-10-22 21:36 . 2012-10-22 21:36 -------- d-----w- c:\program files\Agnitum
2012-10-22 21:36 . 2012-10-22 21:36 -------- d-----w- c:\documents and settings\Zarla\Application Data\Agnitum
2012-10-22 21:36 . 2012-10-22 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2012-10-22 05:22 . 2012-09-25 06:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-21 15:54 . 2012-10-21 15:54 -------- d-----w- c:\program files\ESET
2012-10-21 15:22 . 2012-10-21 15:22 -------- d-----w- C:\_OTL
2012-10-15 00:14 . 2012-10-15 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2012-10-15 00:10 . 2012-10-15 00:10 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ATI
2012-10-15 00:10 . 2012-10-15 00:10 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ATI
2012-10-14 16:21 . 2001-08-17 20:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-10-14 16:21 . 2001-08-17 19:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2012-10-14 16:21 . 2001-08-17 19:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-10-14 16:21 . 2001-08-17 19:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-10-14 16:21 . 2008-04-14 07:16 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2012-10-14 16:21 . 2001-08-17 19:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-10-14 16:21 . 2001-08-18 05:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2012-10-14 16:21 . 2001-08-17 19:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-10-14 16:18 . 2001-08-17 20:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-10-14 16:18 . 2008-04-14 07:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2012-10-14 16:18 . 2001-08-17 20:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-10-14 16:18 . 2001-08-17 19:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-10-14 16:18 . 2001-08-17 19:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-10-14 16:18 . 2001-08-17 19:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-10-14 16:18 . 2008-04-14 05:05 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-10-14 16:18 . 2001-08-17 19:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-10-14 16:18 . 2001-08-17 19:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-10-14 16:18 . 2001-08-18 05:36 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-10-14 16:16 . 2001-08-17 19:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-10-14 16:16 . 2008-04-14 07:11 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2012-10-14 16:16 . 2001-08-17 21:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2012-10-14 16:16 . 2001-08-18 05:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2012-10-14 16:16 . 2001-08-17 20:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2012-10-14 16:16 . 2001-08-17 19:12 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2012-10-14 16:16 . 2001-08-17 20:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2012-10-14 16:14 . 2001-08-18 05:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2012-10-14 16:13 . 2001-08-17 20:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2012-10-14 16:12 . 2001-08-17 19:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2012-10-14 16:11 . 2001-08-17 19:10 55999 -c--a-w- c:\windows\system32\dllcache\el556nd5.sys
2012-10-14 16:10 . 2001-08-18 05:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
2012-10-14 16:09 . 2001-08-17 20:52 26496 -c--a-w- c:\windows\system32\dllcache\asc.sys
2012-10-14 15:46 . 2012-03-06 17:27 66520 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2012-10-13 08:29 . 2012-10-13 08:29 -------- d-----w- C:\1da8f621714b45561fd86f83fdc1
2012-10-13 02:57 . 2012-10-13 02:57 -------- d-----w- c:\program files\ASIO4ALL v2
2012-10-11 20:49 . 2012-10-11 21:30 -------- d-----w- c:\documents and settings\Zarla\Application Data\MeldaProduction
2012-10-11 10:56 . 2012-10-11 10:56 -------- d-----w- c:\documents and settings\Zarla\Application Data\Avira
2012-10-11 10:53 . 2012-10-02 00:14 134184 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-11 10:53 . 2012-09-24 16:58 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-11 10:53 . 2012-09-13 17:58 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-11 10:52 . 2012-10-11 10:52 -------- d-----w- c:\program files\Avira
2012-10-11 10:52 . 2012-10-11 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-10-10 05:30 . 2012-10-21 15:22 -------- d-----w- c:\documents and settings\Administrator
2012-10-07 22:11 . 2012-10-07 22:11 -------- d-----w- c:\documents and settings\Zarla\Application Data\CoCo Systems
2012-10-07 22:06 . 2012-10-07 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CoCo Systems
2012-10-07 22:06 . 2012-10-07 22:06 -------- d-----w- c:\program files\CoCo Systems
2012-10-06 11:50 . 2012-10-06 11:50 -------- d-----w- c:\documents and settings\Zarla\Local Settings\Application Data\SourceTec
2012-10-06 11:50 . 2012-10-06 11:50 -------- d-----w- c:\program files\Common Files\SourceTec
2012-10-06 11:50 . 2012-10-06 11:50 -------- d-----w- c:\program files\SourceTec
2012-10-06 11:23 . 2012-10-13 08:48 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-01 04:09 . 2012-10-01 04:09 -------- d-----w- c:\program files\ERUNT
2012-09-30 16:22 . 2012-10-26 18:32 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\WTablet
2012-09-30 07:03 . 2012-09-30 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-09-30 07:03 . 2012-09-30 07:03 -------- d-----w- c:\program files\AVAST Software
2012-09-29 16:10 . 2012-09-29 16:10 -------- d-----w- c:\documents and settings\Zarla\Local Settings\Application Data\PCHealth
2012-09-29 13:15 . 2012-09-29 13:15 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ServiceTest
2012-09-29 13:10 . 2008-04-14 09:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-09-29 07:55 . 2012-09-29 07:55 -------- d-----w- c:\documents and settings\Zarla\Application Data\Malwarebytes
2012-09-29 07:54 . 2012-09-29 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-29 07:54 . 2012-09-30 02:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 07:54 . 2012-10-22 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-29 03:19 . 2012-10-13 08:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-26 18:39 . 2012-10-26 18:39 1409 ----a-w- c:\windows\QTFont.for
2012-09-01 21:07 . 2012-08-05 01:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 21:07 . 2012-08-05 01:37 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-20 04:43 . 2012-08-20 04:43 588 ----a-w- c:\windows\uninstallstickies.bat
2012-08-14 17:11 . 2012-08-14 17:11 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-03-31 02:01 468128 ----a-w- c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-08-05 1353080]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-08-14 155648]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-28 98304]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-04-04 3107736]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Free\feedback.exe" [2011-03-31 517056]
.
c:\documents and settings\Zarla\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [2012-8-14 106496]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2012-8-19 1122304]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2012-8-16 1073152]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\auditorium\\Auditorium.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the binding of isaac\\Isaac.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the sims 3\\Game\\Bin\\Sims3Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the sims 3\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [3/9/2010 12:58 AM 188984]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/14/2012 10:11 AM 685816]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/11/2012 3:53 AM 36552]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [10/22/2012 2:37 PM 708760]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [10/22/2012 2:37 PM 2072592]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2012 3:53 AM 84256]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [8/14/2012 9:30 AM 1373480]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 4:24 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [10/22/2012 2:37 PM 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [10/22/2012 2:37 PM 267624]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [8/18/2012 4:44 AM 472644]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/16/2012 5:35 AM 11520]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/4/2012 4:17 PM 1691480]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [10/22/2012 2:37 PM 70160]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [5/13/2012 11:12 PM 103040]
S3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [10/22/2012 2:37 PM 242040]
S3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [10/22/2012 2:37 PM 34096]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1202660629-839522115-1003Core.job
- c:\documents and settings\Zarla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-16 23:29]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1202660629-839522115-1003UA.job
- c:\documents and settings\Zarla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-16 23:29]
.
.
------- Supplementary Scan -------
.
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Zarla\Application Data\Mozilla\Firefox\Profiles\jf4tt3qn.transferringover\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2012-09-17 23:04; thumbnailZoom@dadler.github.com; c:\documents and settings\Zarla\Application Data\Mozilla\Firefox\Profiles\jf4tt3qn.transferringover\extensions\thumbnailZoom@dadler.github.com
FF - ExtSQL: 2012-09-29 06:55; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Zarla\Application Data\Mozilla\Firefox\Profiles\jf4tt3qn.transferringover\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - ExtSQL: 2012-09-30 09:58; {46868735-c3fa-47ce-8ce7-cce51a66aceb}; c:\documents and settings\Zarla\Application Data\Mozilla\Firefox\Profiles\jf4tt3qn.transferringover\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-26 11:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2248)
c:\windows\system32\WININET.dll
c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\iTunes\iTunes.exe
c:\program files\Last.fm\LastFM.exe
.
**************************************************************************
.
Completion time: 2012-10-26 11:44:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-26 18:42
.
Pre-Run: 605,858,693,120 bytes free
Post-Run: 607,019,470,848 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - C76A500E20AC71DE598F5EF909B626CD


2a. I guess they're not important? They don't seem too important.
2b. Yeah I created all of those. The Vundofix ones however were from an older computer that once got infected with a virus - I copied a lot of files over from the old one to the new one and I might have just copied those without thinking about it.

3. I'll try re-running MalwareBytes.

4. I haven't hit any bluescreens lately, but the computers been kind of freezing a lot. Everything on the screen will freeze in place, but I'll still be able to move the mouse and hear music playing from a music player. No matter what I click on though nothing happens, so I have to restart.
Another weird problem was when I closed Chrome last night, and a window with no text and a red X appeared, but I couldn't tell what error it was trying to tell me. When I clicked what I assumed was the okay button to make it go away, all the text on the computer seemed to disappear, then when I tried to restart it freaked out again. That hasn't happened again since the first time though, I'm not sure what that was.

I did order a new hard drive for the older drive, so when that comes I'll try and replace it. I'm going to be out of town for the next couple days, but I'll try to check in until I get back.

torreattack
2012-10-28, 07:12
Hi pikpik:

1. I assume you know about the Eset report, as the report showed, some of the installer are having adware with them, just make sure you did not install them (like ask toolbar). My suggest is, if you did not need those software, the best thing is remove them.

2. Don't worry about the software that I ask you to use to scan, we use them at many forums. However, If you found problem or bug regarding them, just let me know, I will keep an eye on them.

3. The freeze problems might not caused by malware, as most of the tools showed that you are cleaned, but I might be wrong. Let's see what MBAM found.

4. You firefox is outdated, please update it.

5. Thanks for let me know, I will keep this thread open. As for me, I will not online during 2-4 November, I will make a visit to tropical rain forest.

6. Do you have other issue?

thanks,
torreattack

torreattack
2012-11-04, 02:14
Hi pikpik:

Still need time?

torreattack

Pikpik
2012-11-04, 02:28
I'm sorry, I just got back! I took out the old drive and replaced it with a new one, it's still transferring files over. So far the computer hasn't hung or crashed, but I haven't been using it for very long, so I guess we'll have to see... I hope replacing the drive fixes the problem.

I tried to run MBAM while the drive was out and with the new drive in, but both times it always crashes in the Windows Font folder...

I've tried to update Firefox a few times, but when I uninstall it and run the installer for the new version, it'll go through the process but then won't actually open the browser. It just says it encountered an error and crashes over and over. This happened both with just moving up to 4.0 and moving up to 12.0 too, so I don't know what's happening there...

Firefox itself in general is still crashing a lot, and when I look in the event viewer for the computer, each crash goes with a warning saying its reached its tcp/ip security limit. I'm not sure what's causing that.

torreattack
2012-11-05, 19:33
Hi pikpik:

1. I have no idea why MBAM crashed in Windows Font folder. Does this happen to other software while they are scanning that folder?

2. I am not very familiar with Firefox, if you still want to use it, you may ask your question at firefox forum.

3. ComboFix - CFScript
WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please open Notepad and copy/paste all the text below... into the window:


RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"


Save it to your desktop as CFScript.txt
Please disable any Antivirus or Firewall you have active, as shown in this topic (http://www.bleepingcomputer.com/forums/topic114351.html). Please close all open application windows.
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

http://i526.photobucket.com/albums/cc345/MPKwings/ComboFixScriptDrag.gif

This will cause ComboFix to run again.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!
When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
Please copy/paste the contents of log.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **


4. Policy Notification

P2P Warning!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
BitLord
Please note whenever you use any form of P2P networking to download files you can anticipate infestations of malware to occur.
P2P file sharing used to be fairly safe. This is no longer true...continue to use P2P sharing ...at your own risk! Keep in mind that this practice may be the source of your current malware infestation.

I strongly recommend that you uninstall:
BitLord

You can do so using the Control Panel >> Add or Remove Programs function...however, that choice is up to you.
Please read: http://forums.spybot.info/showthread.php?t=282


5. Please give me an update regarding your computer

thanks,
torreattack

Pikpik
2012-11-06, 12:06
1. Not that I'm aware of... Spybot seems to scan it okay. I haven't tried scanning it with Outpost or Avira yet.

2. Last night Firefox crashed and now refuses to open completely, even when I uninstalled/reinstalled it. I'm not sure what's going on there. I'll check out the firefox forum.

3. ComboFix log:

ComboFix 12-11-05.03 - Zarla 11/06/2012 1:47.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2567 [GMT -8:00]
Running from: c:\documents and settings\Zarla\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zarla\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Outpost Security Suite *Disabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Outpost Security Suite *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-05 04:03 . 2012-11-05 04:03 1409 ----a-w- c:\windows\QTFont.for
2012-11-03 20:43 . 2012-11-03 20:43 -------- d-----w- c:\documents and settings\Zarla\Application Data\Media Player Classic
2012-11-03 18:25 . 2012-11-03 18:25 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-22 21:37 . 2011-03-21 23:27 708760 ----a-w- c:\windows\system32\drivers\SandBox.sys
2012-10-22 21:37 . 2011-02-03 00:04 242040 ----a-w- c:\windows\system32\drivers\VBEngNT.sys
2012-10-22 21:37 . 2010-09-27 22:40 267624 ----a-w- c:\windows\system32\drivers\afwcore.sys
2012-10-22 21:37 . 2010-04-20 23:05 34280 ----a-w- c:\windows\system32\drivers\afw.sys
2012-10-22 21:36 . 2012-11-05 18:00 -------- d-----w- c:\windows\system32\Filt
2012-10-22 21:36 . 2012-10-22 21:36 -------- d-----w- c:\program files\Agnitum
2012-10-22 21:36 . 2012-10-22 21:36 -------- d-----w- c:\documents and settings\Zarla\Application Data\Agnitum
2012-10-22 21:36 . 2012-10-22 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2012-10-22 05:22 . 2012-09-25 06:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-21 15:54 . 2012-10-21 15:54 -------- d-----w- c:\program files\ESET
2012-10-21 15:22 . 2012-10-21 15:22 -------- d-----w- C:\_OTL
2012-10-15 00:14 . 2012-10-15 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2012-10-15 00:10 . 2012-10-15 00:10 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ATI
2012-10-15 00:10 . 2012-10-15 00:10 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ATI
2012-10-14 16:31 . 2008-04-14 12:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-10-14 16:29 . 2001-08-17 20:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2012-10-14 16:28 . 2001-08-17 20:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2012-10-14 16:27 . 2001-08-17 21:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2012-10-14 16:26 . 2008-04-14 07:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2012-10-14 16:25 . 2001-07-21 21:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-10-14 16:24 . 2001-08-18 05:36 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-10-14 16:23 . 2001-08-17 20:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2012-10-14 16:22 . 2001-08-18 05:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2012-10-14 16:21 . 2001-08-17 20:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-10-14 16:21 . 2001-08-17 19:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2012-10-14 16:21 . 2001-08-17 19:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-10-14 16:21 . 2001-08-17 19:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-10-14 16:21 . 2008-04-14 07:16 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2012-10-14 16:21 . 2001-08-17 19:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-10-14 16:21 . 2001-08-18 05:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2012-10-14 16:21 . 2001-08-17 19:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-10-14 16:18 . 2001-08-17 20:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-10-14 16:18 . 2008-04-14 07:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2012-10-14 16:18 . 2001-08-17 20:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-10-14 16:18 . 2001-08-17 19:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-10-14 16:18 . 2001-08-17 19:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-10-14 16:18 . 2001-08-17 19:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-10-14 16:18 . 2008-04-14 05:05 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-10-14 16:18 . 2001-08-17 19:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-10-14 16:18 . 2001-08-17 19:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-10-14 16:18 . 2001-08-18 05:36 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-10-14 16:16 . 2001-08-17 19:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-10-14 16:16 . 2008-04-14 07:11 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2012-10-14 16:16 . 2001-08-17 21:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2012-10-14 16:16 . 2001-08-18 05:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2012-10-14 16:16 . 2001-08-17 20:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2012-10-14 16:16 . 2001-08-17 19:12 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2012-10-14 16:16 . 2001-08-17 20:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2012-10-14 16:14 . 2001-08-18 05:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2012-10-14 16:13 . 2001-08-17 20:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2012-10-14 16:12 . 2001-08-17 19:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2012-10-14 16:11 . 2001-08-17 19:10 55999 -c--a-w- c:\windows\system32\dllcache\el556nd5.sys
2012-10-14 16:10 . 2001-08-18 05:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
2012-10-14 16:09 . 2001-08-17 20:52 26496 -c--a-w- c:\windows\system32\dllcache\asc.sys
2012-10-13 08:29 . 2012-10-13 08:29 -------- d-----w- C:\1da8f621714b45561fd86f83fdc1
2012-10-13 02:57 . 2012-10-13 02:57 -------- d-----w- c:\program files\ASIO4ALL v2
2012-10-11 20:49 . 2012-10-11 21:30 -------- d-----w- c:\documents and settings\Zarla\Application Data\MeldaProduction
2012-10-11 10:56 . 2012-10-11 10:56 -------- d-----w- c:\documents and settings\Zarla\Application Data\Avira
2012-10-11 10:53 . 2012-11-04 00:00 133824 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-11 10:53 . 2012-09-24 16:58 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-11 10:53 . 2012-09-13 17:58 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-11 10:52 . 2012-10-11 10:52 -------- d-----w- c:\program files\Avira
2012-10-11 10:52 . 2012-10-11 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-10-10 05:30 . 2012-10-21 15:22 -------- d-----w- c:\documents and settings\Administrator
2012-10-07 22:11 . 2012-10-07 22:11 -------- d-----w- c:\documents and settings\Zarla\Application Data\CoCo Systems
2012-10-07 22:06 . 2012-10-07 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CoCo Systems
2012-10-07 22:06 . 2012-10-07 22:06 -------- d-----w- c:\program files\CoCo Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-04 04:43 . 2012-08-04 09:58 102400 ----a-w- c:\windows\DUMP5c0a.tmp
2012-10-13 08:48 . 2012-10-06 11:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 08:48 . 2012-09-29 03:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 02:54 . 2012-09-29 07:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 21:07 . 2012-08-05 01:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 21:07 . 2012-08-05 01:37 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-20 04:43 . 2012-08-20 04:43 588 ----a-w- c:\windows\uninstallstickies.bat
2012-08-14 17:11 . 2012-08-14 17:11 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-03-31 02:01 468128 ----a-w- c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-08-05 1353080]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-08-14 155648]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-03 384800]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-28 98304]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-04-04 3107736]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Free\feedback.exe" [2011-03-31 517056]
.
c:\documents and settings\Zarla\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [2012-8-14 106496]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2012-8-19 1122304]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2012-8-16 1073152]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\auditorium\\Auditorium.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the binding of isaac\\Isaac.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the sims 3\\Game\\Bin\\Sims3Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the sims 3\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [3/8/2010 11:58 PM 188984]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/14/2012 9:11 AM 685816]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/11/2012 2:53 AM 36552]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [10/22/2012 1:37 PM 708760]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2012 2:53 AM 84256]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [8/14/2012 8:30 AM 1373480]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 3:24 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 7:58 AM 20480]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [10/22/2012 1:37 PM 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [10/22/2012 1:37 PM 267624]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [8/18/2012 3:44 AM 472644]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/16/2012 4:35 AM 11520]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [10/22/2012 1:37 PM 2072592]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/4/2012 3:17 PM 1691480]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [10/22/2012 1:37 PM 70160]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [5/13/2012 10:12 PM 103040]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/3/2012 10:25 AM 40776]
S3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [10/22/2012 1:37 PM 242040]
S3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [10/22/2012 1:37 PM 34096]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1202660629-839522115-1003Core.job
- c:\documents and settings\Zarla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-16 23:29]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1202660629-839522115-1003UA.job
- c:\documents and settings\Zarla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-16 23:29]
.
.
------- Supplementary Scan -------
.
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Zarla\Application Data\Mozilla\Firefox\Profiles\jf4tt3qn.transferringover\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2012-09-17 23:04; thumbnailZoom@dadler.github.com; c:\documents and settings\Zarla\Application Data\Mozilla\Firefox\Profiles\jf4tt3qn.transferringover\extensions\thumbnailZoom@dadler.github.com
FF - ExtSQL: 2012-09-29 06:55; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Zarla\Application Data\Mozilla\Firefox\Profiles\jf4tt3qn.transferringover\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - ExtSQL: 2012-09-30 09:58; {46868735-c3fa-47ce-8ce7-cce51a66aceb}; c:\documents and settings\Zarla\Application Data\Mozilla\Firefox\Profiles\jf4tt3qn.transferringover\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-06 01:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1264)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(4656)
c:\windows\system32\WININET.dll
c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-11-06 01:54:46
ComboFix-quarantined-files.txt 2012-11-06 09:54
ComboFix2.txt 2012-10-26 18:44
.
Pre-Run: 605,119,959,040 bytes free
Post-Run: 605,115,465,728 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 253F48A3B0C9F641CBD07DABBEC1756D


During the process though, something called dumphives.3XE crashed twice. It seemed to complete the process okay, but I'm not sure what that means?


4. BitLord was on the old computer where I transferred all these files from, I thought I hadn't reinstalled it on this one... I'll look around.


5. I got I think two bluescreens over the past few days, but they were mostly when I was transferring my drive D backup from the external H drive to the new drive D. Once the backup finished, it seems to have calmed down a little. Windows said it was some kind of hardware issue for one.

torreattack
2012-11-06, 15:03
Hi pikpik:

As I said before, your major problem might caused by hardware rather than software (malware).

As for firefox, your may try revo uninstaller to uninstall it.

As you problem seem "solved", any other issue before I post my "all clean" speech?

torreattack

Pikpik
2012-11-06, 21:03
I got Firefox running again by doing a clean reinstall, although the crashing hasn't stopped...

Do you have any idea what could be causing the hardware issue? I already replaced the old drive, both drives should be new and healthy. Could it be the video card? I have no idea where to start with looking for a hardware problem...

torreattack
2012-11-08, 17:17
Hi pikpik:

In my opinion, the blue screen was caused by the video card driver and hardisk. Because after you restore the driver, the blue screen seem stop.

However, your firefox problem is unexpected. I am not sure what cause it, since you said only happen in firefox.

Then, the MBAM fail during scanning the Windows Font folder but other scanner can run without problem. May be you can try to uninstall it and download and run the latest MBAM (just run the normal free version but not the trial or beta version).

I don't think you still having any malware detection, am I right?

thanks,
torreattack

Pikpik
2012-11-10, 06:22
I wonder if it is the video card... I'd hate to replace it, but it seems like a lot of things are pointing at it.

I'll try uninstalling MBAM and reinstalling it, maybe that'll clear it up. But as far as I can tell, I haven't gotten any other malware positives. For the past day or so it's seemed to behave itself, although the last bluescreens I got a few days ago mentioned IRQL and a page fault in a non-paged area... not sure why they happened.

torreattack
2012-11-11, 17:07
Hi pikpik:

1. The latest blue screen code point to hardware, you may better double check with other expert before you replace it.

I suggest you try a PC troubleshooting forum. These sites have a variety of experts, that are better equipped to investigate and resolve these kinds of issues.
Registration is free, it only takes a few minutes.
Malwaremoval forum (http://www.malwareremoval.com/forum/viewforum.php?f=197)
The Elder Geek on Windows (http://www.theeldergeek.com/forum/)
BleepingComputer.com (http://www.bleepingcomputer.com/forums/)
WhattheTech...formerly TomCoyote (http://forums.whatthetech.com/forums.html)



2. This is my general post for when your logs show no more signs of malware.

Please follow these simple steps in order to keep your computer clean and secure:

Time for some housekeeping

Click on Start >> Run...
Now type in ComboFix /Uninstall into the box and click OK.
Note the space between the X and the /Uninstall, it needs to be there.
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/CF-Uninstall.png

The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.


Next

OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
Double click on OTL.exe to run it.
Copy the following text... do not include the quote box title "Quote'


:Commands
[EmptyTemp]
[ClearAllRestorePoints]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
Let the program run unhindered and reboot. You will get a fix log when it is done, just close the log.



Clean up with OTL
Double click OTL.exe to run it.
This tool will remove all the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.


You can now delete any tools or logs we used if they remain on your Desktop.


Re-enable Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.


Update your programs regularly
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)


Read - stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960)

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)


I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing!

thanks
torreattack

Pikpik
2012-11-13, 12:15
Another bluescreen today that pointed at ati3duag.dll, so again I'm wondering if it is video card related. How frustrating... I'll look into the other sites you mentioned though. Thanks for your help!