There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Malware or virus hijack
Go to first new post Somethings Amiss....
Go to first new post computer sending emails out by itself
Go to first new post Nailed by a ROOTKIT
Go to first new post vista internet secuirty 2012
Go to first new post Possible virus and malware - hijackthis ...
Go to first new post Missing Photos/Black Desktop/Phantom Use ...
Go to first new post Email Went Crazy
Go to first new post do i have a virus
Go to first new post software will not update
Go to first new post Winrscmde has stoppped working
Go to first new post Win XP slow, atapi.sys prob?
Go to first new post really slow laptop
Go to first new post Want to make sure remote access did not ...
Go to first new post Hijack This log. SVCHOST problem
Tag Cloud
access acer blue screen boot bsod computer crash dell drive driver drivers error ethernet excel freeze gaming google hard drive hardware hdd hdmi internet internet explorer internet explorer pop ups keyboard laptop malware memory missing monitor motherboard network problem ram router security software startup trojan ubuntu 11.10 uninstall usb video virus vista windows windows 7 windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: Browser Hijacked

Page 1 of 3 1 23
Reply  
Thread Tools
djembe's Avatar
Junior Member with 20 posts.
  
Join Date: Jan 2001
26-Jan-2012, 11:21 PM #1
Browser Hijacked
Whatever search engine I use, in any browser, when I click on the search results, I get redirected to other sites - most of which are blocked by Trend Micro. Also it's making my browsers very sluggish. I don't use P2P sites.
Any help would be appreciated.
Thanks

Here are my logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:15:24 PM, on 27/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Launchy\Launchy.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe"
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1213322585265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13C030B6-97F5-4EDE-85A8-FA069DB88048}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{13C030B6-97F5-4EDE-85A8-FA069DB88048}: NameServer = 8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c985b0c22961c0) (gupdate1c985b0c22961c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12468 bytes

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 12:24:11 on 2012-01-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2556 [GMT 11:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Firewall Booster *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Launchy\Launchy.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [B2C_AGENT] c:\documents and settings\all users\application data\lgmobileax\b2c_client\B2CNotiAgent.exe"
mRun: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "c:\program files\mediafour\macdrive 7\MacDrive.exe"
mRun: [MDGetStarted.exe] "c:\program files\mediafour\macdrive 7\MDGetStarted.exe" /auto
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
uPolicies-explorer: NoActiveDesktop = 00000000
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213322585265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{13C030B6-97F5-4EDE-85A8-FA069DB88048} : NameServer = 8.8.8.8
TCP: Interfaces\{13C030B6-97F5-4EDE-85A8-FA069DB88048} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\wbd44ij9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2009-6-22 16384]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-9-5 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2008-7-21 11264]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-8-7 188272]
R2 MacDriveService;MacDriveService;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2007-5-1 143360]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-24 652872]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-8-7 64080]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-2-27 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-24 20464]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2011-8-14 341072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c985b0c22961c0;Google Update Service (gupdate1c985b0c22961c0);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 ApogeeUSBAudio;usb-audio.de driver for Apogee USB Audio;c:\windows\system32\drivers\ApogeeM.sys [2010-3-6 323040]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\maudiodelta.sys --> c:\windows\system32\drivers\MAudioDelta.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2009-12-2 54328]
S3 mdf16;mdf16;c:\documents and settings\owner\local settings\application data\temp\mdf16.sys [2011-10-7 18288]
S3 mvd23;mvd23;c:\documents and settings\owner\local settings\application data\temp\mvd23.sys [2011-10-7 90944]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-1-29 18432]
S3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys [2010-3-6 23360]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-2-20 176128]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-15 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S4 3xHybrid;WinFast DTV1000 S;c:\windows\system32\drivers\3xHybrid.sys [2008-2-20 1008768]
.
=============== Created Last 30 ================
.
2012-01-25 22:50:05 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-24 21:46:12 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-01-24 21:46:11 -------- d-----w- c:\program files\Hitman Pro 3.5
2012-01-24 21:45:32 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2012-01-23 23:31:36 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-01-23 23:31:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-23 23:31:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-23 23:31:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-23 05:03:45 -------- dc-h--w- c:\windows\ie8
2012-01-21 22:28:48 122880 --sha-r- c:\windows\system32\winstau.dll
2012-01-09 02:55:39 -------- d-----w- c:\documents and settings\owner\local settings\application data\Macroplant
2012-01-04 00:53:41 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-04 00:53:41 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-04 00:53:41 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-04 00:53:41 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
.
==================== Find3M ====================
.
2011-12-12 22:57:52 208 ----a-w- c:\windows\system32\msvcsv60.dll
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-17 22:38:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
.
============= FINISH: 12:25:10.12 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-27 14:02:27
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-24 WDC_WD5000AAKS-00YGA0 rev.12.01C02
Running: z9wujbmo.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kgacikow.sys


---- System - GMER 1.0.15 ----

SSDT 84112860 ZwCreateKey
SSDT 840D8600 ZwCreateMutant
SSDT 84111660 ZwCreateProcess
SSDT 84111960 ZwCreateProcessEx
SSDT 840D89C0 ZwCreateSymbolicLinkObject
SSDT 840D8120 ZwCreateThread
SSDT 84112E60 ZwDeleteKey
SSDT 84113760 ZwDeleteValueKey
SSDT 840D8BA0 ZwDuplicateObject
SSDT 840D8300 ZwLoadDriver
SSDT 84111C60 ZwOpenProcess
SSDT 84113D40 ZwOpenSection
SSDT 84111F60 ZwOpenThread
SSDT 84113160 ZwRenameKey
SSDT 84113460 ZwRestoreKey
SSDT 840D87E0 ZwSetSystemInformation
SSDT 84112B60 ZwSetValueKey
SSDT 84112260 ZwTerminateProcess
SSDT 84112560 ZwTerminateThread
SSDT 84113F20 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8BCE360, 0x37388D, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB6112A00]
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1648] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0125B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0210C0A2
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 0210D1AF
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 0210CFED
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 0210CC63
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 0210CF12
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 0210D0C8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 0210CE46
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 0210D37A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 0210CD7A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 0210D296
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 0210D73A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 0210D807
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0210BBFA
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0210CBBC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0210C731
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0210C958
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0210BB39
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0210C7D6
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0210C884
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 0210BFC3
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] WININET.dll!InternetCrackUrlW 3D9340C0 5 Bytes JMP 0210DC16
.text C:\Program Files\Mozilla Firefox\firefox.exe[2108] WININET.dll!InternetCrackUrlA 3D954938 5 Bytes JMP 0210DACD
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3928] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1046C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3928] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1046CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

AttachedDevice \FileSystem\Ntfs \Ntfs DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)

Device \FileSystem\Fastfat \FatCdrom MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\MRxDAV \Device\WebDavRedirector MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fastfat \Fat MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

AttachedDevice \FileSystem\Fastfat \Fat DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Cdfs \Cdfs MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.8@ Redemption Outlook and MAPI COM Library
Reg HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.8\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.8\0\win32
Reg HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.8\0\win32@ C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_OL\Redemption.dll
Reg HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.8\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.8\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.8\HELPDIR
Reg HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.8\HELPDIR@ C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_OL\

---- EOF - GMER 1.0.15 ----
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Register for free to hide this ad!
djembe's Avatar
Junior Member with 20 posts.
  
Join Date: Jan 2001
27-Jan-2012, 10:48 PM #2
Bump
djembe's Avatar
Junior Member with 20 posts.
  
Join Date: Jan 2001
29-Jan-2012, 06:07 PM #3
Anyone out there ?
drbear's Avatar
Malware Removal Specialist with 16 posts.
  
Join Date: Jan 2012
30-Jan-2012, 02:21 AM #4
Hello and welcome.

I go by Bear, and I will be helping you with your problem. I understand that having malware on your system is disruptive, annoying and can even be frightening. I also understand the urgency of getting your computer functioning again. Working as a team, you and I will be able to confront this problem and hopefully bring it to a successful conclusion. But you need to do a few things to help me understand your situation.

First, tell me everything and anything that you have already tried to fix this problem.

Second, tell me the symptoms that of infection that you are seeing in your computer and when you first notice them. If the symptoms were progressive, let me know that.

Third, please only use one forum to help resolve your problem. Posting on more than one forum or trying other things in between our procedures will confuse and lengthen the process and may even make a positive solution impossible.

Fourth, please follow my instructions exactly. If you cannot follow them or don't understand something, let me know immediately and do NOTHING until you hear from me. If for any reason you have deviated from my instructions, PLEASE let me know at once.

Fifth, Understand that malware gets into your computer system very easily but can be very, very difficult to remove. It could take a while and we may have to try several processes to fix the problem. So please "keep the faith". I will do all I can to get your computer operating properly, and if I can't fix it we have many very bright individuals here who will help us.

Sixth, do not send anything to me as an attachment unless I specifically ask for it. Please copy and paste all of your responses to me by replying to my post on this forum. If the response is too long (the forum has size limits), please send it in portions, sequentially.


Seventh let me know of any software you have running that encrypts your hard drive, such as Windows BitLocker or any others.

Eighth If your PC is set to automatically update, DISABLE, this function and do not update until we have disinfected your PC.

And lastly, before we do anything else, please back up you data, if possible on an external media such as DVD's, CD's, memory sticks or external hard drives.

I will analyze your data and post instructions back to you.
drbear's Avatar
Malware Removal Specialist with 16 posts.
  
Join Date: Jan 2012
30-Jan-2012, 03:08 AM #5
Hi djembe

Clearly your PC is clearly infected, but your posts did not point to anything specific. Hence I suspect a well hidden rootkit. Let's look for it. NOTE: Sometimes malware blocks out tools from running. If this happens just let me know.

1. Please download RogueKiller and save it to your desktop. Now quit all running programs. Double click RogueKiller.exe to run it. For Vista/Seven, right click and select run as administrator, for XP simply run RogueKiller.exe. When prompted, type 1 and hit Enter.
A RKreport.txt should appear on your desktop.

Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe .
Please post the contents of the RKreport.txt in your next Reply.


Please read carefully and follow these steps:

2. Download TDSSKiller and save it to your Desktop.

3. Doubleclick on TDSSKiller.exe to run the application. Now click Start Scan.

4. Click on Change parameters and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

5. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue.

Click on Reboot Now if you are asked to reboot the computer.

6. If reboot is NOT required, click on Report. Please copy that file. If a reboot IS required, the report can also be found in your root directory (usually C:\ folder). It's file name will take the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt]". Please copy that file.

Please always check to be sure Word Wrap is NOT turned on in any Notepad files you post. This is done by opening the Notepad file and clicking on Format to be sure Word Wrap is not checked.

Note: This site has size limits on posts. Please be sure to check that all the data you entered was posted. If not, use multiple posts.

Now please post the following to me as a reply to this post:
RKreport.txt
TDSSKiller log
Let me know how your computer and browser are operating
If you have any questions or problems, let me know that as well
djembe's Avatar
Junior Member with 20 posts.
  
Join Date: Jan 2001
30-Jan-2012, 04:58 AM #6
Hello drbear,
I appreciate your help with my problem.
Here are the logs you asked for:

RogueKiller V7.0.1 [01/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date : 01/30/2012 19:37:48

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤



¤¤¤ MBR Check: ¤¤¤


+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 7ceb3c12f0951da4a6949f3cbc8cf7bc
[BSP] b1ea03ae5c3b7133fb625a23edaac54f : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 500105 Mo

User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 1a96314dc6ca55c47556bf64f38e3ef2
[BSP] 2e57347b9c35ff70978793f42cc425ac : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 62906 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 122881185 | Size: 437190 Mo

User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




19:43:00.0921 1916 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
19:43:01.0703 1916 ============================================================
19:43:01.0703 1916 Current date / time: 2012/01/30 19:43:01.0703
19:43:01.0703 1916 SystemInfo:
19:43:01.0703 1916
19:43:01.0703 1916 OS Version: 5.1.2600 ServicePack: 3.0
19:43:01.0703 1916 Product type: Workstation
19:43:01.0703 1916 ComputerName: OWNER-DF83B7D0D
19:43:01.0703 1916 UserName: Owner
19:43:01.0703 1916 Windows directory: C:\WINDOWS
19:43:01.0703 1916 System windows directory: C:\WINDOWS
19:43:01.0703 1916 Processor architecture: Intel x86
19:43:01.0703 1916 Number of processors: 4
19:43:01.0703 1916 Page size: 0x1000
19:43:01.0703 1916 Boot type: Normal boot
19:43:01.0703 1916 ============================================================
19:43:02.0968 1916 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:43:03.0000 1916 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:43:03.0140 1916 Initialize success
19:43:13.0921 4664 ============================================================
19:43:13.0921 4664 Scan started
19:43:13.0921 4664 Mode: Manual;
19:43:13.0921 4664 ============================================================
19:43:14.0609 4664 3xHybrid (1d417b18530a26ef02c5dfb03710205d) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
19:43:14.0703 4664 3xHybrid - ok
19:43:14.0703 4664 Abiosdsk - ok
19:43:14.0718 4664 abp480n5 - ok
19:43:14.0750 4664 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:43:14.0750 4664 ACPI - ok
19:43:14.0781 4664 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:43:14.0781 4664 ACPIEC - ok
19:43:14.0796 4664 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:43:14.0812 4664 ADIHdAudAddService - ok
19:43:14.0812 4664 adpu160m - ok
19:43:14.0828 4664 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
19:43:14.0828 4664 AEAudio - ok
19:43:14.0859 4664 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:43:14.0875 4664 aec - ok
19:43:14.0875 4664 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:43:14.0984 4664 AegisP - ok
19:43:15.0015 4664 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:43:15.0031 4664 AFD - ok
19:43:15.0031 4664 Aha154x - ok
19:43:15.0031 4664 aic78u2 - ok
19:43:15.0046 4664 aic78xx - ok
19:43:15.0062 4664 AliIde - ok
19:43:15.0062 4664 amsint - ok
19:43:15.0109 4664 ApogeeUSBAudio (e13edc0c6b738ab7a7a6190fc8618d97) C:\WINDOWS\system32\Drivers\ApogeeM.sys
19:43:15.0140 4664 ApogeeUSBAudio - ok
19:43:15.0156 4664 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:43:15.0156 4664 Arp1394 - ok
19:43:15.0171 4664 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
19:43:15.0218 4664 Asapi - ok
19:43:15.0218 4664 asc - ok
19:43:15.0234 4664 asc3350p - ok
19:43:15.0234 4664 asc3550 - ok
19:43:15.0265 4664 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:43:15.0265 4664 AsyncMac - ok
19:43:15.0296 4664 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:43:15.0296 4664 atapi - ok
19:43:15.0296 4664 Atdisk - ok
19:43:15.0312 4664 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:43:15.0312 4664 Atmarpc - ok
19:43:15.0328 4664 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:43:15.0343 4664 audstub - ok
19:43:15.0359 4664 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:43:15.0375 4664 Beep - ok
19:43:15.0406 4664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:43:15.0406 4664 cbidf2k - ok
19:43:15.0437 4664 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:43:15.0437 4664 CCDECODE - ok
19:43:15.0437 4664 cd20xrnt - ok
19:43:15.0453 4664 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:43:15.0453 4664 Cdaudio - ok
19:43:15.0468 4664 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:43:15.0468 4664 Cdfs - ok
19:43:15.0484 4664 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:43:15.0484 4664 Cdrom - ok
19:43:15.0484 4664 Changer - ok
19:43:15.0515 4664 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
19:43:15.0562 4664 CLEDX - ok
19:43:15.0562 4664 CmdIde - ok
19:43:15.0578 4664 Cpqarray - ok
19:43:15.0593 4664 dac2w2k - ok
19:43:15.0593 4664 dac960nt - ok
19:43:15.0640 4664 DELTA (b34dafa517f838b82a4256b08346917f) C:\WINDOWS\system32\DRIVERS\delta.sys
19:43:15.0687 4664 DELTA - ok
19:43:15.0687 4664 DELTAII - ok
19:43:15.0718 4664 DigiFilter (ba912376605b72b1039da461c1fa19c6) C:\WINDOWS\system32\drivers\DigiFilt.sys
19:43:15.0718 4664 DigiFilter - ok
19:43:15.0718 4664 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:43:15.0718 4664 Disk - ok
19:43:15.0750 4664 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:43:15.0765 4664 dmboot - ok
19:43:15.0765 4664 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:43:15.0781 4664 dmio - ok
19:43:15.0781 4664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:43:15.0781 4664 dmload - ok
19:43:15.0796 4664 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:43:15.0812 4664 DMusic - ok
19:43:15.0812 4664 dpti2o - ok
19:43:15.0828 4664 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:43:15.0828 4664 drmkaud - ok
19:43:15.0859 4664 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:43:15.0859 4664 Fastfat - ok
19:43:15.0875 4664 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:43:15.0875 4664 Fdc - ok
19:43:15.0890 4664 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
19:43:15.0906 4664 FilterService - ok
19:43:15.0921 4664 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:43:15.0921 4664 Fips - ok
19:43:15.0953 4664 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:43:15.0953 4664 Flpydisk - ok
19:43:15.0968 4664 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:43:15.0968 4664 FltMgr - ok
19:43:15.0984 4664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:43:15.0984 4664 Fs_Rec - ok
19:43:16.0000 4664 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:43:16.0000 4664 Ftdisk - ok
19:43:16.0031 4664 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:43:16.0046 4664 GEARAspiWDM - ok
19:43:16.0062 4664 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:43:16.0078 4664 Gpc - ok
19:43:16.0093 4664 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:43:16.0109 4664 HDAudBus - ok
19:43:16.0125 4664 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:43:16.0125 4664 hidusb - ok
19:43:16.0140 4664 hpn - ok
19:43:16.0171 4664 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:43:16.0171 4664 HTTP - ok
19:43:16.0171 4664 i2omgmt - ok
19:43:16.0187 4664 i2omp - ok
19:43:16.0203 4664 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:43:16.0203 4664 i8042prt - ok
19:43:16.0218 4664 iLokDrvr (70f8e874262ab5854ffc9d70f8b9b68c) C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys
19:43:16.0281 4664 iLokDrvr - ok
19:43:16.0296 4664 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:43:16.0296 4664 Imapi - ok
19:43:16.0312 4664 ini910u - ok
19:43:16.0312 4664 IntelIde - ok
19:43:16.0359 4664 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:43:16.0359 4664 intelppm - ok
19:43:16.0375 4664 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:43:16.0375 4664 Ip6Fw - ok
19:43:16.0390 4664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:43:16.0406 4664 IpFilterDriver - ok
19:43:16.0421 4664 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:43:16.0421 4664 IpInIp - ok
19:43:16.0437 4664 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:43:16.0437 4664 IpNat - ok
19:43:16.0453 4664 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:43:16.0453 4664 IPSec - ok
19:43:16.0484 4664 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
19:43:16.0484 4664 irda - ok
19:43:16.0500 4664 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:43:16.0500 4664 IRENUM - ok
19:43:16.0515 4664 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:43:16.0515 4664 isapnp - ok
19:43:16.0531 4664 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
19:43:16.0531 4664 JGOGO - ok
19:43:16.0531 4664 JRAID (8f55efd8b7d99465c16d06b345d50ca9) C:\WINDOWS\system32\DRIVERS\jraid.sys
19:43:16.0546 4664 JRAID - ok
19:43:16.0578 4664 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:43:16.0578 4664 Kbdclass - ok
19:43:16.0578 4664 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:43:16.0578 4664 kbdhid - ok
19:43:16.0609 4664 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:43:16.0609 4664 kmixer - ok
19:43:16.0625 4664 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:43:16.0625 4664 KSecDD - ok
19:43:16.0640 4664 lbrtfdc - ok
19:43:16.0703 4664 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
19:43:16.0750 4664 lvpopflt - ok
19:43:16.0765 4664 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
19:43:16.0765 4664 LVPr2Mon - ok
19:43:16.0796 4664 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
19:43:16.0812 4664 LVRS - ok
19:43:16.0828 4664 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
19:43:16.0828 4664 LVUSBSta - ok
19:43:16.0984 4664 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
19:43:17.0093 4664 LVUVC - ok
19:43:17.0125 4664 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
19:43:17.0125 4664 MBAMProtector - ok
19:43:17.0140 4664 mcdbus - ok
19:43:17.0234 4664 mdf16 (b066b4b2910c670530b63d5e924e8a2b) C:\Documents and Settings\Owner\Local Settings\Application Data\Temp\mdf16.sys
19:43:17.0265 4664 mdf16 - ok
19:43:17.0312 4664 MDFSYSNT (3f6542dbf1fcaa30cb6a42719a24bd71) C:\WINDOWS\system32\drivers\MDFSYSNT.sys
19:43:17.0328 4664 MDFSYSNT - ok
19:43:17.0343 4664 MDPMGRNT (71c3f8fa39c7409bca9099e44c19dd78) C:\WINDOWS\system32\drivers\MDPMGRNT.sys
19:43:17.0343 4664 MDPMGRNT - ok
19:43:17.0359 4664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:43:17.0359 4664 mnmdd - ok
19:43:17.0390 4664 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:43:17.0390 4664 Modem - ok
19:43:17.0406 4664 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:43:17.0421 4664 Mouclass - ok
19:43:17.0421 4664 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:43:17.0421 4664 mouhid - ok
19:43:17.0437 4664 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:43:17.0437 4664 MountMgr - ok
19:43:17.0453 4664 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
19:43:17.0453 4664 MPE - ok
19:43:17.0468 4664 mraid35x - ok
19:43:17.0484 4664 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:43:17.0484 4664 MRxDAV - ok
19:43:17.0500 4664 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:43:17.0515 4664 MRxSmb - ok
19:43:17.0562 4664 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:43:17.0562 4664 Msfs - ok
19:43:17.0578 4664 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:43:17.0578 4664 MSKSSRV - ok
19:43:17.0656 4664 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:43:17.0656 4664 MSPCLOCK - ok
19:43:17.0734 4664 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:43:17.0765 4664 MSPQM - ok
19:43:17.0890 4664 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:43:17.0906 4664 mssmbios - ok
19:43:18.0000 4664 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:43:18.0000 4664 MSTEE - ok
19:43:18.0031 4664 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:43:18.0031 4664 MTsensor - ok
19:43:18.0046 4664 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:43:18.0046 4664 Mup - ok
19:43:18.0062 4664 mvd23 (624197ec77bfbdf65cb21dd775e982da) C:\Documents and Settings\Owner\Local Settings\Application Data\Temp\mvd23.sys
19:43:18.0093 4664 mvd23 - ok
19:43:18.0125 4664 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:43:18.0125 4664 NABTSFEC - ok
19:43:18.0140 4664 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:43:18.0140 4664 NDIS - ok
19:43:18.0156 4664 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:43:18.0156 4664 NdisIP - ok
19:43:18.0187 4664 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:43:18.0187 4664 NdisTapi - ok
19:43:18.0218 4664 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:43:18.0218 4664 Ndisuio - ok
19:43:18.0234 4664 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:43:18.0234 4664 NdisWan - ok
19:43:18.0265 4664 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:43:18.0265 4664 NDProxy - ok
19:43:18.0296 4664 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\WINDOWS\system32\DRIVERS\netaapl.sys
19:43:18.0359 4664 Netaapl - ok
19:43:18.0375 4664 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:43:18.0375 4664 NetBIOS - ok
19:43:18.0406 4664 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:43:18.0406 4664 NetBT - ok
19:43:18.0421 4664 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:43:18.0421 4664 NIC1394 - ok
19:43:18.0437 4664 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:43:18.0437 4664 Npfs - ok
19:43:18.0468 4664 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:43:18.0484 4664 Ntfs - ok
19:43:18.0515 4664 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
19:43:18.0515 4664 NuidFltr - ok
19:43:18.0531 4664 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:43:18.0531 4664 Null - ok
19:43:18.0671 4664 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:43:18.0781 4664 nv - ok
19:43:18.0812 4664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:43:18.0812 4664 NwlnkFlt - ok
19:43:18.0828 4664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:43:18.0828 4664 NwlnkFwd - ok
19:43:18.0843 4664 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:43:18.0843 4664 ohci1394 - ok
19:43:18.0875 4664 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:43:18.0875 4664 Parport - ok
19:43:18.0875 4664 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:43:18.0875 4664 PartMgr - ok
19:43:18.0921 4664 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:43:18.0921 4664 ParVdm - ok
19:43:18.0921 4664 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:43:18.0921 4664 PCI - ok
19:43:18.0937 4664 PCIDump - ok
19:43:18.0953 4664 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:43:18.0953 4664 PCIIde - ok
19:43:18.0968 4664 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:43:18.0984 4664 Pcmcia - ok
19:43:18.0984 4664 PDCOMP - ok
19:43:19.0000 4664 PDFRAME - ok
19:43:19.0000 4664 PDRELI - ok
19:43:19.0015 4664 PDRFRAME - ok
19:43:19.0015 4664 perc2 - ok
19:43:19.0015 4664 perc2hib - ok
19:43:19.0046 4664 pgusbmme (d44ceb091e6f051b16bdbadf498abb28) C:\WINDOWS\system32\drivers\pgusbmm3.sys
19:43:19.0093 4664 pgusbmme - ok
19:43:19.0109 4664 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
19:43:19.0109 4664 Point32 - ok
19:43:19.0125 4664 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:43:19.0125 4664 PptpMiniport - ok
19:43:19.0140 4664 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:43:19.0140 4664 PSched - ok
19:43:19.0171 4664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:43:19.0171 4664 Ptilink - ok
19:43:19.0187 4664 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:43:19.0187 4664 PxHelp20 - ok
19:43:19.0203 4664 ql1080 - ok
19:43:19.0203 4664 Ql10wnt - ok
19:43:19.0218 4664 ql12160 - ok
19:43:19.0218 4664 ql1240 - ok
19:43:19.0234 4664 ql1280 - ok
19:43:19.0250 4664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:43:19.0250 4664 RasAcd - ok
19:43:19.0265 4664 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
19:43:19.0265 4664 Rasirda - ok
19:43:19.0265 4664 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:43:19.0265 4664 Rasl2tp - ok
19:43:19.0281 4664 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:43:19.0281 4664 RasPppoe - ok
19:43:19.0296 4664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:43:19.0296 4664 Raspti - ok
19:43:19.0312 4664 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:43:19.0312 4664 Rdbss - ok
19:43:19.0328 4664 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:43:19.0328 4664 RDPCDD - ok
19:43:19.0343 4664 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:43:19.0343 4664 rdpdr - ok
19:43:19.0375 4664 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:43:19.0375 4664 RDPWD - ok
19:43:19.0390 4664 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:43:19.0390 4664 redbook - ok
19:43:19.0421 4664 RTLWUSB (05552e37b5c0b53b7e4b95a850447e85) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
19:43:19.0421 4664 RTLWUSB - ok
19:43:19.0437 4664 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
19:43:19.0437 4664 sbp2port - ok
19:43:19.0468 4664 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:43:19.0468 4664 Secdrv - ok
19:43:19.0500 4664 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
19:43:19.0500 4664 SenFiltService - ok
19:43:19.0531 4664 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:43:19.0531 4664 serenum - ok
19:43:19.0546 4664 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:43:19.0546 4664 Serial - ok
19:43:19.0578 4664 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:43:19.0578 4664 Sfloppy - ok
19:43:19.0578 4664 Simbad - ok
19:43:19.0593 4664 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:43:19.0593 4664 SLIP - ok
19:43:19.0625 4664 snapman (bcc773872041aa59bc9a6cf770fb32e2) C:\WINDOWS\system32\DRIVERS\snapman.sys
19:43:19.0625 4664 snapman - ok
19:43:19.0640 4664 Sparrow - ok
19:43:19.0656 4664 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:43:19.0671 4664 splitter - ok
19:43:19.0687 4664 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:43:19.0687 4664 sr - ok
19:43:19.0703 4664 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:43:19.0703 4664 Srv - ok
19:43:19.0734 4664 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys
19:43:19.0734 4664 STIrUsb - ok
19:43:19.0750 4664 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:43:19.0750 4664 streamip - ok
19:43:19.0765 4664 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:43:19.0765 4664 swenum - ok
19:43:19.0781 4664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:43:19.0781 4664 swmidi - ok
19:43:19.0796 4664 symc810 - ok
19:43:19.0812 4664 symc8xx - ok
19:43:19.0812 4664 sym_hi - ok
19:43:19.0828 4664 sym_u3 - ok
19:43:19.0843 4664 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:43:19.0843 4664 sysaudio - ok
19:43:19.0875 4664 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:43:19.0875 4664 Tcpip - ok
19:43:19.0906 4664 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:43:19.0906 4664 TDPIPE - ok
19:43:19.0921 4664 tdrpman (eb53ec341458256deae2ad58822c4a17) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
19:43:19.0937 4664 tdrpman - ok
19:43:19.0953 4664 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:43:19.0968 4664 TDTCP - ok
19:43:19.0984 4664 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:43:19.0984 4664 TermDD - ok
19:43:20.0000 4664 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
19:43:20.0000 4664 tifsfilter - ok
19:43:20.0015 4664 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
19:43:20.0031 4664 timounter - ok
19:43:20.0062 4664 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
19:43:20.0062 4664 tmactmon - ok
19:43:20.0093 4664 tmcfw (7c5ca15a4993e101bf3cc521984c885a) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
19:43:20.0093 4664 tmcfw - ok
19:43:20.0140 4664 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
19:43:20.0140 4664 tmcomm - ok
19:43:20.0140 4664 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
19:43:20.0140 4664 tmevtmgr - ok
19:43:20.0156 4664 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
19:43:20.0156 4664 tmtdi - ok
19:43:20.0156 4664 TosIde - ok
19:43:20.0187 4664 TPkd (2f4e8077febfe11199ee3b011a34cd18) C:\WINDOWS\system32\drivers\TPkd.sys
19:43:20.0187 4664 TPkd - ok
19:43:20.0218 4664 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:43:20.0218 4664 Udfs - ok
19:43:20.0234 4664 ultra - ok
19:43:20.0265 4664 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:43:20.0281 4664 Update - ok
19:43:20.0296 4664 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:43:20.0312 4664 USBAAPL - ok
19:43:20.0328 4664 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:43:20.0343 4664 usbaudio - ok
19:43:20.0359 4664 usbbus (adb68aa60ef991ce2e217223fa20b4ff) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
19:43:20.0359 4664 usbbus - ok
19:43:20.0390 4664 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:43:20.0390 4664 usbccgp - ok
19:43:20.0406 4664 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:43:20.0421 4664 usbehci - ok
19:43:20.0437 4664 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:43:20.0437 4664 usbhub - ok
19:43:20.0453 4664 USBModem (a2b99411e10287f327a9820d260e7fe4) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
19:43:20.0453 4664 USBModem - ok
19:43:20.0484 4664 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:43:20.0484 4664 usbprint - ok
19:43:20.0500 4664 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:43:20.0500 4664 usbscan - ok
19:43:20.0515 4664 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:43:20.0515 4664 USBSTOR - ok
19:43:20.0531 4664 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:43:20.0531 4664 usbuhci - ok
19:43:20.0531 4664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:43:20.0531 4664 VgaSave - ok
19:43:20.0546 4664 ViaIde - ok
19:43:20.0546 4664 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:43:20.0562 4664 VolSnap - ok
19:43:20.0578 4664 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:43:20.0578 4664 Wanarp - ok
19:43:20.0609 4664 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:43:20.0625 4664 Wdf01000 - ok
19:43:20.0625 4664 WDICA - ok
19:43:20.0656 4664 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:43:20.0656 4664 wdmaud - ok
19:43:20.0703 4664 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:43:20.0703 4664 WSTCODEC - ok
19:43:20.0734 4664 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:43:20.0734 4664 WudfPf - ok
19:43:20.0750 4664 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:43:20.0750 4664 WudfRd - ok
19:43:20.0781 4664 yukonwxp (05d48e56ea2612d39a4e7f0ecc17b917) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
19:43:20.0781 4664 yukonwxp - ok
19:43:20.0781 4664 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk0\DR0
19:43:20.0796 4664 \Device\Harddisk0\DR0 - ok
19:43:20.0796 4664 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:43:20.0953 4664 \Device\Harddisk1\DR1 - ok
19:43:20.0953 4664 Boot (0x1200) (e5a0b4bd7e9efd71e647f9d699066186) \Device\Harddisk0\DR0\Partition0
19:43:20.0953 4664 \Device\Harddisk0\DR0\Partition0 - ok
19:43:20.0984 4664 Boot (0x1200) (79ffffcf96dd869dc92fb5a88a1cd33e) \Device\Harddisk1\DR1\Partition0
19:43:20.0984 4664 \Device\Harddisk1\DR1\Partition0 - ok
19:43:20.0984 4664 Boot (0x1200) (c8cbc3f3a8287bf5c4e7a6513da5e52e) \Device\Harddisk1\DR1\Partition1
19:43:20.0984 4664 \Device\Harddisk1\DR1\Partition1 - ok
19:43:20.0984 4664 ============================================================
19:43:20.0984 4664 Scan finished
19:43:20.0984 4664 ============================================================
19:43:20.0984 4504 Detected object count: 0
19:43:20.0984 4504 Actual detected object count: 0
19:44:25.0968 4368 ============================================================
19:44:25.0968 4368 Scan started
19:44:25.0968 4368 Mode: Manual; SigCheck; TDLFS;
19:44:25.0968 4368 ============================================================
19:44:26.0250 4368 3xHybrid (1d417b18530a26ef02c5dfb03710205d) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
19:44:26.0500 4368 3xHybrid ( UnsignedFile.Multi.Generic ) - warning
19:44:26.0500 4368 3xHybrid - detected UnsignedFile.Multi.Generic (1)
19:44:26.0500 4368 Abiosdsk - ok
19:44:26.0515 4368 abp480n5 - ok
19:44:26.0546 4368 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:44:26.0781 4368 ACPI - ok
19:44:26.0812 4368 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:44:26.0906 4368 ACPIEC - ok
19:44:26.0921 4368 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:44:26.0968 4368 ADIHdAudAddService - ok
19:44:26.0968 4368 adpu160m - ok
19:44:26.0984 4368 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
19:44:27.0015 4368 AEAudio - ok
19:44:27.0031 4368 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:44:27.0140 4368 aec - ok
19:44:27.0156 4368 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:44:27.0171 4368 AegisP ( UnsignedFile.Multi.Generic ) - warning
19:44:27.0171 4368 AegisP - detected UnsignedFile.Multi.Generic (1)
19:44:27.0203 4368 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:44:27.0218 4368 AFD - ok
19:44:27.0234 4368 Aha154x - ok
19:44:27.0234 4368 aic78u2 - ok
19:44:27.0250 4368 aic78xx - ok
19:44:27.0250 4368 AliIde - ok
19:44:27.0265 4368 amsint - ok
19:44:27.0296 4368 ApogeeUSBAudio (e13edc0c6b738ab7a7a6190fc8618d97) C:\WINDOWS\system32\Drivers\ApogeeM.sys
19:44:27.0312 4368 ApogeeUSBAudio ( UnsignedFile.Multi.Generic ) - warning
19:44:27.0312 4368 ApogeeUSBAudio - detected UnsignedFile.Multi.Generic (1)
19:44:27.0312 4368 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:44:27.0406 4368 Arp1394 - ok
19:44:27.0437 4368 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
19:44:27.0437 4368 Asapi ( UnsignedFile.Multi.Generic ) - warning
19:44:27.0437 4368 Asapi - detected UnsignedFile.Multi.Generic (1)
19:44:27.0437 4368 asc - ok
19:44:27.0453 4368 asc3350p - ok
19:44:27.0453 4368 asc3550 - ok
19:44:27.0484 4368 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:44:27.0578 4368 AsyncMac - ok
19:44:27.0593 4368 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:44:27.0687 4368 atapi - ok
19:44:27.0703 4368 Atdisk - ok
19:44:27.0718 4368 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:44:27.0812 4368 Atmarpc - ok
19:44:27.0828 4368 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:44:27.0921 4368 audstub - ok
19:44:27.0953 4368 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:44:28.0046 4368 Beep - ok
19:44:28.0078 4368 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:44:28.0171 4368 cbidf2k - ok
19:44:28.0187 4368 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:44:28.0281 4368 CCDECODE - ok
19:44:28.0281 4368 cd20xrnt - ok
19:44:28.0312 4368 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:44:28.0421 4368 Cdaudio - ok
19:44:28.0421 4368 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:44:28.0515 4368 Cdfs - ok
19:44:28.0531 4368 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:44:28.0625 4368 Cdrom - ok
19:44:28.0625 4368 Changer - ok
19:44:28.0656 4368 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
19:44:28.0671 4368 CLEDX ( UnsignedFile.Multi.Generic ) - warning
19:44:28.0671 4368 CLEDX - detected UnsignedFile.Multi.Generic (1)
19:44:28.0671 4368 CmdIde - ok
19:44:28.0687 4368 Cpqarray - ok
19:44:28.0687 4368 dac2w2k - ok
19:44:28.0703 4368 dac960nt - ok
19:44:28.0734 4368 DELTA (b34dafa517f838b82a4256b08346917f) C:\WINDOWS\system32\DRIVERS\delta.sys
19:44:28.0750 4368 DELTA ( UnsignedFile.Multi.Generic ) - warning
19:44:28.0750 4368 DELTA - detected UnsignedFile.Multi.Generic (1)
19:44:28.0765 4368 DELTAII - ok
19:44:28.0781 4368 DigiFilter (ba912376605b72b1039da461c1fa19c6) C:\WINDOWS\system32\drivers\DigiFilt.sys
19:44:28.0781 4368 DigiFilter ( UnsignedFile.Multi.Generic ) - warning
19:44:28.0781 4368 DigiFilter - detected UnsignedFile.Multi.Generic (1)
19:44:28.0796 4368 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:44:28.0890 4368 Disk - ok
19:44:28.0937 4368 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:44:29.0031 4368 dmboot - ok
19:44:29.0046 4368 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:44:29.0140 4368 dmio - ok
19:44:29.0140 4368 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:44:29.0234 4368 dmload - ok
19:44:29.0265 4368 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:44:29.0359 4368 DMusic - ok
19:44:29.0375 4368 dpti2o - ok
19:44:29.0390 4368 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:44:29.0484 4368 drmkaud - ok
19:44:29.0515 4368 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:44:29.0609 4368 Fastfat - ok
19:44:29.0609 4368 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:44:29.0703 4368 Fdc - ok
19:44:29.0734 4368 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
19:44:29.0812 4368 FilterService - ok
19:44:29.0828 4368 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:44:29.0921 4368 Fips - ok
19:44:29.0937 4368 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:44:30.0031 4368 Flpydisk - ok
19:44:30.0031 4368 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:44:30.0140 4368 FltMgr - ok
19:44:30.0156 4368 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:44:30.0250 4368 Fs_Rec - ok
19:44:30.0265 4368 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:44:30.0359 4368 Ftdisk - ok
19:44:30.0390 4368 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:44:30.0406 4368 GEARAspiWDM - ok
19:44:30.0406 4368 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:44:30.0500 4368 Gpc - ok
19:44:30.0515 4368 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:44:30.0625 4368 HDAudBus - ok
19:44:30.0640 4368 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:44:30.0734 4368 hidusb - ok
19:44:30.0750 4368 hpn - ok
19:44:30.0781 4368 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:44:30.0812 4368 HTTP - ok
19:44:30.0812 4368 i2omgmt - ok
19:44:30.0828 4368 i2omp - ok
19:44:30.0828 4368 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:44:30.0921 4368 i8042prt - ok
19:44:30.0953 4368 iLokDrvr (70f8e874262ab5854ffc9d70f8b9b68c) C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys
19:44:30.0953 4368 iLokDrvr - ok
19:44:30.0968 4368 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:44:31.0062 4368 Imapi - ok
19:44:31.0078 4368 ini910u - ok
19:44:31.0078 4368 IntelIde - ok
19:44:31.0109 4368 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:44:31.0187 4368 intelppm - ok
19:44:31.0203 4368 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:44:31.0312 4368 Ip6Fw - ok
19:44:31.0328 4368 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:44:31.0437 4368 IpFilterDriver - ok
19:44:31.0453 4368 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:44:31.0546 4368 IpInIp - ok
19:44:31.0562 4368 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:44:31.0671 4368 IpNat - ok
19:44:31.0687 4368 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:44:31.0781 4368 IPSec - ok
19:44:31.0796 4368 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
19:44:31.0890 4368 irda - ok
19:44:31.0906 4368 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:44:32.0000 4368 IRENUM - ok
19:44:32.0031 4368 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:44:32.0109 4368 isapnp - ok
19:44:32.0140 4368 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
19:44:32.0156 4368 JGOGO - ok
19:44:32.0171 4368 JRAID (8f55efd8b7d99465c16d06b345d50ca9) C:\WINDOWS\system32\DRIVERS\jraid.sys
19:44:32.0187 4368 JRAID - ok
19:44:32.0203 4368 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:44:32.0296 4368 Kbdclass - ok
19:44:32.0328 4368 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:44:32.0421 4368 kbdhid - ok
19:44:32.0437 4368 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:44:32.0531 4368 kmixer - ok
19:44:32.0546 4368 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:44:32.0609 4368 KSecDD - ok
19:44:32.0609 4368 lbrtfdc - ok
19:44:32.0687 4368 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
19:44:32.0734 4368 lvpopflt - ok
19:44:32.0765 4368 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
19:44:32.0781 4368 LVPr2Mon - ok
19:44:32.0812 4368 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
19:44:32.0828 4368 LVRS - ok
19:44:32.0859 4368 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
19:44:32.0875 4368 LVUSBSta - ok
19:44:33.0015 4368 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
19:44:33.0203 4368 LVUVC - ok
19:44:33.0234 4368 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
19:44:33.0250 4368 MBAMProtector - ok
19:44:33.0250 4368 mcdbus - ok
19:44:33.0343 4368 mdf16 (b066b4b2910c670530b63d5e924e8a2b) C:\Documents and Settings\Owner\Local Settings\Application Data\Temp\mdf16.sys
19:44:33.0359 4368 mdf16 - ok
19:44:33.0406 4368 MDFSYSNT (3f6542dbf1fcaa30cb6a42719a24bd71) C:\WINDOWS\system32\drivers\MDFSYSNT.sys
19:44:33.0421 4368 MDFSYSNT ( UnsignedFile.Multi.Generic ) - warning
19:44:33.0421 4368 MDFSYSNT - detected UnsignedFile.Multi.Generic (1)
19:44:33.0437 4368 MDPMGRNT (71c3f8fa39c7409bca9099e44c19dd78) C:\WINDOWS\system32\drivers\MDPMGRNT.sys
19:44:33.0453 4368 MDPMGRNT ( UnsignedFile.Multi.Generic ) - warning
19:44:33.0453 4368 MDPMGRNT - detected UnsignedFile.Multi.Generic (1)
19:44:33.0468 4368 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:44:33.0578 4368 mnmdd - ok
19:44:33.0593 4368 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:44:33.0703 4368 Modem - ok
19:44:33.0718 4368 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:44:33.0828 4368 Mouclass - ok
19:44:33.0843 4368 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:44:33.0953 4368 mouhid - ok
19:44:33.0953 4368 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:44:34.0062 4368 MountMgr - ok
19:44:34.0078 4368 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
19:44:34.0171 4368 MPE - ok
19:44:34.0171 4368 mraid35x - ok
19:44:34.0187 4368 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:44:34.0281 4368 MRxDAV - ok
19:44:34.0312 4368 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:44:34.0375 4368 MRxSmb - ok
19:44:34.0375 4368 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:44:34.0468 4368 Msfs - ok
19:44:34.0484 4368 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:44:34.0593 4368 MSKSSRV - ok
19:44:34.0609 4368 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:44:34.0687 4368 MSPCLOCK - ok
19:44:34.0703 4368 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:44:34.0796 4368 MSPQM - ok
19:44:34.0812 4368 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:44:34.0906 4368 mssmbios - ok
19:44:34.0921 4368 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:44:35.0015 4368 MSTEE - ok
19:44:35.0046 4368 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:44:35.0078 4368 MTsensor - ok
19:44:35.0093 4368 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:44:35.0109 4368 Mup - ok
19:44:35.0203 4368 mvd23 (624197ec77bfbdf65cb21dd775e982da) C:\Documents and Settings\Owner\Local Settings\Application Data\Temp\mvd23.sys
19:44:35.0218 4368 mvd23 - ok
19:44:35.0234 4368 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:44:35.0328 4368 NABTSFEC - ok
19:44:35.0343 4368 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:44:35.0453 4368 NDIS - ok
19:44:35.0468 4368 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:44:35.0562 4368 NdisIP - ok
19:44:35.0593 4368 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:44:35.0640 4368 NdisTapi - ok
19:44:35.0656 4368 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:44:35.0765 4368 Ndisuio - ok
19:44:35.0765 4368 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:44:35.0859 4368 NdisWan - ok
19:44:35.0875 4368 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:44:35.0890 4368 NDProxy - ok
19:44:35.0921 4368 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\WINDOWS\system32\DRIVERS\netaapl.sys
19:44:35.0937 4368 Netaapl ( UnsignedFile.Multi.Generic ) - warning
19:44:35.0937 4368 Netaapl - detected UnsignedFile.Multi.Generic (1)
19:44:35.0953 4368 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:44:36.0031 4368 NetBIOS - ok
19:44:36.0062 4368 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:44:36.0156 4368 NetBT - ok
19:44:36.0187 4368 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:44:36.0296 4368 NIC1394 - ok
19:44:36.0296 4368 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:44:36.0390 4368 Npfs - ok
19:44:36.0421 4368 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:44:36.0531 4368 Ntfs - ok
19:44:36.0562 4368 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
19:44:36.0578 4368 NuidFltr - ok
19:44:36.0593 4368 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:44:36.0687 4368 Null - ok
19:44:36.0828 4368 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:44:37.0015 4368 nv - ok
19:44:37.0031 4368 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:44:37.0125 4368 NwlnkFlt - ok
19:44:37.0140 4368 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:44:37.0234 4368 NwlnkFwd - ok
19:44:37.0250 4368 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:44:37.0343 4368 ohci1394 - ok
19:44:37.0359 4368 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:44:37.0468 4368 Parport - ok
19:44:37.0468 4368 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:44:37.0578 4368 PartMgr - ok
19:44:37.0593 4368 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:44:37.0687 4368 ParVdm - ok
19:44:37.0687 4368 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:44:37.0812 4368 PCI - ok
19:44:37.0812 4368 PCIDump - ok
19:44:37.0828 4368 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:44:37.0921 4368 PCIIde - ok
19:44:37.0937 4368 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:44:38.0015 4368 Pcmcia - ok
19:44:38.0031 4368 PDCOMP - ok
19:44:38.0031 4368 PDFRAME - ok
19:44:38.0046 4368 PDRELI - ok
19:44:38.0046 4368 PDRFRAME - ok
19:44:38.0062 4368 perc2 - ok
19:44:38.0062 4368 perc2hib - ok
19:44:38.0093 4368 pgusbmme (d44ceb091e6f051b16bdbadf498abb28) C:\WINDOWS\system32\drivers\pgusbmm3.sys
19:44:38.0109 4368 pgusbmme ( UnsignedFile.Multi.Generic ) - warning
19:44:38.0109 4368 pgusbmme - detected UnsignedFile.Multi.Generic (1)
19:44:38.0140 4368 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
19:44:38.0156 4368 Point32 - ok
19:44:38.0156 4368 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:44:38.0265 4368 PptpMiniport - ok
19:44:38.0265 4368 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:44:38.0359 4368 PSched - ok
19:44:38.0390 4368 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:44:38.0500 4368 Ptilink - ok
19:44:38.0515 4368 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:44:38.0531 4368 PxHelp20 - ok
19:44:38.0531 4368 ql1080 - ok
19:44:38.0546 4368 Ql10wnt - ok
19:44:38.0546 4368 ql12160 - ok
19:44:38.0546 4368 ql1240 - ok
19:44:38.0562 4368 ql1280 - ok
19:44:38.0578 4368 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:44:38.0671 4368 RasAcd - ok
19:44:38.0687 4368 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
19:44:38.0734 4368 Rasirda - ok
19:44:38.0750 4368 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:44:38.0843 4368 Rasl2tp - ok
19:44:38.0875 4368 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:44:38.0953 4368 RasPppoe - ok
19:44:38.0968 4368 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:44:39.0062 4368 Raspti - ok
19:44:39.0078 4368 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:44:39.0171 4368 Rdbss - ok
19:44:39.0187 4368 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:44:39.0281 4368 RDPCDD - ok
19:44:39.0296 4368 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:44:39.0406 4368 rdpdr - ok
19:44:39.0437 4368 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:44:39.0468 4368 RDPWD - ok
19:44:39.0468 4368 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:44:39.0562 4368 redbook - ok
19:44:39.0593 4368 RTLWUSB (05552e37b5c0b53b7e4b95a850447e85) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
19:44:39.0640 4368 RTLWUSB - ok
19:44:39.0656 4368 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
19:44:39.0750 4368 sbp2port - ok
19:44:39.0765 4368 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:44:39.0859 4368 Secdrv - ok
19:44:39.0906 4368 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
19:44:39.0937 4368 SenFiltService - ok
19:44:39.0968 4368 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:44:40.0062 4368 serenum - ok
19:44:40.0078 4368 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:44:40.0187 4368 Serial - ok
19:44:40.0203 4368 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:44:40.0281 4368 Sfloppy - ok
19:44:40.0296 4368 Simbad - ok
19:44:40.0312 4368 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:44:40.0406 4368 SLIP - ok
19:44:40.0421 4368 snapman (bcc773872041aa59bc9a6cf770fb32e2) C:\WINDOWS\system32\DRIVERS\snapman.sys
19:44:40.0437 4368 snapman - ok
19:44:40.0453 4368 Sparrow - ok
19:44:40.0468 4368 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:44:40.0546 4368 splitter - ok
19:44:40.0562 4368 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:44:40.0656 4368 sr - ok
19:44:40.0687 4368 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:44:40.0734 4368 Srv - ok
19:44:40.0765 4368 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys
19:44:40.0828 4368 STIrUsb - ok
19:44:40.0843 4368 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:44:40.0937 4368 streamip - ok
19:44:40.0937 4368 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:44:41.0031 4368 swenum - ok
19:44:41.0046 4368 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:44:41.0140 4368 swmidi - ok
19:44:41.0156 4368 symc810 - ok
19:44:41.0156 4368 symc8xx - ok
19:44:41.0171 4368 sym_hi - ok
19:44:41.0171 4368 sym_u3 - ok
19:44:41.0187 4368 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:44:41.0281 4368 sysaudio - ok
19:44:41.0328 4368 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:44:41.0375 4368 Tcpip - ok
19:44:41.0406 4368 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:44:41.0500 4368 TDPIPE - ok
19:44:41.0500 4368 tdrpman (eb53ec341458256deae2ad58822c4a17) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
19:44:41.0531 4368 tdrpman - ok
19:44:41.0562 4368 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:44:41.0656 4368 TDTCP - ok
19:44:41.0671 4368 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:44:41.0765 4368 TermDD - ok
19:44:41.0781 4368 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
19:44:41.0796 4368 tifsfilter - ok
19:44:41.0812 4368 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
19:44:41.0828 4368 timounter - ok
19:44:41.0875 4368 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
19:44:41.0890 4368 tmactmon - ok
19:44:41.0921 4368 tmcfw (7c5ca15a4993e101bf3cc521984c885a) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
19:44:41.0937 4368 tmcfw - ok
19:44:41.0968 4368 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
19:44:41.0984 4368 tmcomm - ok
19:44:41.0984 4368 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
19:44:42.0000 4368 tmevtmgr - ok
19:44:42.0000 4368 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
19:44:42.0015 4368 tmtdi - ok
19:44:42.0031 4368 TosIde - ok
19:44:42.0046 4368 TPkd (2f4e8077febfe11199ee3b011a34cd18) C:\WINDOWS\system32\drivers\TPkd.sys
19:44:42.0062 4368 TPkd - ok
19:44:42.0078 4368 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:44:42.0171 4368 Udfs - ok
19:44:42.0187 4368 ultra - ok
19:44:42.0218 4368 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:44:42.0312 4368 Update - ok
19:44:42.0343 4368 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:44:42.0390 4368 USBAAPL - ok
19:44:42.0421 4368 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:44:42.0531 4368 usbaudio - ok
19:44:42.0546 4368 usbbus (adb68aa60ef991ce2e217223fa20b4ff) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
19:44:42.0625 4368 usbbus - ok
19:44:42.0640 4368 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:44:42.0750 4368 usbccgp - ok
19:44:42.0765 4368 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:44:42.0859 4368 usbehci - ok
19:44:42.0890 4368 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:44:42.0984 4368 usbhub - ok
19:44:43.0000 4368 USBModem (a2b99411e10287f327a9820d260e7fe4) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
19:44:43.0015 4368 USBModem - ok
19:44:43.0031 4368 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:44:43.0140 4368 usbprint - ok
19:44:43.0156 4368 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:44:43.0265 4368 usbscan - ok
19:44:43.0281 4368 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:44:43.0390 4368 USBSTOR - ok
19:44:43.0406 4368 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:44:43.0515 4368 usbuhci - ok
19:44:43.0515 4368 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:44:43.0609 4368 VgaSave - ok
19:44:43.0625 4368 ViaIde - ok
19:44:43.0640 4368 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:44:43.0734 4368 VolSnap - ok
19:44:43.0734 4368 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:44:43.0828 4368 Wanarp - ok
19:44:43.0859 4368 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:44:43.0875 4368 Wdf01000 - ok
19:44:43.0890 4368 WDICA - ok
19:44:43.0906 4368 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:44:44.0000 4368 wdmaud - ok
19:44:44.0031 4368 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:44:44.0125 4368 WSTCODEC - ok
19:44:44.0156 4368 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:44:44.0203 4368 WudfPf - ok
19:44:44.0218 4368 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:44:44.0234 4368 WudfRd - ok
19:44:44.0250 4368 yukonwxp (05d48e56ea2612d39a4e7f0ecc17b917) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
19:44:44.0296 4368 yukonwxp - ok
19:44:44.0296 4368 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk0\DR0
19:44:44.0343 4368 \Device\Harddisk0\DR0 - ok
19:44:44.0359 4368 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:44:44.0593 4368 \Device\Harddisk1\DR1 - ok
19:44:44.0593 4368 Boot (0x1200) (e5a0b4bd7e9efd71e647f9d699066186) \Device\Harddisk0\DR0\Partition0
19:44:44.0593 4368 \Device\Harddisk0\DR0\Partition0 - ok
19:44:44.0625 4368 Boot (0x1200) (79ffffcf96dd869dc92fb5a88a1cd33e) \Device\Harddisk1\DR1\Partition0
19:44:44.0625 4368 \Device\Harddisk1\DR1\Partition0 - ok
19:44:44.0625 4368 Boot (0x1200) (c8cbc3f3a8287bf5c4e7a6513da5e52e) \Device\Harddisk1\DR1\Partition1
19:44:44.0625 4368 \Device\Harddisk1\DR1\Partition1 - ok
19:44:44.0625 4368 ============================================================
19:44:44.0625 4368 Scan finished
19:44:44.0625 4368 ============================================================
19:44:44.0734 0828 Detected object count: 11
19:44:44.0734 0828 Actual detected object count: 11
19:45:26.0437 0828 3xHybrid ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:26.0437 0828 3xHybrid ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:26.0437 0828 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:26.0437 0828 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:26.0437 0828 ApogeeUSBAudio ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:26.0437 0828 ApogeeUSBAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:26.0437 0828 Asapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:26.0437 0828 Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:26.0437 0828 CLEDX ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:26.0437 0828 CLEDX ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:26.0453 0828 DELTA ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:26.0453 0828 DELTA ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:26.0453 0828 DigiFilter ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:26.0453 0828 DigiFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:26.0453 0828 MDFSYSNT ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:26.0453 0828 MDFSYSNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:26.0453 0828 MDPMGRNT ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:26.0453 0828 MDPMGRNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:26.0453 0828 Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:26.0453 0828 Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:26.0453 0828 pgusbmme ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:26.0453 0828 pgusbmme ( UnsignedFile.Multi.Generic ) - User select action: Skip
drbear's Avatar
Malware Removal Specialist with 16 posts.
  
Join Date: Jan 2012
30-Jan-2012, 05:30 AM #7
Hi djembe

Please read carefully and follow these steps:

1. Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: Combofix use

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

Close all open browsers.

2. Disable all of your Anti-Virus, Anti-Spyware programs. If you need help to disable them go to Disable Anti Malware, be sure to re-enable them before posting your reply.

3. Double click combofix.exe. For XP, if ComboFix offers to install a Recovery Console, you must permit it to do so. It is very dangerous to permit ComboFix to run unless the Recovery Console is installed.

When finished, it will produce a report for you at C:\ComboFix.txt.

4. Download OTL from any of the following links and save to your Desktop.
OTL1
OTL2
OTL3

Rename the program google.exe.

5. Disable all of your Anti-Virus, Anti-Spyware programs. If you need help to disable them go to Disable Anti Malware, be sure to re-enable them before posting your reply.

6. Double click on the google.exe icon to run it (Vista and Windows 7 users right click and select Run as Administrator). Make sure all other windows are closed and to let it run uninterrupted.

7. In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check". On the upper right be sure Use Company-Name WhiteList and Skip Microsoft Files are checked. Copy the code in the code box below and paste it into the Custom Scan box .

Code:
netsvcs
drivers32
CREATERESTOREPOINT
8. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.


As always please be sure Word Wrap is disabled in Notepad. Also be sure to check that the data you posted was not cut off by the sites posting size limits.

Now please post the following to me as a reply to this post:
ComboFix.txt
OTL.Txt
Extras.Txt
Let me know how your computer and browser are operating
If you have any questions or problems, let me know that as well
djembe's Avatar
Junior Member with 20 posts.
  
Join Date: Jan 2001
30-Jan-2012, 07:09 AM #8
OK I have run those programs and my browser seems to be operating properly now. I guess I won't know for sure until I've re-booted a couple of times.

Here are the logs:

ComboFix 12-01-30.01 - Owner 30/01/2012 21:39:25.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2698 [GMT 11:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Firewall Booster *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\msvcsv60.dll
c:\windows\system32\SET130.tmp
c:\windows\system32\SET13C.tmp
c:\windows\system32\SET149.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-25 22:50 . 2012-01-25 22:50 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-24 21:46 . 2012-01-25 04:11 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-01-24 21:46 . 2012-01-24 21:46 -------- d-----w- c:\program files\Hitman Pro 3.5
2012-01-24 21:45 . 2012-01-24 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2012-01-23 23:31 . 2012-01-23 23:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-01-23 23:31 . 2012-01-23 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-23 23:31 . 2012-01-23 23:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-23 23:31 . 2011-12-10 04:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-23 05:03 . 2012-01-23 05:04 -------- dc-h--w- c:\windows\ie8
2012-01-21 22:28 . 2012-01-21 22:28 122880 --sha-r- c:\windows\system32\winstau.dll
2012-01-09 02:55 . 2012-01-09 02:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Macroplant
2012-01-04 00:53 . 2012-01-04 00:53 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-04 00:53 . 2012-01-04 00:53 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-04 00:53 . 2012-01-04 00:53 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-04 00:53 . 2012-01-04 00:53 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2006-03-15 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-03-15 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2006-03-15 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-17 22:38 . 2011-08-13 09:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-16 14:21 . 2006-03-15 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2006-03-15 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2006-03-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-03-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-03-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-03-15 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2006-03-15 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2006-03-15 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2006-03-15 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2012-01-04 00:53 . 2011-05-06 12:40 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2009-06-14 182208]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288]
"MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-01-24 154112]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-8 113664]
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2008-5-2 274432]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP Solo.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CineFormActiveMetadataStatusViewer.exe]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-03-21 08:23 1953792 ------r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 01:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-06-01 02:51 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 07:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 00:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-12 20:12 729088 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-10-30 09:06 2595616 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2008-07-11 00:46 90112 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B179023B-6238-4499-8F26-CD73E9D90E0A}]
2007-07-12 00:57 179288 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [22/06/2009 10:47 AM 16384]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [5/09/2007 4:01 PM 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [28/02/2007 12:15 PM 19072]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [21/07/2008 12:13 PM 11264]
R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [1/05/2007 3:55 PM 143360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [24/01/2012 10:31 AM 652872]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [7/08/2011 10:16 AM 64080]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [27/02/2008 12:59 PM 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [24/01/2012 10:31 AM 20464]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [14/08/2011 10:57 AM 341072]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [7/08/2011 10:15 AM 188272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate1c985b0c22961c0;Google Update Service (gupdate1c985b0c22961c0);c:\program files\Google\Update\GoogleUpdate.exe [3/02/2009 2:37 PM 133104]
S3 ApogeeUSBAudio;usb-audio.de driver for Apogee USB Audio;c:\windows\system32\drivers\ApogeeM.sys [6/03/2010 7:32 PM 323040]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys --> c:\windows\system32\DRIVERS\MAudioDelta.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/02/2009 2:37 PM 133104]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2/12/2009 1:51 PM 54328]
S3 mdf16;mdf16;c:\documents and settings\Owner\Local Settings\Application Data\Temp\mdf16.sys [7/10/2011 12:54 PM 18288]
S3 mvd23;mvd23;c:\documents and settings\Owner\Local Settings\Application Data\Temp\mvd23.sys [7/10/2011 12:54 PM 90944]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [29/01/2011 5:08 PM 18432]
S3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys [6/03/2010 7:32 PM 23360]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [20/02/2008 4:36 PM 176128]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [15/03/2006 11:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v040 0.exe [18/03/2010 1:16 PM 753504]
S4 3xHybrid;WinFast DTV1000 S;c:\windows\system32\drivers\3xHybrid.sys [20/02/2008 5:18 PM 1008768]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 94245832
*NewlyCreated* - TRUESIGHT
*Deregistered* - 94245832
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 02:34]
.
2012-01-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 05:13]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 03:37]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 03:37]
.
2012-01-29 c:\windows\Tasks\jpsiat.job
- c:\windows\system32\winstau.dll [2012-01-21 22:28]
.
2012-01-30 c:\windows\Tasks\User_Feed_Synchronization-{90BA8129-2AF4-47C0-904E-083EA2CD4A22}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wbd44ij9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-30 21:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\Owner\LOCALS~1\Temp\2D8E70F.dmp 30194 bytes
c:\docume~1\Owner\LOCALS~1\Temp\ea53_appcompat.txt 26570 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.8]
@DACL=(02 0000)
@="Redemption Outlook and MAPI COM Library"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1244)
c:\windows\system32\relog_ap.dll
.
Completion time: 2012-01-30 21:45:34
ComboFix-quarantined-files.txt 2012-01-30 10:45
.
Pre-Run: 9,528,578,048 bytes free
Post-Run: 9,778,716,672 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2B15BEBE50B5CF164342BF541FAEA045


OTL logfile created on: 30/01/2012 9:53:39 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 82.17% Memory free
5.19 Gb Paging File | 4.71 Gb Available in Paging File | 90.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 2046 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 9.15 Gb Free Space | 15.61% Space Free | Partition Type: NTFS
Drive D: | 407.16 Gb Total Space | 138.84 Gb Free Space | 34.10% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 182.17 Gb Free Space | 39.11% Space Free | Partition Type: NTFS

Computer Name: OWNER-DF83B7D0D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/30 21:32:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Google.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/02/11 01:00:24 | 000,116,752 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2008/09/23 17:59:06 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/10/30 20:07:38 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/05/01 15:55:36 | 000,143,360 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/14 01:05:34 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/05/16 15:01:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
MOD - [2003/05/15 14:43:24 | 000,119,808 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/16 16:26:04 | 000,188,272 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/09/23 17:59:06 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/02/21 21:32:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/10/30 20:07:38 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/05/01 15:55:36 | 000,143,360 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe -- (MacDriveService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/14 01:05:34 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2006/11/13 22:59:52 | 000,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/07 12:54:21 | 000,090,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp\mvd23.sys -- (mvd23)
DRV - [2011/10/07 12:54:20 | 000,018,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp\mdf16.sys -- (mdf16)
DRV - [2011/08/07 10:06:29 | 000,341,072 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2011/08/07 10:06:29 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/08/07 10:06:29 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2011/08/07 10:06:29 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/08/07 10:06:29 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/04/19 21:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/12/02 13:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\tpkd.sys -- (TPkd)
DRV - [2009/12/02 13:51:08 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2009/10/07 19:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 19:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2009/10/07 19:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/21 02:08:00 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2009/08/21 02:08:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/05/04 14:06:38 | 001,008,768 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2008/11/06 13:54:58 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/11/06 13:54:58 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/11/06 13:54:50 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/11/06 13:54:48 | 000,368,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/04/14 05:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/10/12 13:00:43 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 12:59:12 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/09/05 16:01:10 | 000,277,888 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2007/03/24 14:20:24 | 000,046,208 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/02/28 12:15:08 | 000,019,072 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MDPMGRNT.sys -- (MDPMGRNT)
DRV - [2007/01/25 11:12:22 | 000,302,336 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\delta.sys -- (DELTA) Service for Delta Driver (WDM)
DRV - [2006/11/13 22:38:24 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/07/26 08:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/06/16 18:30:16 | 000,176,128 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2006/03/17 20:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 22:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2004/08/13 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/07 14:29:02 | 000,323,040 | ---- | M] (Apogee) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ApogeeM.sys -- (ApogeeUSBAudio)
DRV - [2004/07/07 14:27:54 | 000,023,360 | ---- | M] (usb-audio.de) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pgusbmm3.sys -- (pgusbmme)
DRV - [2002/04/17 21:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)
DRV - [2001/08/17 13:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2011/10/18 18:34:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/04 11:53:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/07 14:07:56 | 000,000,000 | ---D | M]

[2008/06/21 21:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/01/06 11:13:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wbd44ij9.default\extensions
[2012/01/29 09:44:51 | 000,001,555 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wbd44ij9.default\searchplugins\gearslutz-forum.xml
[2012/01/04 11:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/04 11:53:41 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/03 16:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/05/06 23:41:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/06 23:41:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/06 23:41:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/06/19 18:53:24 | 000,000,912 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conduit.xml
[2011/05/06 23:41:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/06 23:41:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googlerigi nalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:ins tantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/30 21:43:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [MDGetStarted.exe] C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1213322585265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13C030B6-97F5-4EDE-85A8-FA069DB88048}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\My Pictures\BITMAP2 FRACTALS\kljhghg.bmp
O24 - Desktop BackupWallPaper: D:\My Pictures\BITMAP2 FRACTALS\kljhghg.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/20 15:36:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CFHD - C:\WINDOWS\System32\CFHD.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 21:47:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/30 21:37:58 | 000,000,000 | R--D | C] -- D:\cmdcons
[2012/01/30 21:36:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/30 21:36:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/30 21:36:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/30 21:36:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/30 21:36:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/30 21:36:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/30 21:36:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/30 21:32:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Google.exe
[2012/01/30 21:31:30 | 004,394,165 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/01/30 13:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Travel Insurance
[2012/01/28 23:19:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/01/26 09:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2012/01/25 08:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2012/01/25 08:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/01/24 10:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/01/24 10:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/24 10:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/24 10:31:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/24 10:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/23 16:03:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/01/19 15:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\From Moh Kouyate
[2012/01/09 13:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Macroplant
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/30 21:56:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/30 21:45:35 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\jpsiat.job
[2012/01/30 21:43:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/30 21:38:02 | 000,000,327 | RHS- | M] () -- D:\boot.ini
[2012/01/30 21:32:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Google.exe
[2012/01/30 21:32:03 | 004,394,165 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/01/30 19:22:55 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{90BA8129-2AF4-47C0-904E-083EA2CD4A22}.job
[2012/01/30 18:56:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/30 10:57:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/30 08:28:23 | 000,176,278 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/30 08:28:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 08:28:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/30 08:28:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/01/30 08:28:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/01/29 10:07:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/28 20:39:15 | 000,000,208 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2012/01/28 20:39:15 | 000,000,208 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2012/01/28 19:52:44 | 000,129,869 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\P799.pdf
[2012/01/26 09:46:50 | 000,269,988 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2012/01/26 09:46:49 | 000,234,712 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2012/01/26 09:39:29 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2012/01/25 15:47:09 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\word.lnk
[2012/01/25 15:11:39 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/01/24 14:25:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\ipconfig
[2012/01/24 10:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/22 09:28:48 | 000,122,880 | RHS- | M] () -- C:\WINDOWS\System32\winstau.dll
[2012/01/22 09:15:38 | 000,006,604 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/19 09:29:42 | 000,098,547 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ABC 2012-schedule.pdf
[2012/01/17 11:50:20 | 000,118,522 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\white_oil.pdf
[2012/01/13 13:21:26 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/01/12 18:36:55 | 000,538,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/12 18:36:55 | 000,100,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/06 19:56:50 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/04 12:12:32 | 000,246,954 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KSM353 Upgrade.pdf
[2012/01/03 22:11:30 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\chrome.exe.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/30 21:38:02 | 000,000,210 | ---- | C] () -- D:\Boot.bak
[2012/01/30 21:38:00 | 000,260,272 | RHS- | C] () -- D:\cmldr
[2012/01/30 21:36:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/30 21:36:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/30 21:36:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/30 21:36:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/30 21:36:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/28 19:52:43 | 000,129,869 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\P799.pdf
[2012/01/25 08:46:12 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/01/24 14:15:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\ipconfig
[2012/01/23 20:14:36 | 000,269,988 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2012/01/23 20:14:31 | 000,234,712 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2012/01/23 20:04:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2012/01/22 09:28:49 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\jpsiat.job
[2012/01/22 09:28:48 | 000,122,880 | RHS- | C] () -- C:\WINDOWS\System32\winstau.dll
[2012/01/19 09:29:42 | 000,098,547 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ABC 2012-schedule.pdf
[2012/01/17 11:50:20 | 000,118,522 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\white_oil.pdf
[2012/01/04 12:12:40 | 000,246,954 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KSM353 Upgrade.pdf
[2012/01/03 22:11:30 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\chrome.exe.lnk
[2011/04/16 14:00:21 | 000,038,435 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
[2010/10/04 09:11:14 | 000,043,088 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/03 16:48:57 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010/05/21 15:16:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\Algouinstall.exe
[2010/05/17 23:40:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/07 09:22:01 | 000,006,604 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/20 13:11:25 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\setup_ldm.iss
[2009/12/18 13:36:47 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2009/12/18 13:36:47 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/12/10 09:23:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\ceme20.dll
[2009/12/10 09:23:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\ceme20.dat
[2009/12/01 10:18:35 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw68.bin
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/22 10:47:51 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/06/22 10:47:45 | 001,900,132 | ---- | C] () -- C:\WINDOWS\System32\ExpansionHD_Firmware.bin
[2009/06/22 10:47:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2009/04/06 13:16:51 | 000,000,113 | ---- | C] () -- C:\WINDOWS\Hotkey.INI
[2008/09/15 11:44:12 | 000,019,344 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/10 12:44:33 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2008/06/28 16:29:49 | 000,678,746 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/06/28 16:29:48 | 000,020,043 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/22 15:14:56 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibjy.dll
[2008/05/22 15:14:56 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibgs.dll
[2008/05/22 15:14:56 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibtth.dll
[2008/05/22 15:14:56 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibqqe.dll
[2008/05/22 15:14:55 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibsd.dll
[2008/05/22 15:14:55 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibff.dll
[2008/05/22 15:14:55 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibeh.dll
[2008/05/15 14:00:17 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/01 14:03:08 | 000,000,208 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2008/02/27 12:59:21 | 000,510,976 | ---- | C] () -- C:\WINDOWS\System32\synsoacc.dll
[2008/02/27 12:59:21 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2008/02/25 20:53:00 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\IWUninstall.exe
[2008/02/25 16:30:16 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/24 22:21:30 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/21 23:21:07 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2008/02/21 23:18:44 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/02/21 22:36:27 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/21 22:34:20 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/21 20:48:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/21 20:11:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/02/21 13:46:45 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/02/21 13:26:52 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/02/21 02:15:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/21 02:12:34 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/20 17:26:29 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\Dvbpws.dll
[2008/02/20 17:19:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/02/20 15:57:33 | 000,019,733 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/02/20 15:57:23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/02/20 15:57:09 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/02/20 15:37:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/02/20 15:33:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/14 17:15:42 | 001,581,056 | ---- | C] () -- C:\WINDOWS\System32\QtCore4.dll
[2007/05/25 08:05:18 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\QtNetwork4.dll
[2007/05/25 08:04:00 | 006,365,184 | ---- | C] () -- C:\WINDOWS\System32\QtGui4.dll
[2007/04/19 16:26:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/19 16:26:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/04/19 16:26:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/19 16:26:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/04/19 16:26:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/19 16:26:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/04/19 16:26:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/19 16:26:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/04/19 16:26:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/04/19 16:26:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/15 23:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/15 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/15 23:00:00 | 000,538,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/15 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/15 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/15 23:00:00 | 000,100,666 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/15 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/15 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/15 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/15 23:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/15 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/15 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/11/06 14:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/09/09 09:53:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/01/05 11:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\East West
[2010/06/03 16:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2012/01/25 08:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/12/18 13:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2008/05/31 10:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mediafour
[2009/06/05 15:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/01/05 11:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/02/25 20:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/12/28 12:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2008/02/21 23:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/06/10 15:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SnapStream
[2008/02/21 23:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/02/21 23:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/06/03 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2010/06/03 16:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2008/07/28 23:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2010/06/03 15:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VST3 Presets
[2010/09/24 13:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/21 23:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/18 10:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/06 14:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis
[2009/01/25 14:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Antares
[2008/04/01 14:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Applied Acoustics Systems
[2012/01/13 13:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2011/04/08 22:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ChaosPro
[2011/04/08 22:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ChaosPro 4.0
[2009/07/24 12:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Digidesign
[2012/01/30 08:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2009/12/01 10:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2010/11/30 18:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EVENT StudioEQ
[2010/08/19 23:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\fltk.org
[2010/11/13 17:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\foobar2000
[2011/06/24 15:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HandBrake
[2008/05/02 13:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Launchy
[2008/02/21 13:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/12/20 16:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LG Electronics
[2009/12/20 16:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LGSync
[2009/06/17 16:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2012/01/30 08:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\nView_Wallpaper
[2010/01/05 11:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy
[2010/03/31 00:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pamela
[2008/12/28 12:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Propellerhead Software
[2009/06/20 13:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2009/05/29 00:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Recordpad
[2008/02/21 23:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2008/09/26 10:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SharePod
[2008/04/02 15:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2009/01/29 16:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
[2010/06/03 15:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Steinberg
[2008/08/07 20:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2008/09/11 01:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/04/06 13:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uniden.com.au
[2010/06/03 16:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VST3 Presets
[2008/04/01 13:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Waves Audio
[2008/04/01 13:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Waves Preferences
[2011/08/05 22:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2011/08/06 16:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2010/02/25 14:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YouSendIt
[2012/01/30 21:45:35 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\jpsiat.job
[2012/01/30 19:22:55 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{90BA8129-2AF4-47C0-904E-083EA2CD4A22}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1365 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:7PfwpAVsefrU7YUTUQtW
@Alternate Data Stream - 1348 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:sVKgJVTuQMIAKaLwWG6iQ3XlgTm
@Alternate Data Stream - 1341 bytes -> C:\Program Files\WindowsUpdate:igYB6rywo8WuDbO0LvRVkp7wsJ35
@Alternate Data Stream - 1275 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:6ggwIQXHJnhpv1N2Wjh
@Alternate Data Stream - 1264 bytes -> C:\Program Files\Common Files\Microsoft Shared:jAXdgYefrnF53z1vpPTwWR
@Alternate Data Stream - 1204 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:eYK33GkfnQ2McGEsP6R7LI
@Alternate Data Stream - 1167 bytes -> C:\Program Files\Outlook Express:ulSRSJymL4eM2WdIv9PCn

< End of report >


OTL Extras logfile created on: 30/01/2012 9:53:39 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 82.17% Memory free
5.19 Gb Paging File | 4.71 Gb Available in Paging File | 90.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 2046 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 9.15 Gb Free Space | 15.61% Space Free | Partition Type: NTFS
Drive D: | 407.16 Gb Total Space | 138.84 Gb Free Space | 34.10% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 182.17 Gb Free Space | 39.11% Space Free | Partition Type: NTFS

Computer Name: OWNER-DF83B7D0D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BD5A42-8283-4C1E-83A7-C95258BE68C5}" = LG_MobileSync
"{070C4AA9-049D-495E-90B4-A372D7D31D50}" = EWQL Orchestra Free Edition
"{09AD2A89-E21F-4179-891E-0AA797693D5A}" = EWQL Orchestra Free Content Part 2
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}" = LG_MobileSync
"{1095069C-ABE2-4041-8139-48DED17CD142}" = WinFast DTV1000 S Driver
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{13E92303-C1AC-4012-9E22-54EACBF54888}" = MCCI(r)Firmware Update Driver for MTK
"{20DFF861-31EE-41F6-98D5-0A992AE7D116}" = YouSendIt Plug-in for Outlook
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 29
"{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}" = WinFast Codec-TS SDK
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{30E0C53A-E54C-4B27-B083-4644DC8B9AFD}" = EVENT Electronics StudioEQ
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}" = WinFast Multimedia Driver Installation
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5369142A-CE72-4516-AF3D-36925016D32F}" = Digidesign Pro Tools Documentation 7.3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BACA8C1-909F-4AA4-90EB-6CAE5241FA96}" = MacDrive 7
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{648C1BFD-6A70-46D8-B855-F84D95C2DC34}" = CSR
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}" = Sony Sound Forge 8.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}" = Free Bomb Factory Plug-Ins 7.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8B3F4499-32E6-470D-8586-E6C03420F889}" = ASUS WiFi-AP Solo
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A0E0340-C3D7-42D1-96D4-64179FD456AE}" = WinFast De-interlace SDK
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A15B3CF2-7FB7-4102-BBC9-9680B7F0825F}" = InterLok Driver Kit
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA721D14-CFE2-410E-B975-79FE5F82F99F}" = MSVCMergeModules
"{AB6780A6-F4C6-4B66-B323-40E166F30156}_is1" = SampleCalc 1.5
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Internet Security
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AF9848E2-5F19-4E49-9E6E-044FBDC28404}" = WinFast TT-SB SDK
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.3
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C29B13CC-F0C5-4973-8980-2BCDC7C44E39}" = Beyond TV DVD Burning Foundation
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast PVR2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF1D7323-8A0A-49C7-83B0-088DB90721E2}" = AmpegSVX
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}" = Canon MP450
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D8C2C5B1-1A88-4B87-9116-59D082B1CE30}" = Visual Studio 2005 Redist Package
"{DEDD0B17-69C8-487D-A1A0-7E28E1AD5605}" = EWQL Orchestra Free Content Part 3
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EC6C29B8-DEB6-47F7-AD1D-DEAE109A5801}" = Digidesign Pro Tools M-Powered 7.3.1cs7
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"Abbeyroadplugins EMI Brilliance Pack VST RTAS_is1" = Abbeyroadplugins EMI Brilliance Pack VST RTAS v1.0.6
"Abbeyroadplugins EMI TG 12413 Limiter VST RTAS_is1" = Abbeyroadplugins EMI TG 12413 Limiter VST RTAS v2.0.1
"Abbeyroadplugins EMI TG Mastering Pack VST RTAS_is1" = Abbeyroadplugins EMI TG Mastering Pack VST RTAS v1.0.2
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"Applied Acoustics Lounge Lizard EP VSTi DXi v3.0" = Applied Acoustics Lounge Lizard EP VSTi DXi v3.0
"ASAPI Update" = ASAPI Update
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"Celemony Melodyne 2.1.0.5" = Celemony Melodyne 2.1.0.5
"CFHDCodec" = CineForm HD VFW Codec
"ChaosPro 4.0" = ChaosPro
"CineForm NEO Player" = CineForm NEO Player 4.2
"CoreAAC" = CoreAAC
"CSCLIB" = Canon Camera Support Core Library
"Defraggler" = Defraggler
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"eLicenser Control" = eLicenser Control
"EPSON Scanner" = EPSON Scan
"ExpressBurn" = Express Burn
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v0.9.6.1
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HandBrake" = HandBrake 0.9.5
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20DFF861-31EE-41F6-98D5-0A992AE7D116}" = YouSendIt Plug-in for Outlook
"IPP Run-Time 5.3" = IPP Run-Time 5.3
"Launchy_21344213_is1" = Launchy 2.0
"Lava Lamp 3.2.0.1" = Lava Lamp 3.2.0.1
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Native Instruments B4 v2.0.0.7" = Native Instruments B4 v2.0.0.7
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 2.0.2" = N.I. Guitar Rig v2.0.2
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pamela" = Pamela Basic 4.6
"Prism" = Prism Video Converter
"PSP PianoVerb1.0" = PSP PianoVerb 1.0
"PSP VintageMeter1.0" = PSP VintageMeter 1.0
"PSP VintageWarmer2 2.1.4" = PSP VintageWarmer2 2.1.4
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"Reason4_is1" = Reason 4.0
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Rob Papen Albino 3" = Rob Papen Albino 3
"Rob Papen BLUE Version 1.6.3b_is1" = Rob Papen BLUE Version 1.6.3b
"Sibelius v3.0" = Sibelius v3.0
"Sonalksis Plug-Ins for Windows_is1" = Sonalksis Plug-Ins for Windows 2.02
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"Sonnox Oxford Limiter Native VST_is1" = Sonnox Oxford Limiter Native VST v1.1.1
"Sonnox Oxford R3 Dynamics Native VST_is1" = Sonnox Oxford R3 Dynamics Native VST v1.3.1
"Sonnox Oxford R3 EQ Native VST_is1" = Sonnox Oxford R3 EQ Native VST v1.6.1
"Sonnox Oxford Reverb Native VST_is1" = Sonnox Oxford Reverb Native VST v1.0
"Sonnox Oxford TransMod PowerCore VST_is1" = Sonnox Oxford TransMod PowerCore VST v1.3.1
"Steinberg Hypersonic v1.0" = Steinberg Hypersonic v1.0
"Steinberg WaveLab 5.00a" = Steinberg WaveLab 5.00a
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"SystemRequirementsLab" = System Requirements Lab
"Tweak UI 2.10" = Tweak UI
"Uniden Trax Central" = Uniden Trax Central
"URS Classic Console Strip Pro VST RTAS_is1" = URS Classic Console Strip Pro VST RTAS v1.0
"USB_AUDIO_DEusb-audio.deApogee" = Apogee USB ASIO driver
"WaveLabPro" = WaveLab 6
"Waves API Collection" = Waves API Collection
"Waves Mercury Bundle" = Waves Mercury Bundle
"Waves SSL Collection v1.2" = Waves SSL Collection v1.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WhiteCap" = WhiteCap
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WinZip Self-Extractor" = WinZip Self-Extractor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XenoDream v2.4_is1" = XenoDream 2.401 TRIAL
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/01/2012 6:55:59 PM | Computer Name = OWNER-DF83B7D0D | Source = Application Error | ID = 1000
Description = Faulting application mbamgui.exe, version 1.60.0.8, faulting module
unknown, version 0.0.0.0, fault address 0x011880d0.

Error - 25/01/2012 6:56:28 PM | Computer Name = OWNER-DF83B7D0D | Source = Application Error | ID = 1000
Description = Faulting application acrotray.exe, version 8.3.1.289, faulting module
unknown, version 0.0.0.0, fault address 0x01328a90.

Error - 25/01/2012 6:56:49 PM | Computer Name = OWNER-DF83B7D0D | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 30/01/2012 6:42:50 AM | Computer Name = OWNER-DF83B7D0D | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 30/01/2012 6:42:50 AM | Computer Name = OWNER-DF83B7D0D | Source = Microsoft IntelliType Pro | ID = 1000
Description =

Error - 30/01/2012 6:43:34 AM | Computer Name = OWNER-DF83B7D0D | Source = Application Error | ID = 1000
Description = Faulting application notepad.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x10078a90.

Error - 30/01/2012 6:43:51 AM | Computer Name = OWNER-DF83B7D0D | Source = Application Error | ID = 1000
Description = Faulting application cledx.exe, version 0.3.1412.777, faulting module
unknown, version 0.0.0.0, fault address 0x10078a90.

Error - 30/01/2012 6:43:51 AM | Computer Name = OWNER-DF83B7D0D | Source = Application Error | ID = 1000
Description = Faulting application macdrive.exe, version 7.0.8.0, faulting module
unknown, version 0.0.0.0, fault address 0x00de8a90.

Error - 30/01/2012 6:43:56 AM | Computer Name = OWNER-DF83B7D0D | Source = Application Error | ID = 1000
Description = Faulting application smax4pnp.exe, version 6.0.6000.81, faulting module
unknown, version 0.0.0.0, fault address 0x01268a90.

Error - 30/01/2012 6:44:32 AM | Computer Name = OWNER-DF83B7D0D | Source = Application Error | ID = 1000
Description = Faulting application acrotray.exe, version 8.3.1.289, faulting module
unknown, version 0.0.0.0, fault address 0x02398a90.

[ System Events ]
Error - 23/01/2012 4:53:09 AM | Computer Name = OWNER-DF83B7D0D | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\MRT.exe.
Reference
error message: The operation completed successfully. .

Error - 23/01/2012 6:22:33 PM | Computer Name = OWNER-DF83B7D0D | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 001E8C70FB41 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 24/01/2012 4:49:36 PM | Computer Name = OWNER-DF83B7D0D | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 001E8C70FB41 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 25/01/2012 6:03:24 PM | Computer Name = OWNER-DF83B7D0D | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 001E8C70FB41 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 26/01/2012 6:10:29 PM | Computer Name = OWNER-DF83B7D0D | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 001E8C70FB41 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 26/01/2012 10:22:55 PM | Computer Name = OWNER-DF83B7D0D | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort3, did not respond within the timeout
period.

Error - 27/01/2012 5:25:30 PM | Computer Name = OWNER-DF83B7D0D | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 001E8C70FB41 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 28/01/2012 6:38:20 PM | Computer Name = OWNER-DF83B7D0D | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 001E8C70FB41 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 29/01/2012 5:28:19 PM | Computer Name = OWNER-DF83B7D0D | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 001E8C70FB41 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 30/01/2012 6:36:11 AM | Computer Name = OWNER-DF83B7D0D | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
djembe's Avatar
Junior Member with 20 posts.
  
Join Date: Jan 2001
30-Jan-2012, 07:29 AM #9
I re-booted and my display settings were all over the place, but I have re-set them now.
Searching Google in Firefox and IE seems to be OK for now, but Chrome is still being hijacked.
drbear's Avatar
Malware Removal Specialist with 16 posts.
  
Join Date: Jan 2012
30-Jan-2012, 08:02 AM #10
Hi djembe

Making some progress but not done yet.

1. Double click on the OTL icon to run it (Vista and Windows 7 users right click and select Run as Administrator). Make sure all other windows are closed and to let it run uninterrupted.

2. In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check". On the upper right be sure Use Company-Name WhiteList and Skip Microsoft Files are checked. Copy the code in the code box below and paste it into the Custom Scan box .

Code:
:OTL
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
[2008/06/19 18:53:24 | 000,000,912 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conduit.xml
O24 - Desktop WallPaper: D:\My Pictures\BITMAP2 FRACTALS\kljhghg.bmp
O24 - Desktop BackupWallPaper: D:\My Pictures\BITMAP2 FRACTALS\kljhghg.bmp
@Alternate Data Stream - 1365 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:7PfwpAVsefrU7YUTUQtW
@Alternate Data Stream - 1348 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:sVKgJVTuQMIAKaLwWG6iQ3XlgTm
@Alternate Data Stream - 1341 bytes -> C:\Program Files\WindowsUpdate:igYB6rywo8WuDbO0LvRVkp7wsJ35
@Alternate Data Stream - 1275 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:6ggwIQXHJnhpv1N2Wjh
@Alternate Data Stream - 1264 bytes -> C:\Program Files\Common Files\Microsoft Shared:jAXdgYefrnF53z1vpPTwWR
@Alternate Data Stream - 1204 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:eYK33GkfnQ2McGEsP6R7LI
@Alternate Data Stream - 1167 bytes -> C:\Program Files\Outlook Express:ulSRSJymL4eM2WdIv9PCn
 
:FILES
 
:Commands
[RESETHOSTS]
[REBOOT]
3. Click on the Run Fix button. The fix log is saved on your C: drive under OTL\Moved Files as date-some number.log. Reboot you PC.

4. Now click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long. When the scan completes, it will open one notepad window: OTL.Txt. This is saved in the same location as OTL.


As always please be sure Word Wrap is disabled in Notepad. Also be sure to check that the data you posted was not cut off by the sites posting size limits.

Now please post the following to me as a reply to this post:
OTL Fix log
OTL.Txt
Let me know how your computer and browser are operating
If you have any questions or problems, let me know that as well
djembe's Avatar
Junior Member with 20 posts.
  
Join Date: Jan 2001
30-Jan-2012, 08:52 AM #11
Here are the logs:

========== OTL ==========
Prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q= removed from refs.js
C:\Program Files\Mozilla Firefox\searchplugins\conduit.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\WallPaper deleted successfully.
D:\My Pictures\BITMAP2 FRACTALS\kljhghg.bmp moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\BackupWallPaper deleted successfully.
File D:\My Pictures\BITMAP2 FRACTALS\kljhghg.bmp not found.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:7PfwpAVsefrU7YUTUQtW deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:sVKgJVTuQMIAKaLwWG6iQ3XlgTm deleted successfully.
ADS C:\Program Files\WindowsUpdate:igYB6rywo8WuDbO0LvRVkp7wsJ35 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:6ggwIQXHJnhpv1N2Wjh deleted successfully.
ADS C:\Program Files\Common Files\Microsoft Shared:jAXdgYefrnF53z1vpPTwWR deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:eYK33GkfnQ2McGEsP6R7LI deleted successfully.
ADS C:\Program Files\Outlook Express:ulSRSJymL4eM2WdIv9PCn deleted successfully.
========== FILES ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01302012_232736




OTL logfile created on: 30/01/2012 11:33:52 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 75.69% Memory free
5.19 Gb Paging File | 4.47 Gb Available in Paging File | 86.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 2046 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 9.09 Gb Free Space | 15.51% Space Free | Partition Type: NTFS
Drive D: | 407.16 Gb Total Space | 138.85 Gb Free Space | 34.10% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 182.17 Gb Free Space | 39.11% Space Free | Partition Type: NTFS

Computer Name: OWNER-DF83B7D0D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/30 21:32:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Google.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/30 14:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/08/07 10:06:23 | 000,138,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2011/05/26 07:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/02/16 16:26:04 | 000,188,272 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2011/02/11 01:00:24 | 000,116,752 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2011/02/11 00:57:40 | 001,035,512 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/09/23 17:59:06 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 21:32:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/12/18 14:43:34 | 000,274,432 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/10/30 20:07:38 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/07/12 11:57:08 | 000,179,288 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
PRC - [2007/05/01 15:55:36 | 000,143,360 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/25 10:54:02 | 000,154,112 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
PRC - [2006/11/14 01:05:34 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2005/10/23 01:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/07 10:06:32 | 000,174,432 | ---- | M] () -- C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
MOD - [2011/08/07 10:06:27 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll
MOD - [2011/08/07 10:06:25 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
MOD - [2011/08/07 10:06:23 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
MOD - [2011/08/07 10:06:23 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
MOD - [2008/05/16 15:01:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/05/16 15:01:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/12/18 14:43:34 | 000,274,432 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
MOD - [2007/12/18 14:43:12 | 000,090,112 | ---- | M] () -- C:\Program Files\Launchy\plugins\weby.dll
MOD - [2007/12/18 14:43:12 | 000,057,344 | ---- | M] () -- C:\Program Files\Launchy\plugins\calcy.dll
MOD - [2007/12/18 14:43:04 | 000,069,632 | ---- | M] () -- C:\Program Files\Launchy\plugins\runner.dll
MOD - [2007/12/14 14:23:36 | 000,348,160 | ---- | M] () -- C:\Program Files\Launchy\QtNetwork4.dll
MOD - [2007/12/14 14:23:04 | 006,270,976 | ---- | M] () -- C:\Program Files\Launchy\QtGui4.dll
MOD - [2007/12/14 14:13:56 | 001,523,712 | ---- | M] () -- C:\Program Files\Launchy\QtCore4.dll
MOD - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/16 16:26:04 | 000,188,272 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/09/23 17:59:06 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/02/21 21:32:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/10/30 20:07:38 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/05/01 15:55:36 | 000,143,360 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe -- (MacDriveService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/14 01:05:34 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2006/11/13 22:59:52 | 000,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/07 12:54:21 | 000,090,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp\mvd23.sys -- (mvd23)
DRV - [2011/10/07 12:54:20 | 000,018,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp\mdf16.sys -- (mdf16)
DRV - [2011/08/07 10:06:29 | 000,341,072 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2011/08/07 10:06:29 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/08/07 10:06:29 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2011/08/07 10:06:29 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/08/07 10:06:29 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/04/19 21:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/12/02 13:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\tpkd.sys -- (TPkd)
DRV - [2009/12/02 13:51:08 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2009/10/07 19:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 19:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2009/10/07 19:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/21 02:08:00 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2009/08/21 02:08:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/05/04 14:06:38 | 001,008,768 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2008/11/06 13:54:58 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/11/06 13:54:58 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/11/06 13:54:50 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/11/06 13:54:48 | 000,368,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/04/14 05:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/10/12 13:00:43 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 12:59:12 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/09/05 16:01:10 | 000,277,888 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2007/03/24 14:20:24 | 000,046,208 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/02/28 12:15:08 | 000,019,072 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MDPMGRNT.sys -- (MDPMGRNT)
DRV - [2007/01/25 11:12:22 | 000,302,336 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\delta.sys -- (DELTA) Service for Delta Driver (WDM)
DRV - [2006/11/13 22:38:24 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/07/26 08:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/06/16 18:30:16 | 000,176,128 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2006/03/17 20:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 22:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2004/08/13 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/07 14:29:02 | 000,323,040 | ---- | M] (Apogee) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ApogeeM.sys -- (ApogeeUSBAudio)
DRV - [2004/07/07 14:27:54 | 000,023,360 | ---- | M] (usb-audio.de) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pgusbmm3.sys -- (pgusbmme)
DRV - [2002/04/17 21:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)
DRV - [2001/08/17 13:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2011/10/18 18:34:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/04 11:53:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/07 14:07:56 | 000,000,000 | ---D | M]

[2008/06/21 21:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/01/06 11:13:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wbd44ij9.default\extensions
[2012/01/29 09:44:51 | 000,001,555 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wbd44ij9.default\searchplugins\gearslutz-forum.xml
[2012/01/04 11:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/04 11:53:41 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/03 16:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/05/06 23:41:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/06 23:41:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/06 23:41:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/06 23:41:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/06 23:41:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googlerigi nalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:ins tantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/30 23:27:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [MDGetStarted.exe] C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1213322585265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13C030B6-97F5-4EDE-85A8-FA069DB88048}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/20 15:36:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 23:27:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/30 21:47:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/30 21:37:58 | 000,000,000 | R--D | C] -- D:\cmdcons
[2012/01/30 21:36:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/30 21:36:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/30 21:36:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/30 21:36:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/30 21:36:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/30 21:36:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/30 21:36:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/30 21:32:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Google.exe
[2012/01/30 21:31:30 | 004,394,165 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/01/30 13:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Travel Insurance
[2012/01/28 23:19:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/01/26 09:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2012/01/25 08:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2012/01/25 08:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/01/24 10:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/01/24 10:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/24 10:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/24 10:31:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/24 10:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/23 16:03:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/01/19 15:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\From Moh Kouyate
[2012/01/09 13:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Macroplant
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/30 23:29:11 | 000,176,278 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/30 23:29:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 23:29:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/30 23:29:07 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\jpsiat.job
[2012/01/30 23:29:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/30 23:29:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/01/30 23:29:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/01/30 23:27:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/30 22:56:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/30 22:01:09 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{90BA8129-2AF4-47C0-904E-083EA2CD4A22}.job
[2012/01/30 21:38:02 | 000,000,327 | RHS- | M] () -- D:\boot.ini
[2012/01/30 21:32:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Google.exe
[2012/01/30 21:32:03 | 004,394,165 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/01/30 10:57:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/29 10:07:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/28 20:39:15 | 000,000,208 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2012/01/28 20:39:15 | 000,000,208 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2012/01/28 19:52:44 | 000,129,869 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\P799.pdf
[2012/01/26 09:46:50 | 000,269,988 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2012/01/26 09:46:49 | 000,234,712 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2012/01/26 09:39:29 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2012/01/25 15:47:09 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\word.lnk
[2012/01/25 15:11:39 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/01/24 14:25:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\ipconfig
[2012/01/24 10:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/22 09:28:48 | 000,122,880 | RHS- | M] () -- C:\WINDOWS\System32\winstau.dll
[2012/01/22 09:15:38 | 000,006,604 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/19 09:29:42 | 000,098,547 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ABC 2012-schedule.pdf
[2012/01/17 11:50:20 | 000,118,522 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\white_oil.pdf
[2012/01/13 13:21:26 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/01/12 18:36:55 | 000,538,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/12 18:36:55 | 000,100,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/06 19:56:50 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/04 12:12:32 | 000,246,954 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KSM353 Upgrade.pdf
[2012/01/03 22:11:30 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\chrome.exe.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/30 21:38:02 | 000,000,210 | ---- | C] () -- D:\Boot.bak
[2012/01/30 21:38:00 | 000,260,272 | RHS- | C] () -- D:\cmldr
[2012/01/30 21:36:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/30 21:36:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/30 21:36:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/30 21:36:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/30 21:36:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/28 19:52:43 | 000,129,869 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\P799.pdf
[2012/01/25 08:46:12 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/01/24 14:15:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\ipconfig
[2012/01/23 20:14:36 | 000,269,988 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2012/01/23 20:14:31 | 000,234,712 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2012/01/23 20:04:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2012/01/22 09:28:49 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\jpsiat.job
[2012/01/22 09:28:48 | 000,122,880 | RHS- | C] () -- C:\WINDOWS\System32\winstau.dll
[2012/01/19 09:29:42 | 000,098,547 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ABC 2012-schedule.pdf
[2012/01/17 11:50:20 | 000,118,522 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\white_oil.pdf
[2012/01/04 12:12:40 | 000,246,954 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KSM353 Upgrade.pdf
[2012/01/03 22:11:30 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\chrome.exe.lnk
[2011/04/16 14:00:21 | 000,038,435 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
[2010/10/04 09:11:14 | 000,043,088 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/03 16:48:57 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010/05/21 15:16:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\Algouinstall.exe
[2010/05/17 23:40:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/07 09:22:01 | 000,006,604 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/20 13:11:25 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\setup_ldm.iss
[2009/12/18 13:36:47 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2009/12/18 13:36:47 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/12/10 09:23:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\ceme20.dll
[2009/12/10 09:23:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\ceme20.dat
[2009/12/01 10:18:35 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw68.bin
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/22 10:47:51 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/06/22 10:47:45 | 001,900,132 | ---- | C] () -- C:\WINDOWS\System32\ExpansionHD_Firmware.bin
[2009/06/22 10:47:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2009/04/06 13:16:51 | 000,000,113 | ---- | C] () -- C:\WINDOWS\Hotkey.INI
[2008/09/15 11:44:12 | 000,019,344 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/10 12:44:33 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2008/06/28 16:29:49 | 000,678,746 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/06/28 16:29:48 | 000,020,043 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/22 15:14:56 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibjy.dll
[2008/05/22 15:14:56 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibgs.dll
[2008/05/22 15:14:56 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibtth.dll
[2008/05/22 15:14:56 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibqqe.dll
[2008/05/22 15:14:55 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibsd.dll
[2008/05/22 15:14:55 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibff.dll
[2008/05/22 15:14:55 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibeh.dll
[2008/05/15 14:00:17 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/01 14:03:08 | 000,000,208 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2008/02/27 12:59:21 | 000,510,976 | ---- | C] () -- C:\WINDOWS\System32\synsoacc.dll
[2008/02/27 12:59:21 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2008/02/25 20:53:00 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\IWUninstall.exe
[2008/02/25 16:30:16 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/24 22:21:30 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/21 23:21:07 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2008/02/21 23:18:44 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/02/21 22:36:27 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/21 22:34:20 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/21 20:48:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/21 20:11:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/02/21 13:46:45 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/02/21 13:26:52 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/02/21 02:15:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/21 02:12:34 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/20 17:26:29 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\Dvbpws.dll
[2008/02/20 17:19:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/02/20 15:57:33 | 000,019,733 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/02/20 15:57:23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/02/20 15:57:09 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/02/20 15:37:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/02/20 15:33:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/14 17:15:42 | 001,581,056 | ---- | C] () -- C:\WINDOWS\System32\QtCore4.dll
[2007/05/25 08:05:18 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\QtNetwork4.dll
[2007/05/25 08:04:00 | 006,365,184 | ---- | C] () -- C:\WINDOWS\System32\QtGui4.dll
[2007/04/19 16:26:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/19 16:26:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/04/19 16:26:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/19 16:26:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/04/19 16:26:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/19 16:26:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/04/19 16:26:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/19 16:26:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/04/19 16:26:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/04/19 16:26:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/15 23:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/15 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/15 23:00:00 | 000,538,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/15 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/15 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/15 23:00:00 | 000,100,666 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/15 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/15 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/15 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/15 23:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/15 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/15 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >
drbear's Avatar
Malware Removal Specialist with 16 posts.
  
Join Date: Jan 2012
30-Jan-2012, 05:13 PM #12
Hi djembe
Let me know how your computer and browser are operating. FF and Chrome.
djembe's Avatar
Junior Member with 20 posts.
  
Join Date: Jan 2001
30-Jan-2012, 05:48 PM #13
Thank You for all your work so far.
I'm afraid all my browsers are still hijacked.
Not sure if it's relevent but ever since I installed Malwarebytes, soon after this started, I have been getting a pop-up message saying "Blocked malicious website 195.88.209.15".
drbear's Avatar
Malware Removal Specialist with 16 posts.
  
Join Date: Jan 2012
30-Jan-2012, 06:08 PM #14
Hi djembe

Yes we still have some work to do. The website that is being blocked is in Russia...Not Good. Good that it is being blocked, however.

1. Run CCleaner. Select Options / Advanced and uncheck "Only delete files in Windows Temp folder older than 48 hours" Then select the following:

In the Windows Tab:
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:
Check all in the Firefox/Mozilla section.
Check all in the Applications section.
Check Sun Java in the Internet section.
Check all in the Multimedia section.
Check any others you choose.

Click the "Run Cleaner" button. A pop up box will appear advising this process will permanently delete files from your system. Click OK. Click exit when done.


2. Disable all Anti-virus, Anti-spyware programs as instructed earlier. Do not forget to re-enable them before you reply to this post.

3. I'd like you to run ComboFix again with some changes. Open Notepad, click on Format and be sure Word Wrap is NOT checked. Then copy the text in the code box below and paste it into the Notepad window. Now name this file CFScript.txt and save it to your Desktop.

Code:
 
KILLALL::
 
ClearJavaCache::
 
RegLock::
 
File::
C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Folder::
 
Registry::
 
Driver::
 
Firefox::
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wbd44ij9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
 
 
dirlook::
 
FCopy::
 
ClearJavaCache::
 
DDS::
4. Close all open browsers.



5. Referring to the picture above, drag CFScript.txt onto the ComboFix.exe icon. ComboFix will run and produce a report. This report will be saved at C:\ComboFix.txt.
Note: Do not mouseclick combofix's window while it is running. That may cause it to stall. Reboot your computer.

6. Update MBAM and run a full system scan.

7. Download ESET Online Scanner ESET Online Scanner and save it to your desktop.

8. Double-click on esetsmartinstaller and then click Run. Click Yes on the license and then Start.

9. Be sure that ONLY the following items are checked:
Remove found threats
Scan for potentially unwanted applications
Enable Anti-Stealth technology

Click Start.

It may take some time for the virus definitions to download and the scan to finish. Do not click on the interface, download or install anything until the scan completes. When the scan completes click Finish.

10. Navigate to the following file path, C:\Program Files\ESET\ESETOnline Scanner andDouble-click on the log.txt file. Click File/Save As and name the file ESETLog.txt and save it to your desktop.


Remember to be sure Word Wrap is NOT turned on in any Notepad files you post and to be sure and check that all the data you entered was posted.

Now please post the following to me as a reply to this post:
ComboFix.txt
mbam-log-date
ESETLog.txt
Let me know how your computer and browser are operating
If you have any other questions or problems, let me know that as well
djembe's Avatar
Junior Member with 20 posts.
  
Join Date: Jan 2001
31-Jan-2012, 02:18 AM #15
I've tried 3 times to run ComboFix with that code but it doesn't work.
I let it run for 2 and a half hours and......nothing. Had to do a cold shutdown every time.
I did run CCleaner though.
Still infected.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 3 1 23

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 11:22 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.