1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win32/Olmarik.TDL4 Trojan

Discussion in 'Virus & Other Malware Removal' started by Ashfur, Nov 14, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Ashfur

    Ashfur Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    21
    Hello! I recently got a horrible virus, and any help would be greatly appreciated. Here's what's going on:

    About 3 days ago, I turned on my computer to a completely blacked out desktop. All of my icons were gone, as well as the icons in my start menu, and the folders in my start menu were empty. Also, my task manager was disabled, and when I clicked a link in Google, I was automatically redirected to a strange website. I immediately ran a virus scan with AVG 2012, and it found nothing. I then scanned with Malwarebytes and it found 5 infected files and removed them. After I restarted, my task manager was funtional again, but my desktop and start menu items were missing, and I was still being redirected to strange websites. When I looked in my processes in the task manager, I noticed that "iexplore.exe" was running..and using 90% of my CPU! I ended the process, but it keeps popping back up over and over again. I have recieved the "blue screen of death" twice. I downloaded ESET NOD32 Antivirus and ran a scan. It found "Win32/Olmarik.TDL4 Trojan, but informed me that it was "unable to clean it". I am at a loss on what else to do. Can someone PLEASE help me?

    I was able to get logs from Hijackthis and Gmer, but when I tried to run a scan with DSS, it froze my computer about 3/4 of the way through the scan. I tried it 3 times and it did the same thing.

    Here is my Hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:28:41 PM, on 14/11/11
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Johnny\My Documents\Downloads\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: 64.149.122.94 apps.facebook.com
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - (no file)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzI4MDY4MjE2LUIxLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1809"&"mid=3b8bcd46d6d247d1b34fd15f0794c4bb-bc44defee37f87ae9d79217f0b60add6b1c23470
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1104548517953
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (file missing)
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: usbdevice - Unknown owner - C:\WINDOWS\system32\launch.exe (file missing)

    --
    End of file - 5965 bytes

    Gmer log (ark.txt):

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-14 23:08:25
    Windows 5.1.2600 Service Pack 3
    Running: quxfeb5g.exe; Driver: C:\DOCUME~1\Johnny\LOCALS~1\Temp\kfdyikob.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x73 0xF6 0x3A 0xD9 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xBF 0x57 0x70 0x57 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xAB 0xDF 0xD1 0xE0 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xDC 0x82 0x8E 0x23 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xB1 0x84 0x52 0xAF ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xAB 0xEF 0xA0 0x90 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3C 0x9B 0xF0 0xAB ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xB7 0x3F 0x70 0xE1 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x2A 0x8D 0xA7 0x64 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xEC 0x11 0x24 0xC1 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0xAB 0xEF 0xA0 0x90 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3C 0x9B 0xF0 0xAB ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5C 0xEC 0xEB 0xF5 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x2A 0x8D 0xA7 0x64 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xEC 0x11 0x24 0xC1 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0x73 0xF6 0x3A 0xD9 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1

    ---- EOF - GMER 1.0.15 ----

    Thank you for anything you can do for me!
     
  2. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi Ashfur and welcome..

    I'm DFW and I am going to try and help you with your Malware problem. Please observe the following points and rules while we work:
    • The fixes are specific to your problem and should only be used for this issue on this machine!.
    • The clean up process can take time. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Refrain from running self fixes as this will hinder the malware removal process.
    • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    • Some of the Logs we ask for can take some time to Analise, so please be patient
    • This may or may not, solve other issues you have with your machine.
      Note: No Reply Within 3 Days Will Result In Your Topic Being Closed.


    Before we start:
    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer.
    However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system.
    It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.


    Going over log, be back as soon as possible..

    .
     
  3. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Before we start to clean your computer of infection we need to see if we can restore your programs

    Please download Unhide.exe and save it to your Desktop.

    • Double-click on the Unhide.exe to run it.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    • Please note that this will unhide files that are purposely hidden.

    Let me know if your programs have returned.
     
  4. Ashfur

    Ashfur Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    21
    I ran it twice, once with my antivirus running, and once without it. Am I supposed to restart my computer for the files to appear?

    I think some of them returned, but there are still some of them missing.

    Edit-----

    I restarted and most of my files in the start menu are still missing.
     
  5. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi Ashfur

    We try again once we have removed the infection, it is most important that you do not
    run any temp file cleaners until then or we will not be able the items back, let me
    know if you have run any temp file cleaner so far.




    Please download OTL by Old Timer and save it to your Desktop.
    • Double click on OTL.exe to run it.
    • Under Output, ensure that Standard Output is selected.
    • Under Extra Registry section, select Use SafeList.
    • Click the Scan All Users checkbox.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please post the contents of these 2 Notepad files in your next reply.



    Download TDSSKiller.zip and extract it to your Desktop.
    • Double click on TDSSKiller.exe to launch it.
    • Click on Start Scan
    • The scan will run.
    • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
    • Post the contents in your next reply please.
    • DO NOT TRY TO FIX ANYTHING AT THIS POINT



    Please post back with


    Tdsskiller Log
    Both OTL Logs
     
  6. Ashfur

    Ashfur Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    21
    Logs from Old Timer:

    Extras.txt:

    OTL Extras logfile created on: 16/11/11 11:27:47 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Johnny\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yy

    500.71 Mb Total Physical Memory | 79.59 Mb Available Physical Memory | 15.90% Memory free
    1.46 Gb Paging File | 0.91 Gb Available in Paging File | 62.13% Paging File free
    Paging file location(s): C:\pagefile.sys 1024 3000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 6.66 Gb Free Space | 4.47% Space Free | Partition Type: NTFS

    Computer Name: USER-2800XP | User Name: Johnny | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
    .js [@ = jsfile] -- Reg Error: Key error. File not found
    .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-21-448539723-606747145-839522115-1005\SOFTWARE\Classes\<extension>]
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    jsfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ĀµTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Pidgin\pidgin.exe" = C:\Program Files\Pidgin\pidgin.exe:*:Enabled:pidgin -- (The Pidgin developer community)
    "C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe" = C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead
    "C:\Documents and Settings\Johnny\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Johnny\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack
    "C:\Documents and Settings\Johnny\Local Settings\Temp\7zS1A.tmp\SymNRT.exe" = C:\Documents and Settings\Johnny\Local Settings\Temp\7zS1A.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
    "C:\Documents and Settings\Johnny\Local Settings\Temp\7zS2.tmp\SymNRT.exe" = C:\Documents and Settings\Johnny\Local Settings\Temp\7zS2.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CFC16D1-C831-4CEB-B27D-342E7E2D5603}" = ESET NOD32 Antivirus
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ACC9F63-CF54-46D7-9140-D40E57564EDA}_is1" = COMODO System Cleaner 1.1.64946.38(32bit)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
    "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "13860389BCE916343D6A5C65169C6F0C6BF6E3EA" = Windows Driver Package - Cypress (CyUsb) USB
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
    "EAX(tm) Unified (SHELL)" = EAX(tm) Unified (SHELL)
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.5.0
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "Pidgin" = Pidgin
    "Soldier of Fortune Platinum" = Soldier of Fortune Platinum
    "Tweak UI 2.10" = Tweak UI
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "winusb0100" = Microsoft WinUsb 1.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-448539723-606747145-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "uTorrent" = ĀµTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 14/11/11 10:41:20 PM | Computer Name = USER-2800XP | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 14/11/11 10:41:20 PM | Computer Name = USER-2800XP | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x80040206.

    Error - 14/11/11 11:22:43 PM | Computer Name = USER-2800XP | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 14/11/11 11:22:43 PM | Computer Name = USER-2800XP | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x80040206.

    Error - 14/11/11 11:37:39 PM | Computer Name = USER-2800XP | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 14/11/11 11:37:39 PM | Computer Name = USER-2800XP | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x80040206.

    Error - 15/11/11 3:27:16 PM | Computer Name = USER-2800XP | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x0159b9b6.

    Error - 15/11/11 5:51:13 PM | Computer Name = USER-2800XP | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 15/11/11 5:51:13 PM | Computer Name = USER-2800XP | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x80040206.

    Error - 16/11/11 5:18:38 AM | Computer Name = USER-2800XP | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x015939a3.


    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >

    OTL.txt:

    OTL logfile created on: 16/11/11 11:27:47 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Johnny\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yy

    500.71 Mb Total Physical Memory | 79.59 Mb Available Physical Memory | 15.90% Memory free
    1.46 Gb Paging File | 0.91 Gb Available in Paging File | 62.13% Paging File free
    Paging file location(s): C:\pagefile.sys 1024 3000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 6.66 Gb Free Space | 4.47% Space Free | Partition Type: NTFS

    Computer Name: USER-2800XP | User Name: Johnny | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/16 11:26:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johnny\My Documents\Downloads\OTL.exe
    PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/15 14:06:47 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    MOD - [2011/04/14 11:25:47 | 001,874,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (usbdevice)
    SRV - File not found [Auto | Stopped] -- -- (NMIndexingService)
    SRV - File not found [Auto | Stopped] -- -- (AVP)
    SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
    SRV - [2010/12/09 22:30:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/03/07 17:30:46 | 000,603,904 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
    SRV - [2009/03/07 17:30:42 | 000,360,192 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2008/12/11 13:31:36 | 000,027,904 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
    DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
    DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
    DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
    DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
    DRV - [2009/04/30 10:47:42 | 000,039,456 | ---- | M] (COMODO Security Solutions Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\csdf.sys -- (csdf)
    DRV - [2009/04/30 10:46:34 | 000,036,512 | ---- | M] (COMODO Security Solutions Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\crpf.sys -- (crpf)
    DRV - [2009/03/22 16:31:09 | 004,027,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2009/03/09 01:38:02 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/02/16 16:47:00 | 000,031,824 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB)
    DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2008/02/25 11:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2007/12/18 07:41:10 | 000,273,280 | R--- | M] (Belkin Corporation. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BELKIN)
    DRV - [2007/08/02 16:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
    DRV - [2007/05/01 07:29:20 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
    DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
    DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2005/09/05 10:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)
    DRV - [2005/08/16 14:50:48 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyXEL)) ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL)
    DRV - [2004/12/31 21:51:52 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2004/12/31 21:51:51 | 000,033,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2004/12/01 17:35:16 | 000,438,912 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TNET1130.sys -- (TNET1130)
    DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
    DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/07/24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
    DRV - [2002/08/14 14:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
    DRV - [2000/10/15 16:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-448539723-606747145-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-448539723-606747145-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-448539723-606747145-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 5F 64 B3 BD 82 CC 01 [binary data]
    IE - HKU\S-1-5-21-448539723-606747145-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-448539723-606747145-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: File not found
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Johnny\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Johnny\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/02 07:23:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/02 07:23:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/14 04:14:21 | 000,000,000 | ---D | M]

    [2010/09/09 11:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnny\Application Data\Mozilla\Extensions
    [2010/09/09 11:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\9hoyttei.default\extensions
    [2011/11/11 02:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\nf0umxf9.default\extensions
    [2011/11/01 20:12:50 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\nf0umxf9.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
    [2011/10/08 00:02:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/01/03 22:13:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/04/26 07:21:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/10/08 00:02:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/10/08 00:01:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Johnny\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Johnny\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Johnny\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\pdf.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Johnny\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011/08/31 20:42:44 | 000,236,702 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 64.149.122.94 apps.facebook.com
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.1001-search.info
    O1 - Hosts: 127.0.0.1 1001-search.info
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 8287 more lines...
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
    O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found.
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
    O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-448539723-606747145-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-448539723-606747145-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-448539723-606747145-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00 [binary data]
    O7 - HKU\S-1-5-21-448539723-606747145-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O15 - HKU\S-1-5-21-448539723-606747145-839522115-1005\..Trusted Domains: facebook.com ([www.apps] https in Trusted sites)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1104548517953 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CDCB798-5C11-4409-8C92-497E00CB72C3}: DhcpNameServer = 172.16.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
    O24 - Desktop WallPaper: C:\Documents and Settings\Johnny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Johnny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/12/31 20:48:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{1feb93dc-fae6-11dd-827e-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{1feb93dc-fae6-11dd-827e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1feb93dc-fae6-11dd-827e-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.exe
    O33 - MountPoints2\{8e9c95b4-a971-11de-b526-c31c2bffc348}\Shell - "" = AutoRun
    O33 - MountPoints2\{8e9c95b4-a971-11de-b526-c31c2bffc348}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8e9c95b4-a971-11de-b526-c31c2bffc348}\Shell\AutoRun\command - "" = I:\LaunchU3.exe
    O33 - MountPoints2\{a59b4940-1509-11de-bf88-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{a59b4940-1509-11de-bf88-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a59b4940-1509-11de-bf88-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/16 11:30:19 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Johnny\Desktop\TDSSKiller.exe
    [2011/11/14 04:39:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/11/14 04:39:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/11/14 04:39:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/11/14 04:39:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/11/14 04:37:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/11/14 04:37:04 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/11/14 04:35:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/14 04:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/11/14 04:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
    [2011/11/14 04:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2011/11/14 02:59:24 | 000,000,000 | ---D | C] -- C:\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit)
    [2011/11/14 02:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
    [2011/11/14 02:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Local Settings\Application Data\ESET
    [2011/11/14 02:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Application Data\ESET
    [2011/11/14 02:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
    [2011/11/13 16:50:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Johnny\Recent
    [2011/11/12 21:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/11/12 21:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2011/11/12 12:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/11/03 11:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\My Documents\november
    [2009/05/01 02:18:00 | 001,488,112 | ---- | C] (Piriform Ltd) -- C:\Program Files\CCleaner.exe
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/16 11:30:19 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Johnny\Desktop\TDSSKiller.exe
    [2011/11/16 11:26:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/16 11:07:01 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-606747145-839522115-1005UA.job
    [2011/11/16 04:26:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/16 01:39:06 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Johnny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/15 20:07:12 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-606747145-839522115-1005Core.job
    [2011/11/15 17:40:57 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-606747145-839522115-1005.job
    [2011/11/15 16:51:08 | 525,107,200 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/15 16:51:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/11/15 14:06:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/11/15 13:33:35 | 000,000,431 | ---- | M] () -- C:\Documents and Settings\Johnny\Desktop\Shortcut to DSC02006.lnk
    [2011/11/14 21:41:23 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/11/14 02:58:04 | 000,036,072 | ---- | M] () -- C:\Documents and Settings\Johnny\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit).1.torrent
    [2011/11/13 18:13:54 | 000,001,838 | ---- | M] () -- C:\Program Files\ccleaner.ini
    [2011/11/13 10:47:17 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Johnny\Desktop\Firefox.lnk
    [2011/11/12 23:10:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/11/11 22:26:38 | 000,028,967 | ---- | M] () -- C:\Documents and Settings\Johnny\Ringer S01E08 HDTV XviD-LOL[ettv].1.torrent
    [2011/11/11 21:13:33 | 000,000,136 | ---- | M] () -- C:\WINDOWS\_delis32.ini
    [2011/11/11 21:13:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\_INS33IS._MP
    [2011/11/11 12:35:21 | 000,016,992 | ---- | M] () -- C:\Documents and Settings\Johnny\The Incredibles {2004} 720p BRRip x 264 - Mr. KickASS.1.torrent
    [2011/11/11 12:32:16 | 000,056,819 | ---- | M] () -- C:\Documents and Settings\Johnny\Wall-E[2008]DvDrip-aXXo.1.torrent
    [2011/11/11 12:31:32 | 000,016,141 | ---- | M] () -- C:\Documents and Settings\Johnny\Monster Inc 2001 BRRip 720p.1.torrent
    [2011/11/10 17:56:44 | 000,022,380 | ---- | M] () -- C:\Documents and Settings\Johnny\Final Fantasy 8 PC.1.torrent
    [2011/11/10 17:54:23 | 000,014,706 | ---- | M] () -- C:\Documents and Settings\Johnny\Meet the Robinsons [2007] DvDrip MXMG.1.torrent
    [2011/11/10 11:53:34 | 000,056,890 | ---- | M] () -- C:\Documents and Settings\Johnny\Ratatouille[2007]DvDrip[Eng]-aXXo.1.torrent
    [2011/11/09 16:21:08 | 000,021,024 | ---- | M] () -- C:\Documents and Settings\Johnny\Finding Nemo (2003) Widescreen DVDrip V3nDetta.1.torrent
    [2011/11/07 13:34:05 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/11/07 13:34:05 | 000,089,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/11/05 18:52:08 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-606747145-839522115-1005.job
    [2011/11/05 18:14:21 | 000,016,510 | ---- | M] () -- C:\Documents and Settings\Johnny\Harry Potter and the Deathly Hallows Part 2 (2011) DVDRip XviD-MAXSPEED.1.torrent
    [2011/11/05 10:05:54 | 000,016,891 | ---- | M] () -- C:\Documents and Settings\Johnny\Cars 2 (2011) DVDRip XviD-MAXSPEED.1.torrent
    [2011/11/04 12:28:04 | 000,028,973 | ---- | M] () -- C:\Documents and Settings\Johnny\Ringer S01E07 HDTV XviD-ASAP[ettv].1.torrent
    [2011/10/31 08:36:39 | 000,014,217 | ---- | M] () -- C:\Documents and Settings\Johnny\The Nightmare before.1.torrent
    [2011/10/21 10:45:31 | 000,007,428 | ---- | M] () -- C:\Documents and Settings\Johnny\Ringer.S01E06.HDTV.XviD-LOL.[VTV].avi.1.torrent
    [2011/10/18 09:33:25 | 000,141,633 | ---- | M] () -- C:\Documents and Settings\Johnny\My Documents\tumblr_lsiw5yxlIf1qd5qp4o1_500.jpg
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/15 13:33:35 | 000,000,431 | ---- | C] () -- C:\Documents and Settings\Johnny\Desktop\Shortcut to DSC02006.lnk
    [2011/11/14 11:42:34 | 525,107,200 | -HS- | C] () -- C:\hiberfil.sys
    [2011/11/14 04:39:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/11/14 04:39:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/11/14 04:39:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/11/14 04:39:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/11/14 04:39:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/11/14 02:58:11 | 000,036,072 | ---- | C] () -- C:\Documents and Settings\Johnny\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit).1.torrent
    [2011/11/13 10:47:17 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Johnny\Desktop\Firefox.lnk
    [2011/11/11 22:26:58 | 000,028,967 | ---- | C] () -- C:\Documents and Settings\Johnny\Ringer S01E08 HDTV XviD-LOL[ettv].1.torrent
    [2011/11/11 21:13:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\_INS33IS._MP
    [2011/11/11 21:10:39 | 000,000,136 | ---- | C] () -- C:\WINDOWS\_delis32.ini
    [2011/11/11 12:35:29 | 000,016,992 | ---- | C] () -- C:\Documents and Settings\Johnny\The Incredibles {2004} 720p BRRip x 264 - Mr. KickASS.1.torrent
    [2011/11/11 12:32:25 | 000,056,819 | ---- | C] () -- C:\Documents and Settings\Johnny\Wall-E[2008]DvDrip-aXXo.1.torrent
    [2011/11/11 12:31:43 | 000,016,141 | ---- | C] () -- C:\Documents and Settings\Johnny\Monster Inc 2001 BRRip 720p.1.torrent
    [2011/11/10 17:56:52 | 000,022,380 | ---- | C] () -- C:\Documents and Settings\Johnny\Final Fantasy 8 PC.1.torrent
    [2011/11/10 17:54:47 | 000,014,706 | ---- | C] () -- C:\Documents and Settings\Johnny\Meet the Robinsons [2007] DvDrip MXMG.1.torrent
    [2011/11/10 11:53:53 | 000,056,890 | ---- | C] () -- C:\Documents and Settings\Johnny\Ratatouille[2007]DvDrip[Eng]-aXXo.1.torrent
    [2011/11/09 16:21:50 | 000,021,024 | ---- | C] () -- C:\Documents and Settings\Johnny\Finding Nemo (2003) Widescreen DVDrip V3nDetta.1.torrent
    [2011/11/05 18:14:52 | 000,016,510 | ---- | C] () -- C:\Documents and Settings\Johnny\Harry Potter and the Deathly Hallows Part 2 (2011) DVDRip XviD-MAXSPEED.1.torrent
    [2011/11/05 10:06:26 | 000,016,891 | ---- | C] () -- C:\Documents and Settings\Johnny\Cars 2 (2011) DVDRip XviD-MAXSPEED.1.torrent
    [2011/11/04 12:28:24 | 000,028,973 | ---- | C] () -- C:\Documents and Settings\Johnny\Ringer S01E07 HDTV XviD-ASAP[ettv].1.torrent
    [2011/10/31 08:37:29 | 000,014,217 | ---- | C] () -- C:\Documents and Settings\Johnny\The Nightmare before.1.torrent
    [2011/10/21 10:45:47 | 000,007,428 | ---- | C] () -- C:\Documents and Settings\Johnny\Ringer.S01E06.HDTV.XviD-LOL.[VTV].avi.1.torrent
    [2011/10/18 09:33:21 | 000,141,633 | ---- | C] () -- C:\Documents and Settings\Johnny\My Documents\tumblr_lsiw5yxlIf1qd5qp4o1_500.jpg
    [2011/08/12 09:31:05 | 000,000,344 | ---- | C] () -- C:\WINDOWS\QTW.INI
    [2011/08/09 17:01:05 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
    [2011/08/09 17:01:05 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
    [2011/04/11 14:22:09 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2011/04/11 14:21:03 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\MP3ToAMRConverter_sysquict.dat
    [2010/11/29 18:47:21 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Johnny\Application Data\$_hpcst$.hpc
    [2010/10/26 22:12:16 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/10/26 22:12:14 | 002,931,712 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
    [2010/10/03 15:18:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
    [2010/09/06 00:26:24 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Johnny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/31 22:07:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Johnny\Local Settings\Application Data\Temp
    [2010/07/11 19:48:38 | 000,000,004 | ---- | C] () -- C:\WINDOWS\csdf_sdum.dat
    [2010/07/11 17:11:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
    [2010/07/11 16:55:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/12/29 21:35:56 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2009/12/29 21:35:56 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
    [2009/12/29 21:35:56 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
    [2009/12/29 21:35:56 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2009/12/29 21:35:56 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
    [2009/12/29 21:35:56 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
    [2009/12/29 21:35:56 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2009/12/29 21:35:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
    [2009/12/29 21:35:56 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
    [2009/12/29 21:35:56 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
    [2009/12/29 21:35:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
    [2009/12/29 21:35:56 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2009/12/29 21:35:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
    [2009/12/29 21:35:56 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
    [2009/12/29 21:35:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
    [2009/12/29 21:35:56 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
    [2009/12/29 21:35:56 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2009/12/29 21:35:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
    [2009/09/02 13:32:11 | 000,000,934 | ---- | C] () -- C:\WINDOWS\SOFPLAT.ini
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009/07/08 18:55:45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\mseunper0.dll
    [2009/06/17 19:57:33 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
    [2009/05/28 16:25:57 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2009/05/28 16:25:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2009/05/28 16:25:56 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
    [2009/05/20 14:13:57 | 000,009,851 | ---- | C] () -- C:\WINDOWS\System32\mswrn2o0e.dll
    [2009/05/01 02:20:03 | 000,001,838 | ---- | C] () -- C:\Program Files\ccleaner.ini
    [2009/04/13 04:09:30 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
    [2009/04/13 04:09:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
    [2009/04/04 19:50:20 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar3.dll
    [2009/04/04 19:50:20 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\ztvunacev2.dll
    [2009/04/04 02:07:49 | 000,100,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
    [2009/04/03 00:17:32 | 000,247,560 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
    [2009/04/03 00:17:31 | 004,244,744 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
    [2009/03/28 19:34:41 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\mserc2o0d.dll
    [2009/03/27 02:38:28 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2009/03/23 20:19:11 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
    [2009/03/16 04:01:52 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
    [2009/03/09 04:32:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2009/03/07 17:05:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2009/01/10 03:22:32 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\uninst_Zyxel.exe
    [2009/01/10 03:22:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2009/01/10 03:22:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
    [2009/01/10 03:22:32 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.dll
    [2009/01/10 00:52:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2008/06/10 09:12:26 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
    [2008/05/20 10:56:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
    [2008/05/16 13:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2008/05/16 13:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2008/05/16 13:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2008/05/16 13:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2008/05/16 13:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2008/05/16 13:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2008/05/16 13:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2008/05/16 13:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2008/05/16 13:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2008/05/02 04:44:31 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2008/05/01 21:39:56 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2006/07/13 05:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
    [2006/06/20 21:53:34 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
    [2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/12/31 22:00:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2004/12/31 21:59:29 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2004/12/31 20:51:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/12/31 20:45:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/12/30 20:39:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/12/30 20:37:56 | 002,497,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/12/01 17:29:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\TnetWCoInst.dll
    [2004/11/04 17:55:58 | 000,094,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad17.bin
    [2004/11/04 17:55:54 | 000,092,836 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad16.bin
    [2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 05:00:00 | 000,506,014 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 05:00:00 | 000,089,352 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8927A071
    @Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B244549
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B12D1A7D
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5B07840
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C3AAD57
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E690114B

    < End of report >

    Tdsskiller log:

    11:30:50.0921 3792 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
    11:30:51.0921 3792 ============================================================
    11:30:51.0921 3792 Current date / time: 2011/11/16 11:30:51.0921
    11:30:51.0921 3792 SystemInfo:
    11:30:51.0921 3792
    11:30:51.0921 3792 OS Version: 5.1.2600 ServicePack: 3.0
    11:30:51.0921 3792 Product type: Workstation
    11:30:51.0921 3792 ComputerName: USER-2800XP
    11:30:51.0921 3792 UserName: Johnny
    11:30:51.0921 3792 Windows directory: C:\WINDOWS
    11:30:51.0921 3792 System windows directory: C:\WINDOWS
    11:30:51.0921 3792 Processor architecture: Intel x86
    11:30:51.0921 3792 Number of processors: 1
    11:30:51.0921 3792 Page size: 0x1000
    11:30:51.0921 3792 Boot type: Normal boot
    11:30:51.0921 3792 ============================================================
    11:30:59.0031 3792 Initialize success
    12:10:14.0171 0748 ============================================================
    12:10:14.0203 0748 Scan started
    12:10:14.0203 0748 Mode: Manual;
    12:10:14.0203 0748 ============================================================
    12:10:17.0562 0748 Abiosdsk - ok
    12:10:17.0703 0748 abp480n5 - ok
    12:10:17.0875 0748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    12:10:17.0890 0748 ACPI - ok
    12:10:18.0125 0748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    12:10:18.0140 0748 ACPIEC - ok
    12:10:18.0375 0748 ADIHdAudAddService (b244557d1b89ee61d00d93212de7ddc9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
    12:10:18.0390 0748 ADIHdAudAddService - ok
    12:10:18.0562 0748 adpu160m - ok
    12:10:18.0828 0748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    12:10:18.0828 0748 aec - ok
    12:10:19.0093 0748 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    12:10:19.0109 0748 AegisP - ok
    12:10:19.0390 0748 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    12:10:19.0468 0748 AFD - ok
    12:10:19.0671 0748 Aha154x - ok
    12:10:19.0812 0748 aic78u2 - ok
    12:10:19.0968 0748 aic78xx - ok
    12:10:20.0312 0748 ALCXWDM (00696c0ab6aaba7fd4e64ab61be95f6a) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    12:10:20.0468 0748 ALCXWDM - ok
    12:10:20.0734 0748 AliIde - ok
    12:10:20.0984 0748 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
    12:10:20.0984 0748 AmdPPM - ok
    12:10:21.0156 0748 amsint - ok
    12:10:21.0421 0748 AR5523 (92637b97f57c1669d521a54482c4579c) C:\WINDOWS\system32\DRIVERS\WG11TND5.sys
    12:10:21.0500 0748 AR5523 - ok
    12:10:21.0687 0748 asc - ok
    12:10:21.0859 0748 asc3350p - ok
    12:10:22.0015 0748 asc3550 - ok
    12:10:22.0343 0748 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
    12:10:22.0359 0748 Aspi32 - ok
    12:10:22.0609 0748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    12:10:22.0609 0748 AsyncMac - ok
    12:10:22.0828 0748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    12:10:22.0843 0748 atapi - ok
    12:10:23.0015 0748 Atdisk - ok
    12:10:23.0234 0748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    12:10:25.0640 0748 Atmarpc - ok
    12:10:26.0093 0748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    12:10:26.0093 0748 audstub - ok
    12:10:26.0359 0748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    12:10:26.0359 0748 Beep - ok
    12:10:26.0625 0748 BELKIN (bb3eb3535856adbead55a8b932f69d25) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
    12:10:26.0671 0748 BELKIN - ok
    12:10:26.0937 0748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    12:10:26.0937 0748 cbidf2k - ok
    12:10:27.0140 0748 cd20xrnt - ok
    12:10:27.0531 0748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    12:10:27.0546 0748 Cdaudio - ok
    12:10:27.0812 0748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    12:10:27.0812 0748 Cdfs - ok
    12:10:28.0015 0748 Cdr4_xp - ok
    12:10:28.0187 0748 Cdralw2k - ok
    12:10:28.0421 0748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    12:10:28.0421 0748 Cdrom - ok
    12:10:28.0609 0748 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
    12:10:28.0625 0748 cercsr6 - ok
    12:10:28.0781 0748 Changer - ok
    12:10:29.0015 0748 CmdIde - ok
    12:10:29.0234 0748 Cpqarray - ok
    12:10:29.0421 0748 cpuz131 - ok
    12:10:29.0640 0748 crpf (70e81df572f4064b87858a17b15af04b) C:\WINDOWS\system32\drivers\crpf.sys
    12:10:29.0640 0748 crpf - ok
    12:10:29.0937 0748 csdf (98e8c198dc164d43c2be5fb498d63a98) C:\WINDOWS\system32\drivers\csdf.sys
    12:10:29.0937 0748 csdf - ok
    12:10:30.0109 0748 dac2w2k - ok
    12:10:30.0265 0748 dac960nt - ok
    12:10:30.0468 0748 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
    12:10:30.0468 0748 DAdderFltr - ok
    12:10:30.0750 0748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    12:10:30.0750 0748 Disk - ok
    12:10:31.0078 0748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    12:10:31.0140 0748 dmboot - ok
    12:10:31.0406 0748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    12:10:31.0406 0748 dmio - ok
    12:10:31.0703 0748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    12:10:31.0734 0748 dmload - ok
    12:10:32.0093 0748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    12:10:32.0093 0748 DMusic - ok
    12:10:32.0312 0748 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
    12:10:32.0312 0748 DNINDIS5 - ok
    12:10:32.0500 0748 dpti2o - ok
    12:10:32.0703 0748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    12:10:32.0703 0748 drmkaud - ok
    12:10:32.0937 0748 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    12:10:32.0953 0748 e1express - ok
    12:10:33.0125 0748 EagleNT - ok
    12:10:33.0390 0748 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
    12:10:33.0406 0748 eamon - ok
    12:10:33.0687 0748 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
    12:10:33.0687 0748 ehdrv - ok
    12:10:33.0953 0748 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
    12:10:33.0953 0748 epfwtdir - ok
    12:10:34.0265 0748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    12:10:34.0265 0748 Fastfat - ok
    12:10:34.0531 0748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    12:10:34.0531 0748 Fdc - ok
    12:10:34.0765 0748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    12:10:34.0781 0748 Fips - ok
    12:10:35.0046 0748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    12:10:35.0046 0748 Flpydisk - ok
    12:10:35.0328 0748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    12:10:35.0328 0748 FltMgr - ok
    12:10:35.0578 0748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    12:10:35.0578 0748 Fs_Rec - ok
    12:10:35.0781 0748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    12:10:35.0781 0748 Ftdisk - ok
    12:10:36.0015 0748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    12:10:36.0015 0748 Gpc - ok
    12:10:36.0312 0748 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    12:10:36.0328 0748 HDAudBus - ok
    12:10:36.0625 0748 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    12:10:36.0625 0748 hidusb - ok
    12:10:36.0843 0748 hpn - ok
    12:10:37.0140 0748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    12:10:37.0140 0748 HTTP - ok
    12:10:37.0421 0748 i2omgmt - ok
    12:10:37.0562 0748 i2omp - ok
    12:10:37.0718 0748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    12:10:37.0734 0748 i8042prt - ok
    12:10:38.0203 0748 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    12:10:38.0406 0748 ialm - ok
    12:10:38.0734 0748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    12:10:38.0734 0748 Imapi - ok
    12:10:38.0968 0748 ini910u - ok
    12:10:39.0140 0748 IntelIde - ok
    12:10:39.0390 0748 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    12:10:39.0390 0748 intelppm - ok
    12:10:39.0625 0748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    12:10:39.0625 0748 Ip6Fw - ok
    12:10:39.0843 0748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    12:10:39.0843 0748 IpFilterDriver - ok
    12:10:40.0093 0748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    12:10:40.0093 0748 IpInIp - ok
    12:10:40.0265 0748 IPN2120 - ok
    12:10:40.0515 0748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    12:10:40.0531 0748 IpNat - ok
    12:10:40.0781 0748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    12:10:40.0781 0748 IPSec - ok
    12:10:41.0062 0748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    12:10:41.0062 0748 IRENUM - ok
    12:10:41.0281 0748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    12:10:41.0281 0748 isapnp - ok
    12:10:41.0562 0748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    12:10:41.0562 0748 Kbdclass - ok
    12:10:41.0812 0748 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    12:10:41.0812 0748 kbdhid - ok
    12:10:42.0078 0748 KL1 - ok
    12:10:42.0328 0748 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
    12:10:42.0328 0748 kl2 - ok
    12:10:42.0593 0748 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
    12:10:42.0593 0748 klim5 - ok
    12:10:42.0828 0748 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
    12:10:42.0843 0748 klmouflt - ok
    12:10:43.0093 0748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    12:10:43.0109 0748 kmixer - ok
    12:10:43.0343 0748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    12:10:43.0359 0748 KSecDD - ok
    12:10:43.0578 0748 lbrtfdc - ok
    12:10:43.0812 0748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    12:10:43.0828 0748 mnmdd - ok
    12:10:44.0046 0748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    12:10:44.0046 0748 Modem - ok
    12:10:44.0281 0748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    12:10:44.0281 0748 Mouclass - ok
    12:10:44.0546 0748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    12:10:44.0546 0748 mouhid - ok
    12:10:44.0734 0748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    12:10:44.0734 0748 MountMgr - ok
    12:10:44.0984 0748 mraid35x - ok
    12:10:45.0171 0748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    12:10:45.0171 0748 MRxDAV - ok
    12:10:45.0421 0748 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    12:10:45.0468 0748 MRxSmb - ok
    12:10:45.0765 0748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    12:10:45.0765 0748 Msfs - ok
    12:10:46.0031 0748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    12:10:46.0031 0748 MSKSSRV - ok
    12:10:46.0250 0748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    12:10:46.0250 0748 MSPCLOCK - ok
    12:10:46.0453 0748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    12:10:46.0468 0748 MSPQM - ok
    12:10:46.0703 0748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    12:10:46.0703 0748 mssmbios - ok
    12:10:46.0937 0748 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    12:10:46.0937 0748 Mup - ok
    12:10:47.0203 0748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    12:10:47.0203 0748 NDIS - ok
    12:10:47.0453 0748 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    12:10:47.0453 0748 NdisTapi - ok
    12:10:47.0687 0748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    12:10:47.0687 0748 Ndisuio - ok
    12:10:47.0859 0748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    12:10:47.0859 0748 NdisWan - ok
    12:10:48.0109 0748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    12:10:48.0109 0748 NDProxy - ok
    12:10:48.0359 0748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    12:10:48.0359 0748 NetBIOS - ok
    12:10:48.0593 0748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    12:10:48.0593 0748 NetBT - ok
    12:10:48.0953 0748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    12:10:48.0953 0748 Npfs - ok
    12:10:49.0218 0748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    12:10:49.0250 0748 Ntfs - ok
    12:10:49.0500 0748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    12:10:49.0500 0748 Null - ok
    12:10:49.0921 0748 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    12:10:50.0156 0748 nv - ok
    12:10:50.0359 0748 NVENETFD (23297b3c2ff3510e2e760714fc6f094e) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    12:10:50.0375 0748 NVENETFD - ok
    12:10:50.0562 0748 nvnetbus (bcc3722a2db99ad6f367344997c26654) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    12:10:50.0562 0748 nvnetbus - ok
    12:10:50.0843 0748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    12:10:50.0843 0748 NwlnkFlt - ok
    12:10:51.0046 0748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    12:10:51.0046 0748 NwlnkFwd - ok
    12:10:51.0328 0748 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    12:10:51.0343 0748 NwlnkIpx - ok
    12:10:51.0609 0748 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    12:10:51.0609 0748 NwlnkNb - ok
    12:10:51.0843 0748 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    12:10:51.0859 0748 NwlnkSpx - ok
    12:10:52.0109 0748 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
    12:10:52.0125 0748 NWRDR - ok
    12:10:52.0437 0748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    12:10:52.0437 0748 Parport - ok
    12:10:52.0671 0748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    12:10:52.0671 0748 PartMgr - ok
    12:10:52.0906 0748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    12:10:52.0906 0748 ParVdm - ok
    12:10:53.0062 0748 PCANDIS5 (d0084a9ade989fe703e4f22171f4e4dc) C:\WINDOWS\system32\PCANDIS5.SYS
    12:10:53.0109 0748 PCANDIS5 - ok
    12:10:53.0328 0748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    12:10:53.0328 0748 PCI - ok
    12:10:53.0500 0748 PCIDump - ok
    12:10:53.0718 0748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    12:10:53.0718 0748 PCIIde - ok
    12:10:53.0984 0748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    12:10:53.0984 0748 Pcmcia - ok
    12:10:54.0093 0748 PDCOMP - ok
    12:10:54.0140 0748 PDFRAME - ok
    12:10:54.0187 0748 PDRELI - ok
    12:10:54.0265 0748 PDRFRAME - ok
    12:10:54.0359 0748 perc2 - ok
    12:10:54.0437 0748 perc2hib - ok
    12:10:54.0531 0748 PORTMON - ok
    12:10:54.0750 0748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    12:10:54.0750 0748 PptpMiniport - ok
    12:10:54.0984 0748 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    12:10:55.0000 0748 Processor - ok
    12:10:55.0218 0748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    12:10:55.0218 0748 PSched - ok
    12:10:55.0406 0748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    12:10:55.0406 0748 Ptilink - ok
    12:10:55.0578 0748 ql1080 - ok
    12:10:55.0765 0748 Ql10wnt - ok
    12:10:55.0953 0748 ql12160 - ok
    12:10:56.0093 0748 ql1240 - ok
    12:10:56.0250 0748 ql1280 - ok
    12:10:56.0453 0748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    12:10:56.0453 0748 RasAcd - ok
    12:10:56.0687 0748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    12:10:56.0687 0748 Rasl2tp - ok
    12:10:56.0968 0748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    12:10:56.0984 0748 RasPppoe - ok
    12:10:57.0187 0748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    12:10:57.0203 0748 Raspti - ok
    12:10:57.0453 0748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    12:10:57.0453 0748 Rdbss - ok
    12:10:57.0687 0748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    12:10:57.0687 0748 RDPCDD - ok
    12:10:57.0937 0748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    12:10:57.0953 0748 rdpdr - ok
    12:10:58.0171 0748 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    12:10:58.0171 0748 RDPWD - ok
    12:10:58.0437 0748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    12:10:58.0437 0748 redbook - ok
    12:10:58.0671 0748 rt2870 - ok
    12:10:58.0890 0748 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    12:10:58.0937 0748 RTL8023xp - ok
    12:10:59.0156 0748 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    12:10:59.0171 0748 rtl8139 - ok
    12:10:59.0453 0748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    12:10:59.0484 0748 Secdrv - ok
    12:10:59.0734 0748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    12:10:59.0750 0748 serenum - ok
    12:10:59.0984 0748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    12:11:00.0000 0748 Serial - ok
    12:11:00.0359 0748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    12:11:00.0359 0748 Sfloppy - ok
    12:11:00.0609 0748 Simbad - ok
    12:11:00.0781 0748 Sparrow - ok
    12:11:01.0015 0748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    12:11:01.0015 0748 splitter - ok
    12:11:01.0296 0748 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
    12:11:01.0296 0748 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
    12:11:01.0296 0748 sptd ( LockedFile.Multi.Generic ) - warning
    12:11:01.0296 0748 sptd - detected LockedFile.Multi.Generic (1)
    12:11:01.0546 0748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    12:11:01.0546 0748 sr - ok
    12:11:01.0812 0748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    12:11:01.0843 0748 Srv - ok
    12:11:02.0109 0748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    12:11:02.0125 0748 swenum - ok
    12:11:02.0390 0748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    12:11:02.0390 0748 swmidi - ok
    12:11:02.0640 0748 symc810 - ok
    12:11:02.0828 0748 symc8xx - ok
    12:11:03.0000 0748 sym_hi - ok
    12:11:03.0187 0748 sym_u3 - ok
    12:11:03.0390 0748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    12:11:03.0406 0748 sysaudio - ok
    12:11:03.0640 0748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    12:11:03.0656 0748 Tcpip - ok
    12:11:03.0875 0748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    12:11:03.0890 0748 TDPIPE - ok
    12:11:04.0156 0748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    12:11:04.0171 0748 TDTCP - ok
    12:11:04.0453 0748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    12:11:04.0453 0748 TermDD - ok
    12:11:04.0765 0748 TNET1130 (69e01cb0b78e371393521b86349b71c4) C:\WINDOWS\system32\DRIVERS\TNET1130.sys
    12:11:04.0796 0748 TNET1130 - ok
    12:11:04.0953 0748 TosIde - ok
    12:11:05.0203 0748 TPM (a147180fc61769bf4eb6ff94d499970c) C:\WINDOWS\system32\DRIVERS\tpm.sys
    12:11:05.0203 0748 TPM - ok
    12:11:05.0453 0748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    12:11:05.0453 0748 Udfs - ok
    12:11:05.0625 0748 ultra - ok
    12:11:05.0890 0748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    12:11:05.0953 0748 Update - ok
    12:11:06.0218 0748 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    12:11:06.0234 0748 usbaudio - ok
    12:11:06.0515 0748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    12:11:06.0515 0748 usbccgp - ok
    12:11:06.0828 0748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    12:11:06.0828 0748 usbehci - ok
    12:11:07.0078 0748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    12:11:07.0078 0748 usbhub - ok
    12:11:07.0312 0748 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    12:11:07.0328 0748 usbohci - ok
    12:11:07.0515 0748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    12:11:07.0515 0748 usbscan - ok
    12:11:07.0718 0748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    12:11:07.0718 0748 USBSTOR - ok
    12:11:07.0921 0748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    12:11:07.0921 0748 usbuhci - ok
    12:11:08.0187 0748 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    12:11:08.0187 0748 usb_rndisx - ok
    12:11:08.0421 0748 VBoxNetFlt - ok
    12:11:08.0546 0748 VBoxUSB (425cc5ff9a9898e090b7262fbbeb1a24) C:\WINDOWS\system32\Drivers\VBoxUSB.sys
    12:11:08.0546 0748 VBoxUSB - ok
    12:11:08.0765 0748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    12:11:08.0765 0748 VgaSave - ok
    12:11:08.0953 0748 ViaIde - ok
    12:11:09.0140 0748 VMnetAdapter - ok
    12:11:09.0343 0748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    12:11:09.0343 0748 VolSnap - ok
    12:11:09.0640 0748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    12:11:09.0640 0748 Wanarp - ok
    12:11:09.0812 0748 wanatw - ok
    12:11:09.0984 0748 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    12:11:10.0000 0748 wceusbsh - ok
    12:11:10.0328 0748 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    12:11:10.0343 0748 Wdf01000 - ok
    12:11:10.0515 0748 WDICA - ok
    12:11:10.0750 0748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    12:11:10.0750 0748 wdmaud - ok
    12:11:11.0046 0748 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    12:11:11.0062 0748 WinUSB - ok
    12:11:11.0453 0748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    12:11:11.0453 0748 WudfPf - ok
    12:11:11.0734 0748 ZD1211U(ZyXEL) (b183823cfa0ec393556261a817cd4ad8) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
    12:11:11.0750 0748 ZD1211U(ZyXEL) - ok
    12:11:11.0937 0748 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
    12:11:11.0937 0748 ZDPSp50 - ok
    12:11:12.0156 0748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    12:11:12.0187 0748 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
    12:11:12.0187 0748 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
    12:11:12.0187 0748 Boot (0x1200) (39b892918227b8805403b492ebd0e10b) \Device\Harddisk0\DR0\Partition0
    12:11:12.0187 0748 \Device\Harddisk0\DR0\Partition0 - ok
    12:11:12.0203 0748 ============================================================
    12:11:12.0203 0748 Scan finished
    12:11:12.0203 0748 ============================================================
    12:11:12.0234 1780 Detected object count: 2
    12:11:12.0234 1780 Actual detected object count: 2
    12:13:30.0328 1780 sptd ( LockedFile.Multi.Generic ) - skipped by user
    12:13:30.0328 1780 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    12:13:30.0328 1780 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
    12:13:30.0328 1780 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip
     
  7. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi Ashfur

    While going through your logs I found out that your version of Nod32 is cracked and that you are actively using it, why would you download
    pirated software that probably contains more malware, when there are good free alternative Antivirus Programs you can use.
    At the moment you using malware to try and clean out Malware which you more than likely got downloading all your torrents the other day.

    I am sorry but under the circumstances unless you uninstall ALL cracked software I will be unable to help you, as it's a waste of time, as
    your going to get infected faster than I can clean you.
     
  8. Ashfur

    Ashfur Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    21
    I uninstalled it. My husband is the one that installed it, I didn't know that it was pirated, I was under the impression that it was a free version from the website.

    To the best of my knowledge, that would be the only pirated software on my computer.

    -EDIT-

    My husband just informed me that it was a free trial that he downloaded from the website.
     
  9. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Scan with WVCheck:

    Please download WVCheck and save it to the desktop.

    • Double click on WVCheck.exeto run it.
    • The scan may take some time depending on the Hard-Drive size.
    • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.



    Please download this tool from Microsoft (MGADiag.exe).

    http://go.microsoft.com/fwlink/?linkid=52012

    Double click on MGADiag to run it.
    Click Continue.
    The program will run. It takes a while to finish the diagnosis, please be patient.
    Once done, click on Copy.
    Open Notepad and paste the contents in.
    Save this file and post it in your next reply.



    Run CKScanner

    • Please download CKScanner from Here
    • Important: - Save it to your desktop.
    • Double-click CKScanner.exe and click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify the file saved. Please Run the program only once.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


    Please post back all 3 log
     
  10. Ashfur

    Ashfur Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    21
    WVCheck:

    Windows Validation Check
    Version: 1.9.12.5
    Log Created On: 1738_16-11-2011
    -----------------------

    Windows Information
    -----------------------
    Windows Version: Windows XP Service Pack 3
    Windows Mode: Normal
    Systemroot Path: C:\WINDOWS

    WVCheck's Auto Update Check
    -----------------------
    Auto-Update Option: Download updates and install them automatically.
    -----------------------
    Last Success Time for Update Detection: 2011-11-16 08:47:21
    Last Success Time for Update Download: 2011-11-11 05:51:50
    Last Success Time for Update Installation: 2011-11-11 05:49:51


    WVCheck's Registry Check Check
    -----------------------
    Antiwpa: Not Found
    -----------------------
    Chew7Hale: Not Found
    -----------------------


    WVCheck's File Dump
    -----------------------
    WVCheck found no known bad files.


    WVCheck's Dir Dump
    -----------------------
    WVCheck found no known bad directories.


    WVCheck's Missing File Check
    -----------------------
    WVCheck found no missing Windows files.


    WVCheck's MBAM Quarantine Check
    -----------------------
    There were no bad files quarantined by MBAM.


    WVCheck's HOSTS File Check
    -----------------------
    WVCheck found no bad lines in the hosts file.


    WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - b26b135ff1b9f60c9388b4a7d16f600b


    -------- End of File, program close at 1742_16-11-2011 --------

    MGADiag:


    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-W9D49-36Q4Y-4JBHY
    Windows Product Key Hash: GyrgQ+V6l4qo1bGXQOKmxMbssSg=
    Windows Product ID: 76487-OEM-2215227-22276
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010100.3.0.pro
    ID: {13D90B28-F254-4801-9F52-E484C48CC44C}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{13D90B28-F254-4801-9F52-E484C48CC44C}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4JBHY</PKey><PID>76487-OEM-2215227-22276</PID><PIDType>3</PIDType><SID>S-1-5-21-448539723-606747145-839522115</SID><SYSTEM><Manufacturer>IBM</Manufacturer><Model>8215E34</Model></SYSTEM><BIOS><Manufacturer>IBM</Manufacturer><Version>2EKT42AUS</Version><SMBIOSVersion major="2" minor="34"/><Date>20061129000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>2601327F0184E05C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7988346CD395D86</Val><Hash>a42hI6Qcy9eTyHqkLg8rQgEZRDo=</Hash><Pid>89388-707-3857327-65409</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 1044B:GENUINE C&C INC|13572:IBM|13538:Lenovo
    Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

    OEM Activation 2.0 Data-->
    N/A


    CKScanner:

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\crack\spongebob diner dash 2.exe
    c:\documents and settings\johnny\application data\macromedia\flash player\#sharedobjects\ylf7wxsd\crackle.com\cracklesettings.sol
    c:\documents and settings\johnny\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
    c:\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit)\eset_nod32_antivirus_live_installer.exe
    c:\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit)\kis2012_12.0.0.374a-2544en.exe
    c:\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit)\read me.txt
    c:\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit)\crack\eset.purefix.v2b.exe
    c:\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit)\eset.nod32.anitvirus.5(32.and.64.bit)\eav_nt32_enu.msi
    c:\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit)\eset.nod32.anitvirus.5(32.and.64.bit)\eav_nt64_enu.msi
    c:\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit)\eset.nod32.smart.security.5(x32.and.x64.bit)\ess_nt32_enu.msi
    c:\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit)\eset.nod32.smart.security.5(x32.and.x64.bit)\ess_nt64_enu.msi
    scanner sequence 3.CH.11.NBLBIT
    ----- EOF -----

    I think why you are seeing a pirated version of NOD32 is because my husband tried to download and install the torrent file, it didn't work and he went to download the free trial.
     
  11. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Torrent and P2P downloads are one of the fastest way to get infected, the cracks that come with these programs
    are 99% bad and contains Trojans of some sort, the bad guys use this to spread there wares, I advise you to keep
    away from any form of torrents in the future.

    Also try and limit the use of the computer until your clean, which will be soon.


    Please go to your C drive and delete the copy on combofix, we are going to download a new copy soon and it
    must be saved to your desktop.



    Download MBRBackup to your Desktop.

    • Double-click MBRBackup.exe to launch the program.
    • Click SaveMBR (top left corner) and save the backup file to your Desktop.
    • It will have a name similar to MBR_2010-10-06.bin where the numbers correspond to the date the backup was made.
    • Exit the program.
    • I strongly suggest you keep a copy of this backup stored on an external device.




    • Important!: Run this fix once and once only.
    • First go to Start > Computer > C: and delete the TDSSKiller log that was created there.
    • Next double click on TDSSKiller.exe to launch it.
    • Click on Start Scan, the scan will run.
    • When the scan has finished Ensure Cure ( the default) is selected... then click Continue > Reboot now.
    • When finished re-booting, a log of the cleanup will be found at C:\TDSSKiller._version_.MM.YYYY_HH.MM.SS_log.txt .
    • To find the log go to Start > Computer > C:
    • Post the contents of that log in your next reply please.




    Download and Run ComboFix (by sUBs)

    Download ComboFix from here to your Desktop.

    Please visit this webpage for instructions for downloading and running ComboFix:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix.


    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, we must have this pre-installed on your machine before doing any malware removal.
      It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
      Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper



    Please post back

    TDSSKiller Log
    Combofix Log.
     
  12. Ashfur

    Ashfur Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    21
    When I ran TDSSkiller, it found 2 files. One of them was locked and I was unable to cure it. The only other option was to delete or "copy to quarentine". I wasn't sure what you wanted me to do, so I just skipped it.

    TDSSkiller log:

    11:14:38.0437 2244 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
    11:14:39.0140 2244 ============================================================
    11:14:39.0140 2244 Current date / time: 2011/11/17 11:14:39.0140
    11:14:39.0140 2244 SystemInfo:
    11:14:39.0140 2244
    11:14:39.0140 2244 OS Version: 5.1.2600 ServicePack: 3.0
    11:14:39.0140 2244 Product type: Workstation
    11:14:39.0140 2244 ComputerName: USER-2800XP
    11:14:39.0140 2244 UserName: Johnny
    11:14:39.0140 2244 Windows directory: C:\WINDOWS
    11:14:39.0140 2244 System windows directory: C:\WINDOWS
    11:14:39.0140 2244 Processor architecture: Intel x86
    11:14:39.0140 2244 Number of processors: 1
    11:14:39.0140 2244 Page size: 0x1000
    11:14:39.0140 2244 Boot type: Normal boot
    11:14:39.0140 2244 ============================================================
    11:14:41.0484 2244 Initialize success
    11:14:44.0406 2100 ============================================================
    11:14:44.0406 2100 Scan started
    11:14:44.0406 2100 Mode: Manual;
    11:14:44.0406 2100 ============================================================
    11:14:47.0406 2100 Abiosdsk - ok
    11:14:47.0578 2100 abp480n5 - ok
    11:14:47.0890 2100 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    11:14:47.0953 2100 ACPI - ok
    11:14:48.0312 2100 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    11:14:48.0328 2100 ACPIEC - ok
    11:14:48.0593 2100 ADIHdAudAddService (b244557d1b89ee61d00d93212de7ddc9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
    11:14:48.0593 2100 ADIHdAudAddService - ok
    11:14:48.0781 2100 adpu160m - ok
    11:14:49.0015 2100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    11:14:49.0015 2100 aec - ok
    11:14:49.0234 2100 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    11:14:49.0265 2100 AegisP - ok
    11:14:49.0515 2100 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    11:14:49.0515 2100 AFD - ok
    11:14:49.0734 2100 Aha154x - ok
    11:14:49.0906 2100 aic78u2 - ok
    11:14:50.0078 2100 aic78xx - ok
    11:14:50.0437 2100 ALCXWDM (00696c0ab6aaba7fd4e64ab61be95f6a) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    11:14:50.0640 2100 ALCXWDM - ok
    11:14:50.0859 2100 AliIde - ok
    11:14:51.0046 2100 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
    11:14:51.0046 2100 AmdPPM - ok
    11:14:51.0218 2100 amsint - ok
    11:14:51.0437 2100 AR5523 (92637b97f57c1669d521a54482c4579c) C:\WINDOWS\system32\DRIVERS\WG11TND5.sys
    11:14:51.0453 2100 AR5523 - ok
    11:14:51.0687 2100 asc - ok
    11:14:51.0828 2100 asc3350p - ok
    11:14:51.0968 2100 asc3550 - ok
    11:14:52.0265 2100 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
    11:14:52.0265 2100 Aspi32 - ok
    11:14:52.0515 2100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    11:14:52.0515 2100 AsyncMac - ok
    11:14:52.0781 2100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    11:14:52.0781 2100 atapi - ok
    11:14:52.0968 2100 Atdisk - ok
    11:14:53.0171 2100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    11:14:53.0171 2100 Atmarpc - ok
    11:14:53.0437 2100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    11:14:53.0437 2100 audstub - ok
    11:14:53.0750 2100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    11:14:53.0750 2100 Beep - ok
    11:14:53.0953 2100 BELKIN (bb3eb3535856adbead55a8b932f69d25) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
    11:14:53.0968 2100 BELKIN - ok
    11:14:54.0265 2100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    11:14:54.0281 2100 cbidf2k - ok
    11:14:54.0468 2100 cd20xrnt - ok
    11:14:54.0734 2100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    11:14:54.0734 2100 Cdaudio - ok
    11:14:55.0000 2100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    11:14:55.0000 2100 Cdfs - ok
    11:14:55.0171 2100 Cdr4_xp - ok
    11:14:55.0250 2100 Cdralw2k - ok
    11:14:55.0453 2100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    11:14:55.0453 2100 Cdrom - ok
    11:14:55.0671 2100 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
    11:14:55.0671 2100 cercsr6 - ok
    11:14:55.0828 2100 Changer - ok
    11:14:56.0062 2100 CmdIde - ok
    11:14:56.0250 2100 Cpqarray - ok
    11:14:56.0421 2100 cpuz131 - ok
    11:14:56.0609 2100 crpf (70e81df572f4064b87858a17b15af04b) C:\WINDOWS\system32\drivers\crpf.sys
    11:14:56.0609 2100 crpf - ok
    11:14:56.0906 2100 csdf (98e8c198dc164d43c2be5fb498d63a98) C:\WINDOWS\system32\drivers\csdf.sys
    11:14:56.0906 2100 csdf - ok
    11:14:57.0093 2100 dac2w2k - ok
    11:14:57.0265 2100 dac960nt - ok
    11:14:57.0500 2100 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
    11:14:57.0500 2100 DAdderFltr - ok
    11:14:57.0968 2100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    11:14:57.0968 2100 Disk - ok
    11:14:58.0140 2100 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    11:14:58.0171 2100 dmboot - ok
    11:14:58.0390 2100 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    11:14:58.0390 2100 dmio - ok
    11:14:58.0578 2100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    11:14:58.0578 2100 dmload - ok
    11:14:58.0796 2100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    11:14:58.0796 2100 DMusic - ok
    11:14:58.0984 2100 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
    11:14:59.0046 2100 DNINDIS5 - ok
    11:14:59.0265 2100 dpti2o - ok
    11:14:59.0500 2100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    11:14:59.0500 2100 drmkaud - ok
    11:14:59.0734 2100 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    11:14:59.0734 2100 e1express - ok
    11:14:59.0906 2100 EagleNT - ok
    11:15:00.0156 2100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    11:15:00.0171 2100 Fastfat - ok
    11:15:00.0406 2100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    11:15:00.0421 2100 Fdc - ok
    11:15:00.0687 2100 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    11:15:00.0687 2100 Fips - ok
    11:15:00.0921 2100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    11:15:00.0921 2100 Flpydisk - ok
    11:15:01.0187 2100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    11:15:01.0187 2100 FltMgr - ok
    11:15:01.0453 2100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    11:15:01.0453 2100 Fs_Rec - ok
    11:15:01.0687 2100 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    11:15:01.0703 2100 Ftdisk - ok
    11:15:01.0937 2100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    11:15:01.0953 2100 Gpc - ok
    11:15:02.0187 2100 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    11:15:02.0203 2100 HDAudBus - ok
    11:15:02.0453 2100 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    11:15:02.0453 2100 hidusb - ok
    11:15:02.0718 2100 hpn - ok
    11:15:02.0906 2100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    11:15:02.0937 2100 HTTP - ok
    11:15:03.0140 2100 i2omgmt - ok
    11:15:03.0312 2100 i2omp - ok
    11:15:03.0640 2100 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    11:15:03.0640 2100 i8042prt - ok
    11:15:04.0843 2100 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    11:15:05.0453 2100 ialm - ok
    11:15:06.0046 2100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    11:15:06.0062 2100 Imapi - ok
    11:15:06.0312 2100 ini910u - ok
    11:15:06.0812 2100 IntelIde - ok
    11:15:07.0140 2100 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    11:15:07.0140 2100 intelppm - ok
    11:15:07.0453 2100 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    11:15:07.0484 2100 Ip6Fw - ok
    11:15:07.0859 2100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    11:15:07.0906 2100 IpFilterDriver - ok
    11:15:08.0250 2100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    11:15:08.0281 2100 IpInIp - ok
    11:15:08.0421 2100 IPN2120 - ok
    11:15:08.0750 2100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    11:15:08.0750 2100 IpNat - ok
    11:15:08.0968 2100 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    11:15:08.0968 2100 IPSec - ok
    11:15:09.0171 2100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    11:15:09.0171 2100 IRENUM - ok
    11:15:09.0375 2100 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    11:15:09.0390 2100 isapnp - ok
    11:15:09.0578 2100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    11:15:09.0578 2100 Kbdclass - ok
    11:15:09.0765 2100 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    11:15:09.0765 2100 kbdhid - ok
    11:15:09.0890 2100 KL1 - ok
    11:15:10.0000 2100 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
    11:15:10.0000 2100 kl2 - ok
    11:15:10.0234 2100 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
    11:15:10.0250 2100 klim5 - ok
    11:15:10.0437 2100 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
    11:15:10.0437 2100 klmouflt - ok
    11:15:10.0656 2100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    11:15:10.0671 2100 kmixer - ok
    11:15:10.0875 2100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    11:15:10.0875 2100 KSecDD - ok
    11:15:11.0093 2100 lbrtfdc - ok
    11:15:11.0359 2100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    11:15:11.0359 2100 mnmdd - ok
    11:15:11.0578 2100 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    11:15:11.0593 2100 Modem - ok
    11:15:11.0781 2100 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    11:15:11.0781 2100 Mouclass - ok
    11:15:12.0000 2100 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    11:15:12.0000 2100 mouhid - ok
    11:15:12.0234 2100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    11:15:12.0234 2100 MountMgr - ok
    11:15:12.0421 2100 mraid35x - ok
    11:15:12.0593 2100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    11:15:12.0593 2100 MRxDAV - ok
    11:15:12.0875 2100 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    11:15:12.0890 2100 MRxSmb - ok
    11:15:13.0218 2100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    11:15:13.0218 2100 Msfs - ok
    11:15:13.0421 2100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    11:15:13.0421 2100 MSKSSRV - ok
    11:15:13.0703 2100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    11:15:13.0703 2100 MSPCLOCK - ok
    11:15:13.0890 2100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    11:15:13.0890 2100 MSPQM - ok
    11:15:14.0109 2100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    11:15:14.0109 2100 mssmbios - ok
    11:15:14.0359 2100 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    11:15:14.0359 2100 Mup - ok
    11:15:14.0640 2100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    11:15:14.0640 2100 NDIS - ok
    11:15:14.0890 2100 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    11:15:14.0890 2100 NdisTapi - ok
    11:15:15.0125 2100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    11:15:15.0125 2100 Ndisuio - ok
    11:15:15.0359 2100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    11:15:15.0359 2100 NdisWan - ok
    11:15:15.0625 2100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    11:15:15.0640 2100 NDProxy - ok
    11:15:15.0859 2100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    11:15:15.0859 2100 NetBIOS - ok
    11:15:16.0109 2100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    11:15:16.0109 2100 NetBT - ok
    11:15:16.0375 2100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    11:15:16.0390 2100 Npfs - ok
    11:15:16.0640 2100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    11:15:16.0687 2100 Ntfs - ok
    11:15:16.0921 2100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    11:15:16.0921 2100 Null - ok
    11:15:17.0390 2100 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    11:15:17.0609 2100 nv - ok
    11:15:17.0781 2100 NVENETFD (23297b3c2ff3510e2e760714fc6f094e) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    11:15:17.0781 2100 NVENETFD - ok
    11:15:17.0968 2100 nvnetbus (bcc3722a2db99ad6f367344997c26654) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    11:15:17.0968 2100 nvnetbus - ok
    11:15:18.0218 2100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    11:15:18.0218 2100 NwlnkFlt - ok
    11:15:18.0421 2100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    11:15:18.0421 2100 NwlnkFwd - ok
    11:15:18.0734 2100 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    11:15:18.0734 2100 NwlnkIpx - ok
    11:15:19.0015 2100 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    11:15:19.0015 2100 NwlnkNb - ok
    11:15:19.0281 2100 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    11:15:19.0281 2100 NwlnkSpx - ok
    11:15:19.0515 2100 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
    11:15:19.0515 2100 NWRDR - ok
    11:15:19.0812 2100 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    11:15:19.0812 2100 Parport - ok
    11:15:20.0046 2100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    11:15:20.0046 2100 PartMgr - ok
    11:15:20.0296 2100 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    11:15:20.0296 2100 ParVdm - ok
    11:15:20.0468 2100 PCANDIS5 (d0084a9ade989fe703e4f22171f4e4dc) C:\WINDOWS\system32\PCANDIS5.SYS
    11:15:20.0484 2100 PCANDIS5 - ok
    11:15:20.0687 2100 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    11:15:20.0687 2100 PCI - ok
    11:15:20.0781 2100 PCIDump - ok
    11:15:20.0890 2100 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    11:15:20.0890 2100 PCIIde - ok
    11:15:21.0093 2100 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    11:15:21.0109 2100 Pcmcia - ok
    11:15:21.0281 2100 PDCOMP - ok
    11:15:21.0437 2100 PDFRAME - ok
    11:15:21.0609 2100 PDRELI - ok
    11:15:21.0750 2100 PDRFRAME - ok
    11:15:21.0906 2100 perc2 - ok
    11:15:22.0109 2100 perc2hib - ok
    11:15:22.0187 2100 PORTMON - ok
    11:15:22.0406 2100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    11:15:22.0406 2100 PptpMiniport - ok
    11:15:22.0718 2100 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    11:15:22.0718 2100 Processor - ok
    11:15:22.0953 2100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    11:15:22.0953 2100 PSched - ok
    11:15:23.0140 2100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    11:15:23.0171 2100 Ptilink - ok
    11:15:23.0359 2100 ql1080 - ok
    11:15:23.0531 2100 Ql10wnt - ok
    11:15:23.0687 2100 ql12160 - ok
    11:15:23.0906 2100 ql1240 - ok
    11:15:24.0062 2100 ql1280 - ok
    11:15:24.0281 2100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    11:15:24.0281 2100 RasAcd - ok
    11:15:24.0531 2100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    11:15:24.0531 2100 Rasl2tp - ok
    11:15:24.0796 2100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    11:15:24.0796 2100 RasPppoe - ok
    11:15:25.0000 2100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    11:15:25.0000 2100 Raspti - ok
    11:15:25.0250 2100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    11:15:25.0250 2100 Rdbss - ok
    11:15:25.0515 2100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    11:15:25.0515 2100 RDPCDD - ok
    11:15:25.0765 2100 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    11:15:25.0765 2100 rdpdr - ok
    11:15:25.0968 2100 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    11:15:25.0968 2100 RDPWD - ok
    11:15:26.0171 2100 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    11:15:26.0171 2100 redbook - ok
    11:15:26.0437 2100 rt2870 - ok
    11:15:26.0562 2100 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    11:15:26.0593 2100 RTL8023xp - ok
    11:15:26.0812 2100 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    11:15:26.0812 2100 rtl8139 - ok
    11:15:27.0093 2100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    11:15:27.0093 2100 Secdrv - ok
    11:15:27.0375 2100 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    11:15:27.0390 2100 serenum - ok
    11:15:27.0640 2100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    11:15:27.0640 2100 Serial - ok
    11:15:27.0937 2100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    11:15:27.0937 2100 Sfloppy - ok
    11:15:28.0156 2100 Simbad - ok
    11:15:28.0296 2100 Sparrow - ok
    11:15:28.0500 2100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    11:15:28.0531 2100 splitter - ok
    11:15:28.0781 2100 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
    11:15:28.0781 2100 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
    11:15:28.0781 2100 sptd ( LockedFile.Multi.Generic ) - warning
    11:15:28.0781 2100 sptd - detected LockedFile.Multi.Generic (1)
    11:15:28.0984 2100 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    11:15:28.0984 2100 sr - ok
    11:15:29.0171 2100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    11:15:29.0187 2100 Srv - ok
    11:15:29.0468 2100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    11:15:29.0468 2100 swenum - ok
    11:15:29.0718 2100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    11:15:29.0718 2100 swmidi - ok
    11:15:29.0921 2100 symc810 - ok
    11:15:30.0078 2100 symc8xx - ok
    11:15:30.0250 2100 sym_hi - ok
    11:15:30.0390 2100 sym_u3 - ok
    11:15:30.0609 2100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    11:15:30.0625 2100 sysaudio - ok
    11:15:30.0906 2100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    11:15:30.0921 2100 Tcpip - ok
    11:15:31.0125 2100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    11:15:31.0140 2100 TDPIPE - ok
    11:15:31.0328 2100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    11:15:31.0343 2100 TDTCP - ok
    11:15:31.0671 2100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    11:15:31.0671 2100 TermDD - ok
    11:15:31.0953 2100 TNET1130 (69e01cb0b78e371393521b86349b71c4) C:\WINDOWS\system32\DRIVERS\TNET1130.sys
    11:15:32.0015 2100 TNET1130 - ok
    11:15:32.0218 2100 TosIde - ok
    11:15:32.0453 2100 TPM (a147180fc61769bf4eb6ff94d499970c) C:\WINDOWS\system32\DRIVERS\tpm.sys
    11:15:32.0453 2100 TPM - ok
    11:15:32.0687 2100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    11:15:32.0687 2100 Udfs - ok
    11:15:32.0859 2100 ultra - ok
    11:15:33.0125 2100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    11:15:33.0140 2100 Update - ok
    11:15:33.0421 2100 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    11:15:33.0421 2100 usbaudio - ok
    11:15:33.0609 2100 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    11:15:33.0625 2100 usbccgp - ok
    11:15:33.0921 2100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    11:15:33.0937 2100 usbehci - ok
    11:15:34.0156 2100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    11:15:34.0187 2100 usbhub - ok
    11:15:34.0406 2100 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    11:15:34.0421 2100 usbohci - ok
    11:15:34.0609 2100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    11:15:34.0625 2100 usbscan - ok
    11:15:34.0875 2100 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    11:15:34.0875 2100 USBSTOR - ok
    11:15:35.0078 2100 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    11:15:35.0109 2100 usbuhci - ok
    11:15:35.0343 2100 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    11:15:35.0343 2100 usb_rndisx - ok
    11:15:35.0546 2100 VBoxNetFlt - ok
    11:15:35.0750 2100 VBoxUSB (425cc5ff9a9898e090b7262fbbeb1a24) C:\WINDOWS\system32\Drivers\VBoxUSB.sys
    11:15:35.0765 2100 VBoxUSB - ok
    11:15:35.0984 2100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    11:15:35.0984 2100 VgaSave - ok
    11:15:36.0156 2100 ViaIde - ok
    11:15:36.0296 2100 VMnetAdapter - ok
    11:15:36.0515 2100 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    11:15:36.0515 2100 VolSnap - ok
    11:15:36.0781 2100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    11:15:36.0781 2100 Wanarp - ok
    11:15:36.0984 2100 wanatw - ok
    11:15:37.0187 2100 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    11:15:37.0187 2100 wceusbsh - ok
    11:15:37.0453 2100 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    11:15:37.0468 2100 Wdf01000 - ok
    11:15:37.0625 2100 WDICA - ok
    11:15:37.0734 2100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    11:15:37.0734 2100 wdmaud - ok
    11:15:38.0015 2100 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    11:15:38.0015 2100 WinUSB - ok
    11:15:38.0328 2100 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    11:15:38.0343 2100 WudfPf - ok
    11:15:38.0593 2100 ZD1211U(ZyXEL) (b183823cfa0ec393556261a817cd4ad8) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
    11:15:38.0593 2100 ZD1211U(ZyXEL) - ok
    11:15:38.0828 2100 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
    11:15:38.0828 2100 ZDPSp50 - ok
    11:15:38.0968 2100 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    11:15:39.0000 2100 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
    11:15:39.0000 2100 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
    11:15:39.0000 2100 Boot (0x1200) (39b892918227b8805403b492ebd0e10b) \Device\Harddisk0\DR0\Partition0
    11:15:39.0000 2100 \Device\Harddisk0\DR0\Partition0 - ok
    11:15:39.0000 2100 ============================================================
    11:15:39.0000 2100 Scan finished
    11:15:39.0000 2100 ============================================================
    11:15:39.0031 4040 Detected object count: 2
    11:15:39.0031 4040 Actual detected object count: 2
    11:17:44.0828 4040 sptd ( LockedFile.Multi.Generic ) - skipped by user
    11:17:44.0828 4040 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    11:17:44.0890 4040 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
    11:17:44.0890 4040 \Device\Harddisk0\DR0 - ok
    11:17:44.0890 4040 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
    11:17:56.0625 2368 Deinitialize success

    When I ran combofix, it told me AVG 2012 was running, but I looked in my processes and it was not running. I looked everywhere and could not understand why it said it was running, because it wasn't. I ran the program anyway.

    Combofix log:


    ComboFix 11-11-17.03 - Johnny 17/11/11 11:37:44.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.501.268 [GMT -5:00]
    Running from: c:\documents and settings\Johnny\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Johnny\Application Data\PriceGong
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\1.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\2229.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\a.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\b.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\c.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\d.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\e.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\f.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\g.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\h.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\i.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\j.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\k.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\l.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\m.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\n.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\o.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\p.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\q.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\r.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\s.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\t.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\u.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\v.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\w.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\wlu.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\x.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\y.txt
    c:\documents and settings\Johnny\Application Data\PriceGong\Data\z.txt
    c:\documents and settings\Johnny\WINDOWS
    c:\program files\Internet Explorer\SET1F4.tmp
    c:\program files\Internet Explorer\SET1F5.tmp
    c:\windows\CSC\d6
    c:\windows\system32\PowerToyReadme.htm
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_PASSWORD
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-14 07:59 . 2011-11-14 09:07 -------- d-----w- C:\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit)
    2011-11-14 07:16 . 2011-11-14 07:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
    2011-11-14 07:10 . 2011-11-14 07:10 -------- d-----w- c:\documents and settings\Johnny\Local Settings\Application Data\ESET
    2011-11-14 07:10 . 2011-11-14 07:10 -------- d-----w- c:\documents and settings\Johnny\Application Data\ESET
    2011-11-14 07:00 . 2011-11-14 07:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
    2011-11-14 06:09 . 2011-11-14 06:09 -------- d-----w- C:\kleaner.tmp
    2011-11-13 02:50 . 2011-11-13 08:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-11-13 02:50 . 2011-11-13 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-11-12 17:16 . 2011-11-14 07:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-15 19:06 . 2011-05-18 23:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2005-01-01 01:45 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-08 05:01 . 2011-10-08 05:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-10-08 05:01 . 2011-01-04 03:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41 . 2007-10-09 17:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-22 23:48 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
    2009-03-24 13:13 . 2009-05-01 07:18 1488112 ----a-w- c:\program files\CCleaner.exe
    2011-04-14 16:26 . 2011-06-08 13:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzI4MDY4MjE2LUIxLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1809&mid=3b8bcd46d6d247d1b34fd15f0794c4bb-bc44defee37f87ae9d79217f0b60add6b1c23470" [?]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 01000000
    "NoRecentDocsNetHood"= 01000000
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111T Smart Wizard.lnk]
    backup=c:\windows\pss\NETGEAR WG111T Smart Wizard.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Adobe LM Service"=3 (0x3)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Pidgin\\pidgin.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [25/06/09 12:17 AM 36512]
    R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [25/06/09 12:17 AM 39456]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/03/09 1:38 AM 717296]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/10 4:43 PM 11352]
    R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [02/08/07 8:32 AM 22784]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/10 11:06 AM 32856]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/09 7:27 PM 19472]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/10 12:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/08/11 7:11 AM 136176]
    S2 usbdevice;usbdevice;c:\windows\system32\launch.exe --> c:\windows\system32\launch.exe [?]
    S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [21/05/09 12:47 PM 273280]
    S3 cpuz131;cpuz131;\??\c:\docume~1\Johnny\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\Johnny\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [28/05/09 4:25 PM 17149]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/11 7:11 AM 136176]
    S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\DRIVERS\LSIPNDS.sys --> c:\windows\system32\DRIVERS\LSIPNDS.sys [?]
    S3 PORTMON;PORTMON;\??\g:\windows tools\SysinternalsSuite\PORTMSYS.SYS --> g:\windows tools\SysinternalsSuite\PORTMSYS.SYS [?]
    S3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [01/12/04 5:35 PM 438912]
    S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
    S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [04/04/09 2:07 AM 31824]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/04 5:00 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/10 12:16 PM 753504]
    S3 ZD1211U(ZyXEL);ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL);c:\windows\system32\drivers\ZD1211U.sys [10/01/09 3:22 AM 278016]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 12:11]
    .
    2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 12:11]
    .
    2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-606747145-839522115-1005Core.job
    - c:\documents and settings\Johnny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-08 05:50]
    .
    2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-606747145-839522115-1005UA.job
    - c:\documents and settings\Johnny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-08 05:50]
    .
    2011-11-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-606747145-839522115-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-11-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-606747145-839522115-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: facebook.com\www.apps
    TCP: DhcpNameServer = 172.16.0.1
    FF - ProfilePath - c:\documents and settings\Johnny\Application Data\Mozilla\Firefox\Profiles\nf0umxf9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://abuchak.net/?ref=ff.1.1.93&q=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: browser.link.open_external - 1
    FF - user.js: browser.link.open_newwindow - 1
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Johnny\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-17 11:56
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1652)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Java\jre6\bin\jqs.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-17 12:06:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-17 17:06
    .
    Pre-Run: 7,076,159,488 bytes free
    Post-Run: 7,329,820,672 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=ADE45N-BAK
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=ADE45N /Kernel=TUKernel.exe
    .
    - - End Of File - - 0BE0AA4C2708D3B2E275709DAF0C6E7C
     
  13. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    No AVG is not installed but Kaspersky Internet Security 2011 is according to OTL Log, Lets find out whats happening.


    Security Application Check:

    Please download Security Check by screen317 and save it to your Desktop.

    • Double-click Security Check.bat
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.





    We need to run an OTL Fix

    • Double click OTL.exe to run it.
      [*]Copy and Paste the following code into the [​IMG] textbox. Do not include the word Code
      Code:
      :processes
      killallprocesses
      
      :OTL
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: File not found
      FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected] : C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/14 04:14:21 | 000,000,000 | ---D | M]
      [2011/01/03 22:13:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
      [2011/04/26 07:21:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
      [2011/10/08 00:02:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
      [2011/10/08 00:01:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
      CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
      CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
      CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
      O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found.
      O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
      O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
      O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
      O15 - HKU\S-1-5-21-448539723-606747145-839522115-1005\..Trusted Domains: facebook.com ([www.apps] https in Trusted sites)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
      [2011/11/14 04:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
      [2011/11/14 04:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
      [2011/11/14 04:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
      [2011/11/14 02:59:24 | 000,000,000 | ---D | C] -- C:\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit)
      [2011/11/14 02:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
      [2011/11/14 02:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Local Settings\Application Data\ESET
      [2011/11/14 02:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Application Data\ESET
      [2011/11/14 02:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
      [2011/11/14 02:58:11 | 000,036,072 | ---- | C] () -- C:\Documents and Settings\Johnny\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(3 2.and.64.Bit).1.torrent
      
      :Files
      @C:\Documents and Settings\All Users\Application Data\TEMP:8927A071
      @C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
      @C:\Documents and Settings\All Users\Application Data\TEMP:4B244549
      @C:\Documents and Settings\All Users\Application Data\TEMP:B12D1A7D
      @C:\Documents and Settings\All Users\Application Data\TEMP:E5B07840
      @C:\Documents and Settings\All Users\Application Data\TEMP:9C3AAD57
      @C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
      @C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
      @C:\Documents and Settings\All Users\Application Data\TEMP:E690114B
      ipconfig /flushdns /c
      
      :reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\uTorrent\uTorrent.exe" =-
      
      :commands
      [emptyflash]
      [resethosts]
      [clearallrestorepoints]
      [REBOOT]
      
      [*]Then click the Run Fix button at the top.
      [*]Click [​IMG].
      [*]OTL may ask to reboot the machine. Please do so if asked.
      [*] The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.






    It looks like at some time you had MalwareBytes installed but have removed it, please download and run.


    Download and Run MalwareBytes' Anti-Malware It is free for home use.
    Please go here to the Download Location, click on Download in the Free column..
    When the next page comes up, click on the Download Now button.
    • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
    • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
    • You should now have a desktop icon named mbam-setup.exe. (If the download was saved somewhere else, locate it and copy or move it to your desktop).
    • Double Click the download to run the installer.
    • Let it install where it wants to, with the default settings, and click Finish.
    • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
    • If necessary, start Malwarebytes Anti-Malware again.
      (You can Decline any Offer for a Trial if you don't want the paid version)
    • Once the program has started up, select Perform Quick Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
    • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.



    Run Unhind again
    • Double-click on the Unhide.exe to run it.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    • Please note that this will unhide files that are purposely hidden.

    Reboot

    Let me know if your programs have returned.



    Please post back with

    MalwareBytes Log
    OTL Log
    Security Application Check Log


    And a good discretion of how your system is now after running the above.




    .
     
  14. Ashfur

    Ashfur Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    21
    Security check:

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Kaspersky Internet Security 2011
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    TuneUp Utilities 2009
    COMODO System Cleaner 1.1.64946.38(32bit)
    Java(TM) 6 Update 26
    Out of date Java installed!
    Adobe Flash Player 11.1.102.55
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````


    OTL log:

    ========== PROCESSES ==========
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
    C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Adobe Reader\ deleted successfully.
    C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.
    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4 not found.
    File HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected] : C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird not found.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
    C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll moved successfully.
    File C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found.
    C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E33CF602-D945-461A-83F0-819F76A199F8}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\egui not found.
    File C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4248FE82-7FCB-46AC-B270-339F08212110}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4248FE82-7FCB-46AC-B270-339F08212110}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCF151D8-D089-449F-A5A4-D9909053F20F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCF151D8-D089-449F-A5A4-D9909053F20F}\ not found.
    Registry key HKEY_USERS\S-1-5-21-448539723-606747145-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\facebook.com\www.apps\ deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Folder C:\Program Files\ESET\ not found.
    Folder C:\Documents and Settings\All Users\Start Menu\Programs\ESET\ not found.
    Folder C:\Documents and Settings\All Users\Application Data\ESET\ not found.
    C:\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit)\ESET.NOD32.Smart.Security.5(x32.and.x64.bit) folder moved successfully.
    C:\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit)\ESET.NOD32.Anitvirus.5(32.and.64.bit) folder moved successfully.
    C:\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit)\Crack folder moved successfully.
    C:\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit) folder moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET\ESET Smart Security\Antispam folder moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET\ESET Smart Security folder moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET folder moved successfully.
    C:\Documents and Settings\Johnny\Local Settings\Application Data\ESET\ESET Smart Security folder moved successfully.
    C:\Documents and Settings\Johnny\Local Settings\Application Data\ESET folder moved successfully.
    C:\Documents and Settings\Johnny\Application Data\ESET\ESET Smart Security folder moved successfully.
    C:\Documents and Settings\Johnny\Application Data\ESET folder moved successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET\ESET Smart Security\Antispam folder moved successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET\ESET Smart Security folder moved successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET folder moved successfully.
    File C:\Documents and Settings\Johnny\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(3 2.and.64.Bit).1.torrent not found.
    ========== FILES ==========
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:8927A071 .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:4B244549 .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:B12D1A7D .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:E5B07840 .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:9C3AAD57 .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:8247A199 .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:E690114B .
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Johnny\My Documents\Downloads\cmd.bat deleted successfully.
    C:\Documents and Settings\Johnny\My Documents\Downloads\cmd.txt deleted successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List not found.
    ========== COMMANDS ==========

    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 891 bytes

    User: All Users

    User: Default User

    User: Johnny
    ->Flash cache emptied: 15371 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 11172011_191006

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    Malwarebytes log:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8184

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    17/11/11 7:42:11 PM
    mbam-log-2011-11-17 (19-42-11).txt

    Scan type: Quick scan
    Objects scanned: 171774
    Time elapsed: 11 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    System seems to running better. No more redirects from Google, My desktop icons are back, but my start menu files are still missing. Something isn't right with my microsoft silverlight, I try to play Netflix, and it says the plugin crashes every time. It was one of the items on my start menu that has missing files, as well as Microsoft Office, as well as my accessories, etc.
     
  15. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi Ashfur

    We are almost there, run fix's below and we will come back to the start menu.

    You have Kaspersky Internet Security 2011 running as a Antivirus so you are OK, no need for anything else.



    SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :folderfind
      SNTMP 
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt



    Update Java SE Runtime Environment (JRE).

    Please download from HERE

    • Find Java SE 7u1.
    • Click the Download JRE button to the right.
    • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
      Yours will be Windows x86 Offline 19.26 MB jre-7u1-windows-i586.exe
    • Click the Continue button.
    • Click on the filename under Windows Offline Installation and save it to your desktop.
    • Close all active windows.
    • Install the program.


    While you are in Add/remove programs remove Silverlight as well
    Download Silverlight from here and reinstall it, that should sort out silverlight.

    http://majorgeeks.com/Microsoft_Silverlight_d6151.html




    Your Adobe Acrobat Reader is out of date.
    Older versions may have vulnerabilities that malware can use to infect your system.
    Please download Adobe Reader 10.1.1 to your PC's desktop.
    • Uninstall Adobe(Acrobat) Reader >Insert Version< via Start > Control Panel > Add/Remove Programs
    • Install the new downloaded updated software.
    Be sure not to remove any paid for Adobe programs like Adobe Acrobat or Adobe Photoshop that you may have installed





    Run Combofix Script
    Stop all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Now please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      ADS::
      C:\Documents and Settings\All Users\Application Data\TEMP:8927A071
      C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
      C:\Documents and Settings\All Users\Application Data\TEMP:4B244549
      C:\Documents and Settings\All Users\Application Data\TEMP:B12D1A7D
      C:\Documents and Settings\All Users\Application Data\TEMP:E5B07840
      C:\Documents and Settings\All Users\Application Data\TEMP:9C3AAD57
      C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
      C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
      C:\Documents and Settings\All Users\Application Data\TEMP:E690114B
      
      
      
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


      [​IMG]

    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.





    Run a ESET online scan

    You can use either Internet Explorer or Mozilla FireFox for this scan.


    • First please Disable any Antivirus you have active, as shown in This topic.
    • Note: Don't forget to re-enable it after the scan.
    • Next hold down Control then click on the following link to open a new window to ESET online scannner
    • Select the option YES, I accept the Terms of Use then click on Start.
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on Start.
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on Finish.
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.


    Post back with

    Combofix Log
    ESET online scan Log
    SystemLook.txt


     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Win32 Olmarik TDL4
  1. Olddog20
    Replies:
    0
    Views:
    373
  2. Sumfeg
    Replies:
    0
    Views:
    1,238
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1026938

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice