TechSpot

Did the clean up, nothing detected but have low virtual memory problem with svchost.exe

By littleimp99
May 21, 2013
  1. I have bitdefender 2013 total security, and I have done the preliminary scans. I keep getting the message that my virtual memory is low from the svchost.exe.
    Also I keep getting a message from the malware that it is blocking a potentially dangerous site 208.73.210.29 (outgoing)
    And when I try to open the malwarebytes, it says the database is missing or corrupt and would I like to download a new copy (which I selected yes to 3 times already)
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    Please observe forum rules.
    All logs have to be pasted not attached.
     
  3. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.21.11

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    New Account :: CHELSEA-797BB6F [administrator]

    Protection: Enabled

    02/01/2005 7:55:10 AM
    mbam-log-2005-01-02 (07-55-10).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218790
    Time elapsed: 12 minute(s), 8 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by New Account at 8:10:22 on 2005-01-02
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.193 [GMT -7:00]
    .
    AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [ZCfgSvc.exe] c:\windows\system32\ZCfgSvc.exe
    mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
    mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Bdagent] c:\program files\bitdefender\bitdefender 2013\bdagent.exe
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: NameServer = 192.168.254.2 142.166.86.18
    TCP: Interfaces\{D8E13BEB-66CC-418F-A135-C37C668EBFC7} : DHCPNameServer = 192.168.254.2 142.166.86.18
    Notify: igfxcui - igfxdev.dll
    Notify: Sebring - c:\windows\system32\LgNotify.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2005-1-2 633344]
    R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2005-1-1 162976]
    R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2005-1-1 72704]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2005-1-2 418376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2005-1-2 701512]
    R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2013\updatesrv.exe [2005-1-1 55984]
    R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2005-1-1 242504]
    R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2005-1-1 486536]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2005-1-1 116560]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2005-1-2 22856]
    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\owner\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\owner\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\owner\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\owner\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
    S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2005-1-1 66392]
    S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2013\bdparentalservice.exe [2005-1-1 62688]
    .
    =============== Created Last 30 ================
    .
    2011-10-29 01:02:54--------d-----w-c:\documents and settings\new account\local settings\application data\Mozilla
    2011-10-27 20:25:06--------d-----w-c:\documents and settings\all users\application data\Malwarebytes
    2011-10-27 20:24:59--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2011-10-27 02:39:22--------d-----w-c:\documents and settings\new account\local settings\application data\shaw
    2011-10-27 02:39:13--------d-----w-c:\documents and settings\new account\local settings\application data\Apple Computer
    2011-10-26 03:24:40--------d-----w-c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2011-10-20 20:41:40--------d-----w-c:\program files\common files\Research In Motion
    2011-10-20 19:32:184194304----a-w-c:\windows\system32\cdintf400.dll
    2011-10-20 19:30:53--------d-----w-c:\program files\Invoice2go 5.0
    2011-10-20 13:23:18--------d-----w-c:\documents and settings\all users\application data\WindSolutions
    2011-10-06 23:12:20--------d-----w-c:\program files\Shaw Secure
    2011-10-06 22:49:50--------d-----w-c:\documents and settings\all users\application data\fssg
    2011-10-06 22:41:01--------d-----w-c:\documents and settings\all users\application data\f-secure
    2011-10-06 22:37:10414368----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-06 22:35:21--------d-----w-c:\documents and settings\all users\application data\shaw
    2011-10-06 22:35:13--------d-----w-C:\temp
    2011-10-06 18:07:14139656-c----w-c:\windows\system32\dllcache\rdpwd.sys
    2011-10-06 18:07:12105472-c----w-c:\windows\system32\dllcache\mup.sys
    2011-10-06 18:01:2110496-c----w-c:\windows\system32\dllcache\ndistapi.sys
    2011-10-06 17:57:2972192----a-w-c:\windows\system32\zlib.dll
    2011-09-26 17:41:20611328------w-c:\windows\system32\uiautomationcore.dll
    2011-09-09 09:12:13599040-c----w-c:\windows\system32\dllcache\crypt32.dll
    2011-09-05 17:04:56183696----a-w-c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-09-05 17:04:56183696----a-w-c:\program files\internet explorer\plugins\nppdf32.dll
    2011-07-22 18:32:3611693904----a-w-c:\program files\common files\microsoft shared\office11\MSO.DLL
    2011-07-06 01:37:0094208----a-w-c:\windows\system32\QuickTimeVR.qtx
    2011-07-06 01:37:0069632----a-w-c:\windows\system32\QuickTime.qts
    2011-06-27 17:44:38507904----a-r-c:\windows\system32\btwapi.dll
    2011-05-17 18:30:521103784----a-w-c:\program files\common files\microsoft shared\office11\RICHED20.DLL
    2011-05-14 04:11:54641536----a-w-c:\program files\common files\microsoft shared\vc\msdia80.dll
    2011-05-11 16:24:53--------d-----w-C:\divx
    2011-05-10 01:47:5926368-c--a-w-c:\windows\system32\dllcache\usbstor.sys
    2011-05-09 22:25:16275696----a-w-c:\windows\system32\mucltui.dll
    2011-05-09 22:25:16214256----a-w-c:\windows\system32\muweb.dll
    2011-05-09 22:25:1617136----a-w-c:\windows\system32\mucltui.dll.mui
    2011-04-21 03:49:23--------d-----w-c:\documents and settings\all users\application data\jLd06504nPhGj06504
    2011-04-20 00:36:5045568-c----w-c:\windows\system32\dllcache\wab.exe
    2011-04-20 00:35:32953856-c----w-c:\windows\system32\dllcache\mfc40u.dll
    2011-04-20 00:33:30617472-c----w-c:\windows\system32\dllcache\comctl32.dll
    2011-04-20 00:26:1240960-c----w-c:\windows\system32\dllcache\ndproxy.sys
    2011-04-19 19:23:59--------d-----w-c:\windows\system32\scripting
    2011-04-19 19:23:58--------d-----w-c:\windows\l2schemas
    2011-04-19 19:23:57--------d-----w-c:\windows\system32\en
    2011-04-19 19:23:57--------d-----w-c:\windows\system32\bits
    2011-04-19 19:16:14--------d-----w-c:\windows\network diagnostic
    2011-04-19 19:09:13--------d-----w-c:\windows\EHome
    2011-04-19 11:47:04670032----a-w-c:\program files\common files\microsoft shared\vc\msdia90.dll
    2011-04-19 04:04:1573216------w-c:\windows\system32\drivers\atintuxx.sys
    2011-04-16 10:02:17--------d-----w-c:\windows\ServicePackFiles
    2011-04-16 10:01:48--------d-----w-c:\windows\ie8updates
    2011-04-16 10:01:32221184----a-w-c:\windows\system32\wmpns.dll
    2011-04-16 10:01:06--------d-----w-c:\program files\MSXML 4.0
    2011-04-16 04:41:075632----a-w-c:\windows\system32\ptpusb.dll
    2011-04-16 04:41:06159232----a-w-c:\windows\system32\ptpusd.dll
    2011-04-16 04:41:0515104----a-w-c:\windows\system32\drivers\usbscan.sys
    2011-04-16 01:30:5673728----a-w-c:\windows\system32\javacpl.cpl
    2011-04-16 01:30:56476904----a-w-c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2011-04-16 01:30:56472808----a-w-c:\windows\system32\deployJava1.dll
    2011-04-16 01:16:55602112-c----w-c:\windows\system32\dllcache\msfeeds.dll
    2011-04-16 01:16:5555296-c----w-c:\windows\system32\dllcache\msfeedsbs.dll
    2011-04-16 01:16:5412800-c----w-c:\windows\system32\dllcache\xpshims.dll
    2011-04-16 01:16:53743424-c----w-c:\windows\system32\dllcache\iedvtool.dll
    2011-04-16 01:16:53247808-c----w-c:\windows\system32\dllcache\ieproxy.dll
    2011-04-16 01:16:522000384-c----w-c:\windows\system32\dllcache\iertutil.dll
    2011-04-16 01:16:4811081728-c----w-c:\windows\system32\dllcache\ieframe.dll
    2011-04-16 01:07:56272128-c----w-c:\windows\system32\dllcache\bthport.sys
    2011-04-16 01:07:55272128------w-c:\windows\system32\drivers\bthport.sys
    2011-04-16 01:07:01357888-c----w-c:\windows\system32\dllcache\srv.sys
    2011-04-16 01:06:0981920-c----w-c:\windows\system32\dllcache\fontsub.dll
    2011-04-16 01:06:08119808-c----w-c:\windows\system32\dllcache\t2embed.dll
    2011-04-16 01:04:58203136-c----w-c:\windows\system32\dllcache\rmcast.sys
    2011-04-16 00:38:12456320-c----w-c:\windows\system32\dllcache\mrxsmb.sys
    2011-04-16 00:35:45744448-c----w-c:\windows\system32\dllcache\helpsvc.exe
    2011-04-16 00:34:40284160-c----w-c:\windows\system32\dllcache\pdh.dll
    2011-04-16 00:34:39401408-c----w-c:\windows\system32\dllcache\rpcss.dll
    2011-04-16 00:34:39110592-c----w-c:\windows\system32\dllcache\services.exe
    2011-04-16 00:34:38473600-c----w-c:\windows\system32\dllcache\fastprox.dll
    2011-04-16 00:34:38227840-c----w-c:\windows\system32\dllcache\wmiprvse.exe
    2011-04-16 00:34:37730112-c----w-c:\windows\system32\dllcache\lsasrv.dll
    2011-04-16 00:34:37453120-c----w-c:\windows\system32\dllcache\wmiprvsd.dll
    2011-04-16 00:34:36617472-c----w-c:\windows\system32\dllcache\advapi32.dll
    2011-04-16 00:34:35718336-c----w-c:\windows\system32\dllcache\ntdll.dll
    2011-04-16 00:34:342148864-c----w-c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-04-16 00:34:332192768-c----w-c:\windows\system32\dllcache\ntoskrnl.exe
    2011-04-16 00:34:312027008-c----w-c:\windows\system32\dllcache\ntkrpamp.exe
    2011-04-16 00:29:50337408-c----w-c:\windows\system32\dllcache\netapi32.dll
    2011-04-16 00:26:43471552-c----w-c:\windows\system32\dllcache\aclayers.dll
    2011-04-16 00:17:565120----a-w-c:\windows\system32\xpsp4res.dll
    2011-04-16 00:17:55218112-c----w-c:\windows\system32\dllcache\wordpad.exe
    2011-04-16 00:14:42--------d-----w-c:\windows\system32\PreInstall
    2011-04-16 00:14:38--------d--h--w-c:\windows\$hf_mig$
    2011-04-14 21:37:0356832-c----w-c:\windows\system32\dllcache\secur32.dll
    2011-04-14 21:37:02989696-c----w-c:\windows\system32\dllcache\kernel32.dll
    2011-04-14 05:41:5686016-c----w-c:\windows\system32\dllcache\cabview.dll
    2011-04-13 16:25:37497664----a-w-c:\windows\system32\ac3filter.acm
    2011-04-13 16:25:37--------d-----w-c:\program files\AC3Filter
    2011-04-13 16:01:49--------d-----w-c:\program files\common files\DivX Shared
    2011-04-13 15:54:02--------d-----w-c:\program files\DivX
    2011-04-13 15:52:08--------d-----w-c:\documents and settings\all users\application data\DivX
    2011-04-12 21:16:42--------d-----w-c:\windows\system32\SoftwareDistribution
    2011-04-12 17:18:48--------d--h--w-c:\documents and settings\all users\application data\Common Files
    2011-04-12 17:15:59--------d-----w-c:\windows\system32\drivers\AVG
    2011-04-12 17:11:27--------d-----w-c:\documents and settings\all users\application data\MFAData
    2011-04-12 16:44:0026144----a-w-c:\windows\system32\spupdsvc.exe
    2011-04-12 16:42:51--------dc-h--w-c:\windows\ie8
    2011-04-12 15:28:3628552----a-w-c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
    2011-04-12 15:28:3628040----a-w-c:\windows\system32\mdimon.dll
    2011-04-12 15:27:29--------d-----w-c:\program files\Microsoft ActiveSync
    2011-04-12 15:25:56--------d-----w-c:\windows\SHELLNEW
    2011-04-12 08:18:57--------d-s---w-c:\windows\system32\Microsoft
    .
    ==================== Find3M ====================
    .
    2013-04-17 21:59:04486536----a-w-c:\windows\system32\drivers\avckf.sys
    2013-04-04 21:50:3222856----a-w-c:\windows\system32\drivers\mbam.sys
    2013-02-23 02:46:44116560----a-w-c:\windows\system32\drivers\bdfndisf.sys
    2012-11-13 01:11:1166392----a-w-c:\windows\system32\drivers\bdsandbox.sys
    2012-11-02 21:17:14242504----a-w-c:\windows\system32\drivers\avchv.sys
    2012-10-31 20:13:10343456----a-w-c:\windows\system32\drivers\trufos.sys
    2012-10-04 21:30:05162976----a-w-c:\windows\system32\drivers\gzflt.sys
    2012-06-02 22:19:4422040----a-w-c:\windows\system32\wucltui.dll.mui
    2012-06-02 22:19:38219160----a-w-c:\windows\system32\wuaucpl.cpl
    2012-06-02 22:19:3815384----a-w-c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 22:19:3415384----a-w-c:\windows\system32\wuapi.dll.mui
    2012-06-02 22:19:3017944----a-w-c:\windows\system32\wuaueng.dll.mui
    2012-04-17 21:40:2272704----a-w-c:\windows\system32\drivers\bdvedisk.sys
    2011-09-26 17:41:20220160----a-w-c:\windows\system32\oleacc.dll
    2011-09-26 17:41:1420480----a-w-c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12:13599040----a-w-c:\windows\system32\crypt32.dll
    2011-09-06 13:20:511858944----a-w-c:\windows\system32\win32k.sys
    2011-08-22 23:48:55916480----a-w-c:\windows\system32\wininet.dll
    2011-08-22 23:48:5443520----a-w-c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:541469440----a-w-c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39385024----a-w-c:\windows\system32\html.iec
    2011-08-17 13:49:54138496----a-w-c:\windows\system32\drivers\afd.sys
    2011-07-15 13:29:31456320----a-w-c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:0010496----a-w-c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10:36139656----a-w-c:\windows\system32\drivers\rdpwd.sys
    2011-06-20 17:44:52293376----a-w-c:\windows\system32\winsrv.dll
    2011-05-10 15:06:084517664----a-w-c:\windows\system32\usbaaplrc.dll
    2011-05-10 15:06:0842496----a-w-c:\windows\system32\drivers\usbaapl.sys
    2011-05-02 15:31:52692736----a-w-c:\windows\system32\inetcomm.dll
    2011-04-29 17:25:27151552----a-w-c:\windows\system32\schannel.dll
    2011-04-26 11:07:5033280----a-w-c:\windows\system32\csrsrv.dll
    2011-04-21 13:37:43105472----a-w-c:\windows\system32\drivers\mup.sys
    2011-04-12 03:48:57168448----a-w-c:\windows\system32\drivers\tifm21.sys
    2011-04-12 03:32:379410048----a-w-c:\windows\system32\RTLCPL.exe
    2011-04-12 03:32:3777824----a-w-c:\windows\soundman.exe
    2011-04-12 03:32:37156672----a-w-c:\windows\system32\RTLCPAPI.dll
    2011-04-12 03:32:3618751488----a-w-c:\windows\system32\alsndmgr.cpl
    2011-04-12 03:32:342324480----a-w-c:\windows\system32\drivers\ALCXWDM.SYS
    2011-04-12 03:32:3140960----a-w-c:\windows\system32\ChCfg.exe
    2011-04-12 03:32:31294912----a-w-c:\windows\alcupd.exe
    2011-04-12 03:32:31200704----a-w-c:\windows\alcrmv.exe
    2011-04-12 03:30:1888358----a-w-c:\windows\agrsmmsg.exe
    2011-04-12 03:30:1877824----a-w-c:\windows\system32\tosmreg.exe
    2011-04-12 03:30:1864512------w-c:\windows\agrsmdel.exe
    2011-04-12 03:30:1845056----a-w-c:\windows\system32\csellang.dll
    2011-04-12 03:30:18110592----a-w-c:\windows\system32\cselect.exe
    2011-04-12 03:30:181066278----a-w-c:\windows\system32\drivers\AGRSM.sys
    2011-03-04 06:37:06420864----a-w-c:\windows\system32\vbscript.dll
    2011-02-19 07:40:50773968----a-w-c:\windows\system32\msvcr100.dll
    2011-02-17 13:18:03357888----a-w-c:\windows\system32\drivers\srv.sys
    2011-02-15 12:56:39290432----a-w-c:\windows\system32\atmfd.dll
    2011-02-09 13:53:52270848----a-w-c:\windows\system32\sbe.dll
    2011-02-09 13:53:52186880----a-w-c:\windows\system32\encdec.dll
    2011-02-08 13:33:55978944----a-w-c:\windows\system32\mfc42.dll
    2011-02-08 13:33:55974848----a-w-c:\windows\system32\mfc42u.dll
    2011-02-02 07:58:352067456----a-w-c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06677888----a-w-c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37439296----a-w-c:\windows\system32\shimgvw.dll
    2010-12-22 12:34:28301568----a-w-c:\windows\system32\kerberos.dll
    2010-12-20 17:32:15551936----a-w-c:\windows\system32\oleaut32.dll
    2010-12-20 17:26:00730112----a-w-c:\windows\system32\lsasrv.dll
    2010-12-09 15:15:09718336----a-w-c:\windows\system32\ntdll.dll
    2010-12-09 13:38:472192768----a-w-c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07:052069376----a-w-c:\windows\system32\ntkrnlpa.exe
    2010-12-03 06:16:40147318048----a-w-C:\avg201132bit.exe
    2010-11-18 18:12:4481920----a-w-c:\windows\system32\isign32.dll
    2010-11-12 00:44:5494208----a-w-c:\windows\system32\dpl100.dll
    2010-11-09 14:52:35249856----a-w-c:\windows\system32\odbc32.dll
    2010-11-08 22:57:04353592----a-w-c:\windows\system32\DivXControlPanelApplet.cpl
    2010-11-02 15:17:0240960----a-w-c:\windows\system32\drivers\ndproxy.sys
    2010-09-18 06:53:25954368----a-w-c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25953856----a-w-c:\windows\system32\mfc40u.dll
    2010-08-27 08:02:29119808----a-w-c:\windows\system32\t2embed.dll
    2010-08-27 05:57:4399840----a-w-c:\windows\system32\srvsvc.dll
    2010-08-23 16:12:04617472----a-w-c:\windows\system32\comctl32.dll
    2010-08-17 13:17:0658880----a-w-c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00590848----a-w-c:\windows\system32\rpcrt4.dll
    2010-07-16 12:05:551288192----a-w-c:\windows\system32\ole32.dll
    2010-07-12 18:36:109200------w-c:\windows\system32\drivers\cdralw2k.sys
    2010-07-12 18:36:109072------w-c:\windows\system32\drivers\cdr4_xp.sys
    2010-07-12 18:36:1045648------w-c:\windows\system32\drivers\PxHelp20.sys
    2010-07-12 18:36:10133616------w-c:\windows\system32\pxafs.dll
    2010-07-12 18:36:10126448------w-c:\windows\system32\pxinsi64.exe
    2010-07-12 18:36:10123888------w-c:\windows\system32\pxcpyi64.exe
    2010-06-17 14:03:0080384----a-w-c:\windows\system32\iccvid.dll
    2010-06-15 16:17:24143422----a-w-c:\windows\system32\l3codecx.ax
    2010-06-14 14:31:20744448----a-w-c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41:451172480----a-w-c:\windows\system32\msxml3.dll
    2010-06-02 11:55:3074072----a-w-c:\windows\system32\XAPOFX1_5.dll
    2010-06-02 11:55:30527192----a-w-c:\windows\system32\XAudio2_7.dll
    2010-06-02 11:55:30239960----a-w-c:\windows\system32\xactengine3_7.dll
    2010-05-26 18:41:02470880----a-w-c:\windows\system32\d3dx10_43.dll
    2010-05-26 18:41:02248672----a-w-c:\windows\system32\d3dx11_43.dll
    2010-05-26 18:41:022106216----a-w-c:\windows\system32\D3DCompiler_43.dll
    2010-05-26 18:41:021998168----a-w-c:\windows\system32\D3DX9_43.dll
    2010-05-26 18:41:021868128----a-w-c:\windows\system32\d3dcsx_43.dll
    2010-05-06 19:33:4216883056----a-w-C:\IE8-WindowsXP-x86-ENU.exe
    2010-04-16 15:36:56406016----a-w-c:\windows\system32\usp10.dll
    2010-04-05 18:54:04384512----a-w-c:\windows\system32\mp4sdmod.dll
    2010-03-30 07:52:26262416----a-w-c:\windows\system32\mpg4ds32.ax
    .
    ============= FINISH: 8:13:51.59 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/04/2011 12:59:05 AM
    System Uptime: 02/01/2005 12:47:02 AM (8 hours ago)
    .
    Motherboard: TOSHIBA | | HTW00
    Processor: Intel(R) Pentium(R) M processor 1.73GHz | U1 | 1729/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 61.947 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Mass Storage Controller
    Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_FF051179&REV_00\4&AD1B67F&0&23F0
    Manufacturer:
    Name: Mass Storage Controller
    PNP Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_FF051179&REV_00\4&AD1B67F&0&23F0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP30: 05/10/2011 10:52:21 PM - Software Distribution Service 3.0
    RP31: 06/10/2011 11:58:32 AM - Shaw Internet `
    RP32: 06/10/2011 5:06:42 PM - Removed AVG 2011
    RP33: 06/10/2011 5:08:33 PM - Removed AVG 2011
    RP34: 06/10/2011 5:12:19 PM - psc 9.01 build 105 Installation
    RP35: 06/10/2011 5:50:29 PM - Removed Safari
    RP36: 07/10/2011 1:02:56 PM - Software Distribution Service 3.0
    RP37: 08/10/2011 7:21:53 PM - System Checkpoint
    RP38: 11/10/2011 5:02:13 PM - System Checkpoint
    RP39: 12/10/2011 3:00:39 AM - Software Distribution Service 3.0
    RP40: 13/10/2011 11:29:32 AM - Installed Adobe Reader X (10.1.1).
    RP41: 14/10/2011 11:29:56 AM - System Checkpoint
    RP42: 15/10/2011 10:50:11 PM - System Checkpoint
    RP43: 19/10/2011 9:51:20 PM - System Checkpoint
    RP44: 20/10/2011 1:30:48 PM - Installed Invoice2go 5.0.
    RP45: 20/10/2011 1:32:30 PM - Printer Driver Amyuni Document Converter 400 Installed
    RP46: 20/10/2011 2:41:37 PM - Installed BlackBerry Device Software Updater.
    RP47: 21/10/2011 6:34:54 PM - System Checkpoint
    RP48: 22/10/2011 6:47:09 PM - System Checkpoint
    RP49: 23/10/2011 7:45:41 PM - System Checkpoint
    RP50: 25/10/2011 8:56:03 AM - System Checkpoint
    RP51: 27/10/2011 1:15:04 PM - Software Distribution Service 3.0
    RP52: 27/10/2011 1:41:40 PM - Removed Skype™ 5.5
    RP53: 27/10/2011 1:42:45 PM - Removed Skype Click to Call
    RP54: 27/10/2011 2:07:24 PM - Software Distribution Service 3.0
    RP55: 27/10/2011 9:51:25 PM - Removed Skype™ 5.5
    RP56: 27/10/2011 10:48:56 PM - Removed Skype™ 5.5
    RP57: 27/10/2011 10:49:10 PM - Installed Skype™ 5.5
    RP58: 27/10/2011 11:56:26 PM - Installed Java(TM) 6 Update 29
    RP59: 29/10/2011 2:06:01 PM - System Checkpoint
    RP60: 30/10/2011 3:03:37 PM - System Checkpoint
    RP61: 31/10/2011 4:02:23 PM - System Checkpoint
    RP62: 01/01/2005 12:09:18 AM - System Checkpoint
    RP63: 01/01/2005 5:28:52 AM - Removed Ask Toolbar.
    RP64: 01/01/2005 5:32:32 AM - Removed Bonjour
    RP65: 01/01/2005 8:22:07 AM - Removed Invoice2go 5.0.
    RP66: 01/01/2005 8:25:16 AM - Removed iTunes
    RP67: 01/01/2005 8:33:26 AM - Removed MobileMe Control Panel
    RP68: 01/01/2005 8:55:35 AM - Removed Skype™ 5.5
    RP69: 01/01/2005 8:56:05 AM - Configured TIPCI
    RP70: 01/01/2005 10:17:52 PM - Installed Windows XP Wdf01009.
    .
    ==== Installed Programs ======================
    .
    AC3Filter 1.63b
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.1)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bitdefender Total Security 2013
    BlackBerry Device Software Updater
    DivX Setup
    Google Chrome
    Google Update Helper
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver for Mobile
    Intel(R) PROSet
    InterVideo WinDVD 8
    Java Auto Updater
    Java(TM) 6 Update 29
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    QuickTime
    Realtek AC'97 Audio
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    TOSHIBA Software Modem
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    WebFldrs XP
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/12/2004 11:15:38 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +264506183 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.109:123->64.4.10.33:123) is working properly.
    31/12/2004 11:15:15 PM, error: Dhcp [1002] - The IP address lease 192.168.0.11 for the Network Card with network address 00166F276477 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    31/10/2011 5:03:35 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D8E13BEB-66CC-418F-A135-C37C668EBFC7} because another computer on the network has the same name. The server could not start.
    01/01/2005 9:58:55 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    01/01/2005 9:04:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
    01/01/2005 5:33:06 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    01/01/2005 4:16:23 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
    01/01/2005 12:12:04 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
    01/01/2005 10:17:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde SASDIFSV SASKUTIL
    01/01/2005 10:14:14 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  5. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : New Account [Admin rights]
    Mode : Remove -- Date : 01/02/2005 10:17:43
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJPOL] HKLM\[...]\System : DISABLETASKMGR (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x86EE3ED1)

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK8032GSX +++++
    --- User ---
    [MBR] 3fa5b14cc376f67c90e02b22b6923742
    [BSP] 929344db08472e44a04af52b86140137 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76112 Mo
    1 - [XXXXXX] UNKNOWN (0x88) [VISIBLE] Offset (sectors): 155878695 | Size: 203 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 5dab8974467a7bdd277c749f460cd481
    [BSP] 4eb906bfa504ecf37f8bab2ab1f6b896 : MaxSS MBR Code!
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76112 Mo
    1 - [XXXXXX] UNKNOWN (0x88) [VISIBLE] Offset (sectors): 155878695 | Size: 203 Mo

    Finished : << RKreport[2]_D_01022005_02d1017.txt >>
    RKreport[1]_S_01022005_02d1015.txt ; RKreport[2]_D_01022005_02d1017.txt
     
  6. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org

    Database version: v2013.05.22.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    New Account :: CHELSEA-797BB6F [administrator]

    02/01/2005 11:24:42 AM
    mbar-log-2005-01-02 (11-24-42).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 24889
    Time elapsed: 10 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Unknown Rootkit MBR Infection) -> Delete on reboot.
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_156281488_user.mbam (Forged physical sector) -> Delete on reboot.
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_156281551_user.mbam (Forged physical sector) -> Delete on reboot.

    (end)


    I ended up doing the scan 4 times, it kept saying cleanup failed. This is the 4th mbar log

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org

    Database version: v2013.05.22.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    New Account :: CHELSEA-797BB6F [administrator]

    02/01/2005 10:58:55 PM
    mbar-log-2005-01-02 (22-58-55).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 24864
    Time elapsed: 8 minute(s), 12 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Unknown Rootkit MBR Infection) -> Delete on reboot.

    (end)


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 592642048

    ------------ Kernel report ------------
    01/02/2005 10:49:11
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    PCIIde.sys
    \WINDOWS\System32\Drivers\PCIIDEX.SYS
    intelide.sys
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    avc3.sys
    gzflt.sys
    trufos.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ialmnt5.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\RTL8139.SYS
    \SystemRoot\system32\DRIVERS\w29n51.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\drivers\ALCXWDM.SYS
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\avchv.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\Drivers\wdf01000.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\system32\DRIVERS\bdvedisk.sys
    \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
    \SystemRoot\System32\Drivers\Udfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ialmdnt5.dll
    \SystemRoot\System32\ialmrnt5.dll
    \SystemRoot\System32\ialmdev5.DLL
    \SystemRoot\System32\ialmdd5.DLL
    \SystemRoot\system32\DRIVERS\avckf.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \??\C:\WINDOWS\system32\drivers\TrueSight.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86f6cab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
    Lower Device Object: 0xffffffff86f04b00
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.05.22.02
    Downloaded database version: v2013.05.14.03
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86f6cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86f3e900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86f6cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f04b00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe1124268, 0xffffffff86f6cab8, 0xffffffff85127308
    Lower DeviceData: 0xffffffffe1307358, 0xffffffff86f04b00, 0xffffffff851919a0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    MBR buffers are not equal
    MBR is forged! [b076b5afbb15b32b3fb554fe2375283f]
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B37DB37D

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 155878632
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x88)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 155878695 Numsec = 417690

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    failed to create file C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_rep.mbam - 32
    Replacement MBR for a drive 0 found
    MBR infection found on drive 0
    Disk Size: 80026361856 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
    Sectors 156281488 - 156281544 --> [Forged physical sectors]
    Sectors 156281551 - 156281743 --> [Forged physical sectors]
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 628699136

    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 451252224

    ------------ Kernel report ------------
    01/02/2005 11:47:08
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    PCIIde.sys
    \WINDOWS\System32\Drivers\PCIIDEX.SYS
    intelide.sys
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    avc3.sys
    gzflt.sys
    trufos.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ialmnt5.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\RTL8139.SYS
    \SystemRoot\system32\DRIVERS\w29n51.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\drivers\ALCXWDM.SYS
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\avchv.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\Drivers\wdf01000.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\system32\DRIVERS\bdvedisk.sys
    \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
    \SystemRoot\System32\Drivers\Udfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ialmdnt5.dll
    \SystemRoot\System32\ialmrnt5.dll
    \SystemRoot\System32\ialmdev5.DLL
    \SystemRoot\System32\ialmdd5.DLL
    \SystemRoot\system32\DRIVERS\avckf.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86f6cab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
    Lower Device Object: 0xffffffff86f04b00
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86f6cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86f3e900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86f6cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f04b00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe16ff8c8, 0xffffffff86f6cab8, 0xffffffff851aa2e8
    Lower DeviceData: 0xffffffffe13bf3c0, 0xffffffff86f04b00, 0xffffffff851e06e8
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    MBR buffers are not equal
    MBR is forged! [b076b5afbb15b32b3fb554fe2375283f]
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B37DB37D

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 155878632
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x88)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 155878695 Numsec = 417690

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    failed to create file C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_rep.mbam - 32
    Replacement MBR for a drive 0 found
    MBR infection found on drive 0
    Disk Size: 80026361856 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal successful. No system shutdown is required.
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 657940480

    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 601878528

    ------------ Kernel report ------------
    01/02/2005 22:36:26
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    PCIIde.sys
    \WINDOWS\System32\Drivers\PCIIDEX.SYS
    intelide.sys
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    avc3.sys
    gzflt.sys
    trufos.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ialmnt5.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\RTL8139.SYS
    \SystemRoot\system32\DRIVERS\w29n51.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\drivers\ALCXWDM.SYS
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\avchv.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\Drivers\wdf01000.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\bdvedisk.sys
    \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
    \SystemRoot\System32\Drivers\Udfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ialmdnt5.dll
    \SystemRoot\System32\ialmrnt5.dll
    \SystemRoot\System32\ialmdev5.DLL
    \SystemRoot\System32\ialmdd5.DLL
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\avckf.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86f03ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
    Lower Device Object: 0xffffffff86f82b00
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.05.22.03
    Downloaded database version: v2013.05.22.04
    Downloaded database version: v2013.05.22.05
    Downloaded database version: v2013.05.22.06
    Downloaded database version: v2013.05.22.07
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86f03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86f46240, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86f03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f82b00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe27977e8, 0xffffffff86f03ab8, 0xffffffff8526b270
    Lower DeviceData: 0xffffffffe11b6800, 0xffffffff86f82b00, 0xffffffff865689c0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    MBR buffers are not equal
    MBR is forged! [b076b5afbb15b32b3fb554fe2375283f]
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B37DB37D

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 155878632
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x88)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 155878695 Numsec = 417690

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    failed to create file C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_rep.mbam - 32
    Replacement MBR for a drive 0 found
    MBR infection found on drive 0
    Disk Size: 80026361856 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal successful. No system shutdown is required.
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 677732352

    ------------ Kernel report ------------
    01/02/2005 22:50:29
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    PCIIde.sys
    \WINDOWS\System32\Drivers\PCIIDEX.SYS
    intelide.sys
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    avc3.sys
    gzflt.sys
    trufos.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ialmnt5.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\RTL8139.SYS
    \SystemRoot\system32\DRIVERS\w29n51.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\drivers\ALCXWDM.SYS
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\avchv.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\Drivers\wdf01000.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\bdvedisk.sys
    \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
    \SystemRoot\System32\Drivers\Udfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ialmdnt5.dll
    \SystemRoot\System32\ialmrnt5.dll
    \SystemRoot\System32\ialmdev5.DLL
    \SystemRoot\System32\ialmdd5.DLL
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\avckf.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86f03ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
    Lower Device Object: 0xffffffff86f82b00
    Lower Device Driver Name: \Driver\atapi\
    Device already Exists: 0xffffffff865689c0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86f03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86f46240, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86f03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f82b00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe1308970, 0xffffffff86f03ab8, 0xffffffff8526b270
    Lower DeviceData: 0xffffffffe1179330, 0xffffffff86f82b00, 0xffffffff865689c0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    MBR buffers are not equal
    MBR is forged! [b076b5afbb15b32b3fb554fe2375283f]
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B37DB37D

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 155878632
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x88)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 155878695 Numsec = 417690

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    failed to create file C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_rep.mbam - 32
    Replacement MBR for a drive 0 found
    MBR infection found on drive 0
    Disk Size: 80026361856 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal successful. No system shutdown is required.
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 602517504

    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 604958720

    ------------ Kernel report ------------
    01/03/2005 02:07:38
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    PCIIde.sys
    \WINDOWS\System32\Drivers\PCIIDEX.SYS
    intelide.sys
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    avc3.sys
    gzflt.sys
    trufos.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ialmnt5.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\RTL8139.SYS
    \SystemRoot\system32\DRIVERS\w29n51.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\drivers\ALCXWDM.SYS
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\avchv.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\Drivers\wdf01000.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\bdvedisk.sys
    \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
    \SystemRoot\System32\Drivers\Udfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ialmdnt5.dll
    \SystemRoot\System32\ialmrnt5.dll
    \SystemRoot\System32\ialmdev5.DLL
    \SystemRoot\System32\ialmdd5.DLL
    \SystemRoot\system32\DRIVERS\avckf.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86f03ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
    Lower Device Object: 0xffffffff86f82b00
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.05.22.08
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86f03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86f46240, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86f03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f82b00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe2817198, 0xffffffff86f03ab8, 0xffffffff852b8538
    Lower DeviceData: 0xffffffffe2a54358, 0xffffffff86f82b00, 0xffffffff85341360
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    MBR buffers are not equal
    MBR is forged! [b076b5afbb15b32b3fb554fe2375283f]
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B37DB37D

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 155878632
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x88)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 155878695 Numsec = 417690

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Replacement MBR for a drive 0 found
    MBR infection found on drive 0
    Disk Size: 80026361856 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
    Done!
    Performing system, memory and registry scan...
    Scan Interrupted
    Done!
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  8. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    After I did the tds skiller scan and it reboot. the only thing I have on my screen is the back ground pic and a cmd.exe box.
     
  9. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    And its asking if I want to run a file. Name: C2907856-A9C8-4609-8B92-66576B3CFEF8.EXE
    Publisher: Kaspersky Lab.
    Do I run this?
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Yes, TDSSKiller is made by Kaspersky.
     
  11. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    07:30:23.0687 2260 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    07:30:24.0687 2260 ============================================================
    07:30:24.0687 2260 Current date / time: 2005/01/03 07:30:24.0687
    07:30:24.0687 2260 SystemInfo:
    07:30:24.0687 2260
    07:30:24.0687 2260 OS Version: 5.1.2600 ServicePack: 3.0
    07:30:24.0687 2260 Product type: Workstation
    07:30:24.0687 2260 ComputerName: CHELSEA-797BB6F
    07:30:24.0687 2260 UserName: New Account
    07:30:24.0687 2260 Windows directory: C:\WINDOWS
    07:30:24.0687 2260 System windows directory: C:\WINDOWS
    07:30:24.0687 2260 Processor architecture: Intel x86
    07:30:24.0687 2260 Number of processors: 1
    07:30:24.0687 2260 Page size: 0x1000
    07:30:24.0687 2260 Boot type: Normal boot
    07:30:24.0687 2260 ============================================================
    07:30:27.0484 2260 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    07:30:27.0484 2260 ============================================================
    07:30:27.0484 2260 \Device\Harddisk0\DR0:
    07:30:27.0484 2260 MBR partitions:
    07:30:27.0484 2260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94A84E8
    07:30:27.0484 2260 ============================================================
    07:30:27.0515 2260 C: <-> \Device\Harddisk0\DR0\Partition1
    07:30:27.0515 2260 ============================================================
    07:30:27.0515 2260 Initialize success
    07:30:27.0515 2260 ============================================================
    07:30:39.0625 0808 ============================================================
    07:30:39.0625 0808 Scan started
    07:30:39.0625 0808 Mode: Manual;
    07:30:39.0625 0808 ============================================================
    07:30:40.0281 0808 ================ Scan system memory ========================
    07:30:40.0281 0808 System memory - ok
    07:30:40.0281 0808 ================ Scan services =============================
    07:30:40.0359 0808 Abiosdsk - ok
    07:30:40.0359 0808 abp480n5 - ok
    07:30:40.0437 0808 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    07:30:40.0437 0808 ACPI - ok
    07:30:40.0484 0808 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    07:30:40.0484 0808 ACPIEC - ok
    07:30:40.0484 0808 adpu160m - ok
    07:30:40.0531 0808 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    07:30:40.0531 0808 aec - ok
    07:30:40.0593 0808 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    07:30:40.0593 0808 AFD - ok
    07:30:40.0703 0808 [ 029E01CB2938BEC5AF31BF47B6AF0159 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    07:30:40.0765 0808 AgereSoftModem - ok
    07:30:40.0765 0808 Aha154x - ok
    07:30:40.0781 0808 aic78u2 - ok
    07:30:40.0781 0808 aic78xx - ok
    07:30:40.0953 0808 [ 35045A23957A71BA649740741E69408C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    07:30:41.0000 0808 ALCXWDM - ok
    07:30:41.0031 0808 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    07:30:41.0031 0808 Alerter - ok
    07:30:41.0078 0808 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    07:30:41.0078 0808 ALG - ok
    07:30:41.0093 0808 AliIde - ok
    07:30:41.0093 0808 amsint - ok
    07:30:41.0250 0808 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    07:30:41.0250 0808 Apple Mobile Device - ok
    07:30:41.0265 0808 AppMgmt - ok
    07:30:41.0328 0808 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    07:30:41.0343 0808 Arp1394 - ok
    07:30:41.0343 0808 asc - ok
    07:30:41.0359 0808 asc3350p - ok
    07:30:41.0359 0808 asc3550 - ok
    07:30:41.0421 0808 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    07:30:41.0421 0808 AsyncMac - ok
    07:30:41.0468 0808 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    07:30:41.0468 0808 atapi - ok
    07:30:41.0468 0808 Atdisk - ok
    07:30:41.0500 0808 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    07:30:41.0515 0808 Atmarpc - ok
    07:30:41.0546 0808 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    07:30:41.0546 0808 AudioSrv - ok
    07:30:41.0593 0808 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    07:30:41.0593 0808 audstub - ok
    07:30:41.0656 0808 [ B5B8FC2C4D520F1F1EED52A980ED5091 ] avc3 C:\WINDOWS\system32\DRIVERS\avc3.sys
    07:30:41.0671 0808 avc3 - ok
    07:30:41.0750 0808 [ 7F9B99B564E7C9FBB6729ED95B5BBB24 ] avchv C:\WINDOWS\system32\DRIVERS\avchv.sys
    07:30:41.0750 0808 avchv - ok
    07:30:41.0781 0808 [ 818E7E029DB594DCB8D6218A7D6FA575 ] avckf C:\WINDOWS\system32\DRIVERS\avckf.sys
    07:30:41.0796 0808 avckf - ok
    07:30:41.0937 0808 [ A624841BECEE1B0FCAB28BF2E4CB317A ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
    07:30:41.0937 0808 BdDesktopParental - ok
    07:30:42.0062 0808 [ 2D05F49B14BDDE09CEBE2BB6A5E7CAAC ] Bdfndisf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    07:30:42.0062 0808 Bdfndisf - ok
    07:30:42.0109 0808 [ B6CBFC9D825BB2D955620CD4D8EF07F9 ] BDSandBox C:\WINDOWS\system32\drivers\bdsandbox.sys
    07:30:42.0109 0808 BDSandBox - ok
    07:30:42.0171 0808 [ A7478F77584F8DB6AD74B2BBE1144886 ] bdselfpr C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
    07:30:42.0171 0808 bdselfpr - ok
    07:30:42.0234 0808 [ B82A4AE7C1259411421D2389BD1AB058 ] BDVEDISK C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
    07:30:42.0234 0808 BDVEDISK - ok
    07:30:42.0312 0808 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    07:30:42.0312 0808 Beep - ok
    07:30:42.0390 0808 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    07:30:42.0468 0808 BITS - ok
    07:30:42.0562 0808 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
    07:30:42.0562 0808 Browser - ok
    07:30:42.0609 0808 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    07:30:42.0609 0808 cbidf2k - ok
    07:30:42.0656 0808 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    07:30:42.0656 0808 CCDECODE - ok
    07:30:42.0656 0808 cd20xrnt - ok
    07:30:42.0671 0808 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    07:30:42.0671 0808 Cdaudio - ok
    07:30:42.0687 0808 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    07:30:42.0703 0808 Cdfs - ok
    07:30:42.0734 0808 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    07:30:42.0734 0808 Cdrom - ok
    07:30:42.0734 0808 Changer - ok
    07:30:42.0765 0808 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    07:30:42.0765 0808 CiSvc - ok
    07:30:42.0781 0808 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    07:30:42.0781 0808 ClipSrv - ok
    07:30:42.0812 0808 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    07:30:42.0812 0808 CmBatt - ok
    07:30:42.0828 0808 CmdIde - ok
    07:30:42.0843 0808 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    07:30:42.0843 0808 Compbatt - ok
    07:30:42.0859 0808 COMSysApp - ok
    07:30:42.0875 0808 Cpqarray - ok
    07:30:42.0890 0808 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    07:30:42.0890 0808 CryptSvc - ok
    07:30:42.0906 0808 dac2w2k - ok
    07:30:42.0906 0808 dac960nt - ok
    07:30:43.0000 0808 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    07:30:43.0015 0808 DcomLaunch - ok
    07:30:43.0062 0808 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    07:30:43.0062 0808 Dhcp - ok
    07:30:43.0078 0808 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    07:30:43.0078 0808 Disk - ok
    07:30:43.0078 0808 dmadmin - ok
    07:30:43.0140 0808 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    07:30:43.0171 0808 dmboot - ok
    07:30:43.0203 0808 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    07:30:43.0203 0808 dmio - ok
    07:30:43.0234 0808 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    07:30:43.0234 0808 dmload - ok
    07:30:43.0281 0808 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    07:30:43.0281 0808 dmserver - ok
    07:30:43.0296 0808 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    07:30:43.0312 0808 DMusic - ok
    07:30:43.0359 0808 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    07:30:43.0359 0808 Dnscache - ok
    07:30:43.0390 0808 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    07:30:43.0390 0808 Dot3svc - ok
    07:30:43.0406 0808 dpti2o - ok
    07:30:43.0437 0808 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    07:30:43.0437 0808 drmkaud - ok
    07:30:43.0468 0808 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    07:30:43.0468 0808 EapHost - ok
    07:30:43.0515 0808 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    07:30:43.0515 0808 ERSvc - ok
    07:30:43.0578 0808 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    07:30:43.0578 0808 Eventlog - ok
    07:30:43.0656 0808 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    07:30:43.0671 0808 EventSystem - ok
    07:30:43.0718 0808 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    07:30:43.0718 0808 Fastfat - ok
    07:30:43.0781 0808 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    07:30:43.0781 0808 FastUserSwitchingCompatibility - ok
    07:30:43.0828 0808 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    07:30:43.0828 0808 Fdc - ok
    07:30:43.0890 0808 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    07:30:43.0890 0808 Fips - ok
    07:30:43.0906 0808 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    07:30:43.0906 0808 Flpydisk - ok
    07:30:43.0984 0808 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    07:30:43.0984 0808 FltMgr - ok
    07:30:43.0984 0808 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    07:30:43.0984 0808 Fs_Rec - ok
    07:30:44.0062 0808 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    07:30:44.0062 0808 Ftdisk - ok
    07:30:44.0109 0808 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    07:30:44.0109 0808 Gpc - ok
    07:30:44.0171 0808 gupdate - ok
    07:30:44.0187 0808 gupdatem - ok
    07:30:44.0218 0808 [ 9C1E3F5A672EDB0831AAF3E36B6876A6 ] gzflt C:\WINDOWS\system32\DRIVERS\gzflt.sys
    07:30:44.0218 0808 gzflt - ok
    07:30:44.0296 0808 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    07:30:44.0312 0808 helpsvc - ok
    07:30:44.0312 0808 HidServ - ok
    07:30:44.0359 0808 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    07:30:44.0375 0808 hkmsvc - ok
    07:30:44.0375 0808 hpn - ok
    07:30:44.0437 0808 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    07:30:44.0437 0808 HTTP - ok
    07:30:44.0484 0808 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    07:30:44.0484 0808 HTTPFilter - ok
    07:30:44.0500 0808 i2omgmt - ok
    07:30:44.0500 0808 i2omp - ok
    07:30:44.0546 0808 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    07:30:44.0546 0808 i8042prt - ok
    07:30:44.0656 0808 [ 240D0F5D7CAAFD87BD8D801A97BBE041 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    07:30:44.0687 0808 ialm - ok
    07:30:44.0687 0808 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    07:30:44.0687 0808 Imapi - ok
    07:30:44.0734 0808 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    07:30:44.0750 0808 ImapiService - ok
    07:30:44.0765 0808 ini910u - ok
    07:30:44.0781 0808 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    07:30:44.0781 0808 IntelIde - ok
    07:30:44.0828 0808 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    07:30:44.0828 0808 intelppm - ok
    07:30:44.0843 0808 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    07:30:44.0859 0808 Ip6Fw - ok
    07:30:44.0890 0808 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    07:30:44.0890 0808 IpFilterDriver - ok
    07:30:44.0921 0808 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    07:30:44.0921 0808 IpInIp - ok
    07:30:45.0015 0808 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    07:30:45.0015 0808 IpNat - ok
    07:30:45.0062 0808 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    07:30:45.0078 0808 IPSec - ok
    07:30:45.0109 0808 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    07:30:45.0109 0808 IRENUM - ok
    07:30:45.0125 0808 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    07:30:45.0125 0808 isapnp - ok
    07:30:45.0250 0808 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    07:30:45.0250 0808 JavaQuickStarterService - ok
    07:30:45.0312 0808 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    07:30:45.0312 0808 Kbdclass - ok
    07:30:45.0375 0808 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    07:30:45.0375 0808 kmixer - ok
    07:30:45.0421 0808 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    07:30:45.0437 0808 KSecDD - ok
    07:30:45.0500 0808 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    07:30:45.0500 0808 lanmanserver - ok
    07:30:45.0562 0808 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    07:30:45.0562 0808 lanmanworkstation - ok
    07:30:45.0578 0808 lbrtfdc - ok
    07:30:45.0609 0808 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    07:30:45.0625 0808 LmHosts - ok
    07:30:45.0671 0808 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
    07:30:45.0671 0808 mbamchameleon - ok
    07:30:45.0671 0808 MBAMProtector - ok
    07:30:45.0781 0808 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    07:30:45.0781 0808 MBAMScheduler - ok
    07:30:45.0843 0808 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    07:30:45.0859 0808 MBAMService - ok
    07:30:45.0875 0808 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    07:30:45.0875 0808 Messenger - ok
    07:30:45.0921 0808 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    07:30:45.0921 0808 mnmdd - ok
    07:30:45.0968 0808 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    07:30:45.0968 0808 mnmsrvc - ok
    07:30:46.0031 0808 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    07:30:46.0031 0808 Modem - ok
    07:30:46.0031 0808 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    07:30:46.0046 0808 Mouclass - ok
    07:30:46.0093 0808 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    07:30:46.0093 0808 MountMgr - ok
    07:30:46.0109 0808 mraid35x - ok
    07:30:46.0109 0808 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    07:30:46.0125 0808 MRxDAV - ok
    07:30:46.0203 0808 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    07:30:46.0218 0808 MRxSmb - ok
    07:30:46.0265 0808 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    07:30:46.0265 0808 MSDTC - ok
    07:30:46.0281 0808 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    07:30:46.0281 0808 Msfs - ok
    07:30:46.0281 0808 MSIServer - ok
    07:30:46.0312 0808 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    07:30:46.0312 0808 MSKSSRV - ok
    07:30:46.0328 0808 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    07:30:46.0328 0808 MSPCLOCK - ok
    07:30:46.0359 0808 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    07:30:46.0359 0808 MSPQM - ok
    07:30:46.0390 0808 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    07:30:46.0390 0808 mssmbios - ok
    07:30:46.0437 0808 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    07:30:46.0437 0808 MSTEE - ok
    07:30:46.0500 0808 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    07:30:46.0500 0808 Mup - ok
    07:30:46.0531 0808 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    07:30:46.0546 0808 NABTSFEC - ok
    07:30:46.0625 0808 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    07:30:46.0625 0808 napagent - ok
    07:30:46.0687 0808 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    07:30:46.0687 0808 NDIS - ok
    07:30:46.0718 0808 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    07:30:46.0734 0808 NdisIP - ok
    07:30:46.0765 0808 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    07:30:46.0765 0808 NdisTapi - ok
    07:30:46.0812 0808 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    07:30:46.0812 0808 Ndisuio - ok
    07:30:46.0828 0808 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    07:30:46.0828 0808 NdisWan - ok
    07:30:46.0890 0808 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    07:30:46.0890 0808 NDProxy - ok
    07:30:46.0906 0808 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    07:30:46.0906 0808 NetBIOS - ok
    07:30:46.0937 0808 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    07:30:46.0937 0808 NetBT - ok
    07:30:46.0984 0808 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    07:30:46.0984 0808 NetDDE - ok
    07:30:47.0000 0808 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    07:30:47.0000 0808 NetDDEdsdm - ok
    07:30:47.0046 0808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    07:30:47.0046 0808 Netlogon - ok
    07:30:47.0109 0808 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    07:30:47.0125 0808 Netman - ok
    07:30:47.0218 0808 [ 25D4FD2151185172B6643C94F34F36BE ] NetSvc C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    07:30:47.0234 0808 NetSvc - ok
    07:30:47.0265 0808 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    07:30:47.0265 0808 NIC1394 - ok
    07:30:47.0328 0808 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    07:30:47.0343 0808 Nla - ok
    07:30:47.0390 0808 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    07:30:47.0406 0808 Npfs - ok
    07:30:47.0468 0808 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    07:30:47.0484 0808 Ntfs - ok
    07:30:47.0500 0808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    07:30:47.0500 0808 NtLmSsp - ok
    07:30:47.0546 0808 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    07:30:47.0546 0808 NtmsSvc - ok
    07:30:47.0578 0808 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    07:30:47.0578 0808 Null - ok
    07:30:47.0625 0808 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    07:30:47.0625 0808 NwlnkFlt - ok
    07:30:47.0625 0808 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    07:30:47.0640 0808 NwlnkFwd - ok
    07:30:47.0640 0808 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    07:30:47.0640 0808 ohci1394 - ok
    07:30:47.0718 0808 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    07:30:47.0734 0808 ose - ok
    07:30:47.0781 0808 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    07:30:47.0781 0808 Parport - ok
    07:30:47.0781 0808 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    07:30:47.0796 0808 PartMgr - ok
    07:30:47.0828 0808 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    07:30:47.0828 0808 ParVdm - ok
    07:30:47.0859 0808 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    07:30:47.0875 0808 PCI - ok
    07:30:47.0875 0808 PCIDump - ok
    07:30:47.0890 0808 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
    07:30:47.0890 0808 PCIIde - ok
    07:30:47.0921 0808 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    07:30:47.0921 0808 Pcmcia - ok
    07:30:47.0937 0808 PDCOMP - ok
    07:30:47.0937 0808 PDFRAME - ok
    07:30:47.0953 0808 PDRELI - ok
    07:30:47.0953 0808 PDRFRAME - ok
    07:30:47.0968 0808 perc2 - ok
    07:30:47.0968 0808 perc2hib - ok
    07:30:48.0046 0808 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    07:30:48.0046 0808 PlugPlay - ok
    07:30:48.0062 0808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    07:30:48.0062 0808 PolicyAgent - ok
    07:30:48.0078 0808 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    07:30:48.0093 0808 PptpMiniport - ok
    07:30:48.0093 0808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    07:30:48.0093 0808 ProtectedStorage - ok
    07:30:48.0109 0808 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    07:30:48.0109 0808 PSched - ok
    07:30:48.0171 0808 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    07:30:48.0171 0808 Ptilink - ok
    07:30:48.0203 0808 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    07:30:48.0203 0808 PxHelp20 - ok
    07:30:48.0218 0808 ql1080 - ok
    07:30:48.0218 0808 Ql10wnt - ok
    07:30:48.0234 0808 ql12160 - ok
    07:30:48.0234 0808 ql1240 - ok
    07:30:48.0250 0808 ql1280 - ok
    07:30:48.0281 0808 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    07:30:48.0281 0808 RasAcd - ok
    07:30:48.0312 0808 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    07:30:48.0312 0808 RasAuto - ok
    07:30:48.0359 0808 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    07:30:48.0359 0808 Rasl2tp - ok
    07:30:48.0421 0808 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    07:30:48.0421 0808 RasMan - ok
    07:30:48.0437 0808 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    07:30:48.0437 0808 RasPppoe - ok
    07:30:48.0437 0808 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    07:30:48.0453 0808 Raspti - ok
    07:30:48.0484 0808 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    07:30:48.0500 0808 Rdbss - ok
    07:30:48.0500 0808 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    07:30:48.0500 0808 RDPCDD - ok
    07:30:48.0562 0808 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    07:30:48.0562 0808 RDPWD - ok
    07:30:48.0609 0808 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    07:30:48.0609 0808 RDSessMgr - ok
    07:30:48.0625 0808 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    07:30:48.0625 0808 redbook - ok
    07:30:48.0687 0808 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    07:30:48.0687 0808 RemoteAccess - ok
    07:30:48.0718 0808 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    07:30:48.0718 0808 RpcLocator - ok
    07:30:48.0781 0808 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    07:30:48.0781 0808 RpcSs - ok
    07:30:48.0828 0808 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    07:30:48.0843 0808 RSVP - ok
    07:30:48.0875 0808 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    07:30:48.0875 0808 rtl8139 - ok
    07:30:48.0906 0808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    07:30:48.0906 0808 SamSs - ok
    07:30:48.0968 0808 SASDIFSV - ok
    07:30:48.0984 0808 SASKUTIL - ok
    07:30:49.0031 0808 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    07:30:49.0046 0808 SCardSvr - ok
    07:30:49.0093 0808 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    07:30:49.0109 0808 Schedule - ok
    07:30:49.0156 0808 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
    07:30:49.0171 0808 sdbus - ok
    07:30:49.0203 0808 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    07:30:49.0203 0808 Secdrv - ok
    07:30:49.0234 0808 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    07:30:49.0234 0808 seclogon - ok
    07:30:49.0265 0808 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    07:30:49.0265 0808 SENS - ok
    07:30:49.0281 0808 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    07:30:49.0296 0808 Serial - ok
    07:30:49.0312 0808 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    07:30:49.0328 0808 Sfloppy - ok
    07:30:49.0390 0808 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    07:30:49.0406 0808 SharedAccess - ok
    07:30:49.0437 0808 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    07:30:49.0437 0808 ShellHWDetection - ok
    07:30:49.0453 0808 Simbad - ok
    07:30:49.0484 0808 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    07:30:49.0484 0808 SLIP - ok
    07:30:49.0484 0808 Sparrow - ok
    07:30:49.0515 0808 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    07:30:49.0515 0808 splitter - ok
    07:30:49.0578 0808 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    07:30:49.0593 0808 Spooler - ok
    07:30:49.0640 0808 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    07:30:49.0640 0808 sr - ok
    07:30:49.0703 0808 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    07:30:49.0718 0808 srservice - ok
    07:30:49.0781 0808 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    07:30:49.0796 0808 Srv - ok
    07:30:49.0828 0808 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    07:30:49.0843 0808 SSDPSRV - ok
    07:30:49.0906 0808 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    07:30:49.0921 0808 stisvc - ok
    07:30:49.0968 0808 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    07:30:49.0968 0808 streamip - ok
    07:30:50.0015 0808 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    07:30:50.0015 0808 swenum - ok
    07:30:50.0062 0808 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    07:30:50.0062 0808 swmidi - ok
    07:30:50.0078 0808 SwPrv - ok
    07:30:50.0093 0808 symc810 - ok
    07:30:50.0093 0808 symc8xx - ok
    07:30:50.0109 0808 sym_hi - ok
    07:30:50.0109 0808 sym_u3 - ok
    07:30:50.0171 0808 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    07:30:50.0171 0808 sysaudio - ok
    07:30:50.0203 0808 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    07:30:50.0203 0808 SysmonLog - ok
    07:30:50.0250 0808 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    07:30:50.0265 0808 TapiSrv - ok
    07:30:50.0328 0808 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    07:30:50.0343 0808 Tcpip - ok
    07:30:50.0375 0808 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    07:30:50.0390 0808 TDPIPE - ok
    07:30:50.0406 0808 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    07:30:50.0421 0808 TDTCP - ok
    07:30:50.0453 0808 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    07:30:50.0453 0808 TermDD - ok
    07:30:50.0531 0808 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    07:30:50.0546 0808 TermService - ok
    07:30:50.0578 0808 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    07:30:50.0578 0808 Themes - ok
    07:30:50.0640 0808 [ F779BA4CD37963AB4600C9871B7752A3 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
    07:30:50.0656 0808 tifm21 - ok
    07:30:50.0656 0808 TosIde - ok
    07:30:50.0671 0808 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    07:30:50.0687 0808 TrkWks - ok
    07:30:50.0718 0808 [ F2AEE22231046CAD8D2F94D2C0F9BEFB ] trufos C:\WINDOWS\system32\DRIVERS\trufos.sys
    07:30:50.0718 0808 trufos - ok
    07:30:50.0734 0808 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    07:30:50.0734 0808 Udfs - ok
    07:30:50.0750 0808 ultra - ok
    07:30:50.0828 0808 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    07:30:50.0828 0808 Update - ok
    07:30:50.0890 0808 [ 1C5835420F2A8F6D683FD6BDFFA2FFDD ] UPDATESRV C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
    07:30:50.0890 0808 UPDATESRV - ok
    07:30:50.0937 0808 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    07:30:50.0968 0808 upnphost - ok
    07:30:50.0984 0808 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    07:30:51.0000 0808 UPS - ok
    07:30:51.0031 0808 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    07:30:51.0031 0808 USBAAPL - ok
    07:30:51.0078 0808 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    07:30:51.0078 0808 usbaudio - ok
    07:30:51.0093 0808 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    07:30:51.0093 0808 usbccgp - ok
    07:30:51.0125 0808 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    07:30:51.0125 0808 usbehci - ok
    07:30:51.0156 0808 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    07:30:51.0156 0808 usbhub - ok
    07:30:51.0187 0808 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    07:30:51.0203 0808 usbscan - ok
    07:30:51.0234 0808 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    07:30:51.0234 0808 USBSTOR - ok
    07:30:51.0265 0808 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    07:30:51.0265 0808 usbuhci - ok
    07:30:51.0312 0808 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    07:30:51.0312 0808 usbvideo - ok
    07:30:51.0312 0808 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    07:30:51.0328 0808 VgaSave - ok
    07:30:51.0328 0808 ViaIde - ok
    07:30:51.0359 0808 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    07:30:51.0359 0808 VolSnap - ok
    07:30:51.0421 0808 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    07:30:51.0437 0808 VSS - ok
    07:30:51.0546 0808 [ F92F8B40FA98A631ADAA772ABA7FA7EE ] VSSERV C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
    07:30:51.0578 0808 VSSERV - ok
    07:30:51.0750 0808 [ EFFAB2168B92025BF9A028461E029687 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
    07:30:51.0796 0808 w29n51 - ok
    07:30:51.0875 0808 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    07:30:51.0875 0808 W32Time - ok
    07:30:51.0937 0808 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    07:30:51.0937 0808 Wanarp - ok
    07:30:52.0015 0808 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    07:30:52.0031 0808 Wdf01000 - ok
    07:30:52.0046 0808 WDICA - ok
    07:30:52.0078 0808 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    07:30:52.0078 0808 wdmaud - ok
    07:30:52.0140 0808 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    07:30:52.0140 0808 WebClient - ok
    07:30:52.0250 0808 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    07:30:52.0250 0808 winmgmt - ok
    07:30:52.0296 0808 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
    07:30:52.0312 0808 WmdmPmSN - ok
    07:30:52.0359 0808 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    07:30:52.0375 0808 WmiApSrv - ok
    07:30:52.0437 0808 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    07:30:52.0437 0808 wscsvc - ok
    07:30:52.0468 0808 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    07:30:52.0468 0808 WSTCODEC - ok
    07:30:52.0484 0808 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    07:30:52.0515 0808 wuauserv - ok
    07:30:52.0578 0808 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    07:30:52.0593 0808 WZCSVC - ok
    07:30:52.0625 0808 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    07:30:52.0625 0808 xmlprov - ok
    07:30:52.0656 0808 ================ Scan global ===============================
    07:30:52.0703 0808 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    07:30:52.0718 0808 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
    07:30:52.0734 0808 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
    07:30:52.0750 0808 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    07:30:52.0750 0808 [Global] - ok
    07:30:52.0765 0808 ================ Scan MBR ==================================
    07:30:52.0796 0808 [ 6F9A1D528242BC09104B85E0BECF5554 ] \Device\Harddisk0\DR0
    07:30:52.0796 0808 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    07:30:52.0812 0808 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
    07:30:52.0812 0808 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
    07:30:52.0812 0808 ================ Scan VBR ==================================
    07:30:52.0812 0808 [ A7C786328556EDF741107C9E4E753654 ] \Device\Harddisk0\DR0\Partition1
    07:30:52.0828 0808 \Device\Harddisk0\DR0\Partition1 - ok
    07:30:52.0828 0808 ============================================================
    07:30:52.0828 0808 Scan finished
    07:30:52.0828 0808 ============================================================
    07:30:52.0828 1764 Detected object count: 1
    07:30:52.0828 1764 Actual detected object count: 1
    07:31:00.0562 1764 \Device\Harddisk0\DR0\# - copied to quarantine
    07:31:02.0828 1764 \Device\Harddisk0\DR0 - copied to quarantine
    07:31:04.0843 1764 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
    07:31:04.0890 1764 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
    07:31:04.0937 1764 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
    07:31:04.0937 1764 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
    07:31:05.0203 1764 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
    07:31:06.0390 1764 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
    07:31:07.0156 1764 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
    07:31:08.0250 1764 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
    07:31:09.0203 1764 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    07:31:10.0265 1764 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    07:31:10.0375 1764 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    07:31:11.0406 1764 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    07:31:12.0343 1764 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
    07:31:12.0390 1764 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
    07:31:12.0406 1764 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
    07:31:12.0437 1764 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
    07:31:12.0515 1764 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
    07:31:13.0437 1764 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
    07:31:13.0546 1764 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
    07:31:13.0609 1764 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
    07:31:14.0515 1764 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
    07:31:15.0734 1764 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
    07:31:15.0765 1764 \Device\Harddisk0\DR0 - ok
    07:31:18.0734 1764 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
    07:31:27.0609 2976 Deinitialize success
     
  12. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    There was 2 logs. this is the smaller one.


    07:55:26.0234 2704 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    07:55:26.0890 2704 ============================================================
    07:55:26.0890 2704 Current date / time: 2005/01/03 07:55:26.0890
    07:55:26.0890 2704 SystemInfo:
    07:55:26.0890 2704
    07:55:26.0890 2704 OS Version: 5.1.2600 ServicePack: 3.0
    07:55:26.0890 2704 Product type: Workstation
    07:55:26.0890 2704 ComputerName: CHELSEA-797BB6F
    07:55:26.0890 2704 UserName: New Account
    07:55:26.0890 2704 Windows directory: C:\WINDOWS
    07:55:26.0890 2704 System windows directory: C:\WINDOWS
    07:55:26.0890 2704 Processor architecture: Intel x86
    07:55:26.0890 2704 Number of processors: 1
    07:55:26.0890 2704 Page size: 0x1000
    07:55:26.0890 2704 Boot type: Normal boot
    07:55:26.0890 2704 ============================================================
    07:55:38.0468 2704 BG loaded
    07:55:39.0781 2704 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    07:55:39.0843 2704 ============================================================
    07:55:39.0843 2704 \Device\Harddisk0\DR0:
    07:55:39.0953 2704 MBR partitions:
    07:55:39.0953 2704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94A84E8
    07:55:39.0953 2704 ============================================================
    07:55:40.0296 2704 C: <-> \Device\Harddisk0\DR0\Partition1
    07:55:40.0296 2704 ============================================================
    07:55:40.0296 2704 Initialize success
    07:55:40.0296 2704 ============================================================
    07:58:20.0218 2320 Deinitialize success
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    OK.
    Re-run TDSSKiller one more time and then re-run MBAR.
    Post all logs.
     
  14. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    08:14:59.0890 1736 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    08:15:00.0796 1736 ============================================================
    08:15:00.0796 1736 Current date / time: 2005/01/03 08:15:00.0796
    08:15:00.0796 1736 SystemInfo:
    08:15:00.0796 1736
    08:15:00.0796 1736 OS Version: 5.1.2600 ServicePack: 3.0
    08:15:00.0796 1736 Product type: Workstation
    08:15:00.0796 1736 ComputerName: CHELSEA-797BB6F
    08:15:00.0796 1736 UserName: New Account
    08:15:00.0796 1736 Windows directory: C:\WINDOWS
    08:15:00.0796 1736 System windows directory: C:\WINDOWS
    08:15:00.0796 1736 Processor architecture: Intel x86
    08:15:00.0796 1736 Number of processors: 1
    08:15:00.0796 1736 Page size: 0x1000
    08:15:00.0796 1736 Boot type: Normal boot
    08:15:00.0796 1736 ============================================================
    08:15:03.0125 1736 BG loaded
    08:15:03.0453 1736 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    08:15:03.0453 1736 ============================================================
    08:15:03.0453 1736 \Device\Harddisk0\DR0:
    08:15:03.0453 1736 MBR partitions:
    08:15:03.0453 1736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94A84E8
    08:15:03.0453 1736 ============================================================
    08:15:03.0484 1736 C: <-> \Device\Harddisk0\DR0\Partition1
    08:15:03.0484 1736 ============================================================
    08:15:03.0484 1736 Initialize success
    08:15:03.0484 1736 ============================================================
    08:15:53.0593 3084 ============================================================
    08:15:53.0593 3084 Scan started
    08:15:53.0593 3084 Mode: Manual;
    08:15:53.0593 3084 ============================================================
    08:15:53.0812 3084 ================ Scan system memory ========================
    08:15:53.0812 3084 System memory - ok
    08:15:53.0812 3084 ================ Scan services =============================
    08:15:53.0906 3084 Abiosdsk - ok
    08:15:53.0906 3084 abp480n5 - ok
    08:15:53.0984 3084 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    08:15:54.0031 3084 ACPI - ok
    08:15:54.0062 3084 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    08:15:54.0062 3084 ACPIEC - ok
    08:15:54.0078 3084 adpu160m - ok
    08:15:54.0109 3084 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    08:15:54.0109 3084 aec - ok
    08:15:54.0187 3084 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    08:15:54.0187 3084 AFD - ok
    08:15:54.0312 3084 [ 029E01CB2938BEC5AF31BF47B6AF0159 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    08:15:54.0437 3084 AgereSoftModem - ok
    08:15:54.0453 3084 Aha154x - ok
    08:15:54.0453 3084 aic78u2 - ok
    08:15:54.0468 3084 aic78xx - ok
    08:15:54.0625 3084 [ 35045A23957A71BA649740741E69408C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    08:15:54.0671 3084 ALCXWDM - ok
    08:15:54.0718 3084 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    08:15:54.0718 3084 Alerter - ok
    08:15:54.0734 3084 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    08:15:54.0750 3084 ALG - ok
    08:15:54.0750 3084 AliIde - ok
    08:15:54.0765 3084 amsint - ok
    08:15:54.0906 3084 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    08:15:54.0921 3084 Apple Mobile Device - ok
    08:15:54.0937 3084 AppMgmt - ok
    08:15:55.0000 3084 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    08:15:55.0000 3084 Arp1394 - ok
    08:15:55.0000 3084 asc - ok
    08:15:55.0015 3084 asc3350p - ok
    08:15:55.0015 3084 asc3550 - ok
    08:15:55.0062 3084 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    08:15:55.0062 3084 AsyncMac - ok
    08:15:55.0093 3084 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    08:15:55.0093 3084 atapi - ok
    08:15:55.0109 3084 Atdisk - ok
    08:15:55.0140 3084 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    08:15:55.0140 3084 Atmarpc - ok
    08:15:55.0171 3084 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    08:15:55.0171 3084 AudioSrv - ok
    08:15:55.0218 3084 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    08:15:55.0218 3084 audstub - ok
    08:15:55.0296 3084 [ B5B8FC2C4D520F1F1EED52A980ED5091 ] avc3 C:\WINDOWS\system32\DRIVERS\avc3.sys
    08:15:55.0359 3084 avc3 - ok
    08:15:55.0421 3084 [ 7F9B99B564E7C9FBB6729ED95B5BBB24 ] avchv C:\WINDOWS\system32\DRIVERS\avchv.sys
    08:15:55.0546 3084 avchv - ok
    08:15:55.0640 3084 [ 818E7E029DB594DCB8D6218A7D6FA575 ] avckf C:\WINDOWS\system32\DRIVERS\avckf.sys
    08:15:55.0656 3084 avckf - ok
    08:15:55.0828 3084 [ A624841BECEE1B0FCAB28BF2E4CB317A ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
    08:15:55.0890 3084 BdDesktopParental - ok
    08:15:55.0984 3084 [ 2D05F49B14BDDE09CEBE2BB6A5E7CAAC ] Bdfndisf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    08:15:56.0109 3084 Bdfndisf - ok
    08:15:56.0171 3084 [ B6CBFC9D825BB2D955620CD4D8EF07F9 ] BDSandBox C:\WINDOWS\system32\drivers\bdsandbox.sys
    08:15:56.0296 3084 BDSandBox - ok
    08:15:56.0343 3084 [ A7478F77584F8DB6AD74B2BBE1144886 ] bdselfpr C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
    08:15:56.0562 3084 bdselfpr - ok
    08:15:56.0593 3084 [ B82A4AE7C1259411421D2389BD1AB058 ] BDVEDISK C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
    08:15:56.0765 3084 BDVEDISK - ok
    08:15:56.0796 3084 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    08:15:56.0796 3084 Beep - ok
    08:15:56.0890 3084 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    08:15:56.0890 3084 BITS - ok
    08:15:57.0000 3084 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
    08:15:57.0000 3084 Browser - ok
    08:15:57.0031 3084 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    08:15:57.0031 3084 cbidf2k - ok
    08:15:57.0078 3084 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    08:15:57.0187 3084 CCDECODE - ok
    08:15:57.0187 3084 cd20xrnt - ok
    08:15:57.0203 3084 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    08:15:57.0203 3084 Cdaudio - ok
    08:15:57.0250 3084 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    08:15:57.0250 3084 Cdfs - ok
    08:15:57.0312 3084 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    08:15:57.0312 3084 Cdrom - ok
    08:15:57.0328 3084 Changer - ok
    08:15:57.0359 3084 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    08:15:57.0359 3084 CiSvc - ok
    08:15:57.0375 3084 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    08:15:57.0375 3084 ClipSrv - ok
    08:15:57.0421 3084 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    08:15:57.0421 3084 CmBatt - ok
    08:15:57.0421 3084 CmdIde - ok
    08:15:57.0468 3084 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    08:15:57.0468 3084 Compbatt - ok
    08:15:57.0484 3084 COMSysApp - ok
    08:15:57.0500 3084 Cpqarray - ok
    08:15:57.0546 3084 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    08:15:57.0546 3084 CryptSvc - ok
    08:15:57.0562 3084 dac2w2k - ok
    08:15:57.0562 3084 dac960nt - ok
    08:15:57.0640 3084 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    08:15:57.0656 3084 DcomLaunch - ok
    08:15:57.0703 3084 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    08:15:57.0718 3084 Dhcp - ok
    08:15:57.0718 3084 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    08:15:57.0718 3084 Disk - ok
    08:15:57.0734 3084 dmadmin - ok
    08:15:57.0796 3084 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    08:15:57.0812 3084 dmboot - ok
    08:15:57.0843 3084 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    08:15:57.0843 3084 dmio - ok
    08:15:57.0875 3084 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    08:15:57.0875 3084 dmload - ok
    08:15:57.0890 3084 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    08:15:57.0890 3084 dmserver - ok
    08:15:57.0921 3084 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    08:15:57.0921 3084 DMusic - ok
    08:15:57.0953 3084 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    08:15:57.0953 3084 Dnscache - ok
    08:15:57.0984 3084 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    08:15:57.0984 3084 Dot3svc - ok
    08:15:58.0000 3084 dpti2o - ok
    08:15:58.0015 3084 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    08:15:58.0015 3084 drmkaud - ok
    08:15:58.0046 3084 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    08:15:58.0062 3084 EapHost - ok
    08:15:58.0093 3084 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    08:15:58.0093 3084 ERSvc - ok
    08:15:58.0140 3084 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    08:15:58.0156 3084 Eventlog - ok
    08:15:58.0203 3084 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    08:15:58.0218 3084 EventSystem - ok
    08:15:58.0250 3084 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    08:15:58.0250 3084 Fastfat - ok
    08:15:58.0312 3084 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    08:15:58.0312 3084 FastUserSwitchingCompatibility - ok
    08:15:58.0343 3084 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    08:15:58.0343 3084 Fdc - ok
    08:15:58.0406 3084 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    08:15:58.0406 3084 Fips - ok
    08:15:58.0421 3084 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    08:15:58.0421 3084 Flpydisk - ok
    08:15:58.0484 3084 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    08:15:58.0484 3084 FltMgr - ok
    08:15:58.0500 3084 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    08:15:58.0500 3084 Fs_Rec - ok
    08:15:58.0531 3084 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    08:15:58.0531 3084 Ftdisk - ok
    08:15:58.0546 3084 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    08:15:58.0546 3084 Gpc - ok
    08:15:58.0593 3084 gupdate - ok
    08:15:58.0609 3084 gupdatem - ok
    08:15:58.0640 3084 [ 9C1E3F5A672EDB0831AAF3E36B6876A6 ] gzflt C:\WINDOWS\system32\DRIVERS\gzflt.sys
    08:15:58.0703 3084 gzflt - ok
    08:15:58.0812 3084 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    08:15:58.0812 3084 helpsvc - ok
    08:15:58.0812 3084 HidServ - ok
    08:15:58.0859 3084 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    08:15:58.0859 3084 hkmsvc - ok
    08:15:58.0875 3084 hpn - ok
    08:15:58.0921 3084 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    08:15:58.0937 3084 HTTP - ok
    08:15:58.0984 3084 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    08:15:58.0984 3084 HTTPFilter - ok
    08:15:59.0000 3084 i2omgmt - ok
    08:15:59.0000 3084 i2omp - ok
    08:15:59.0062 3084 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    08:15:59.0062 3084 i8042prt - ok
    08:15:59.0171 3084 [ 240D0F5D7CAAFD87BD8D801A97BBE041 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    08:15:59.0312 3084 ialm - ok
    08:15:59.0328 3084 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    08:15:59.0328 3084 Imapi - ok
    08:15:59.0375 3084 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    08:15:59.0375 3084 ImapiService - ok
    08:15:59.0390 3084 ini910u - ok
    08:15:59.0406 3084 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    08:15:59.0406 3084 IntelIde - ok
    08:15:59.0437 3084 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    08:15:59.0437 3084 intelppm - ok
    08:15:59.0468 3084 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    08:15:59.0468 3084 Ip6Fw - ok
    08:15:59.0500 3084 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    08:15:59.0515 3084 IpFilterDriver - ok
    08:15:59.0531 3084 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    08:15:59.0531 3084 IpInIp - ok
    08:15:59.0593 3084 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    08:15:59.0593 3084 IpNat - ok
    08:15:59.0640 3084 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    08:15:59.0640 3084 IPSec - ok
    08:15:59.0671 3084 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    08:15:59.0671 3084 IRENUM - ok
    08:15:59.0687 3084 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    08:15:59.0687 3084 isapnp - ok
    08:15:59.0796 3084 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    08:15:59.0796 3084 JavaQuickStarterService - ok
    08:15:59.0828 3084 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    08:15:59.0828 3084 Kbdclass - ok
    08:15:59.0859 3084 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    08:15:59.0859 3084 kmixer - ok
    08:15:59.0906 3084 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    08:15:59.0921 3084 KSecDD - ok
    08:15:59.0984 3084 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    08:15:59.0984 3084 lanmanserver - ok
    08:16:00.0046 3084 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    08:16:00.0046 3084 lanmanworkstation - ok
    08:16:00.0062 3084 lbrtfdc - ok
    08:16:00.0109 3084 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    08:16:00.0109 3084 LmHosts - ok
    08:16:00.0125 3084 MBAMProtector - ok
    08:16:00.0218 3084 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    08:16:00.0218 3084 MBAMScheduler - ok
    08:16:00.0265 3084 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    08:16:00.0390 3084 MBAMService - ok
    08:16:00.0421 3084 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    08:16:00.0421 3084 Messenger - ok
    08:16:00.0453 3084 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    08:16:00.0453 3084 mnmdd - ok
    08:16:00.0515 3084 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    08:16:00.0515 3084 mnmsrvc - ok
    08:16:00.0562 3084 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    08:16:00.0562 3084 Modem - ok
    08:16:00.0562 3084 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    08:16:00.0562 3084 Mouclass - ok
    08:16:00.0593 3084 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    08:16:00.0593 3084 MountMgr - ok
    08:16:00.0593 3084 mraid35x - ok
    08:16:00.0609 3084 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    08:16:00.0609 3084 MRxDAV - ok
    08:16:00.0703 3084 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    08:16:00.0703 3084 MRxSmb - ok
    08:16:00.0734 3084 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    08:16:00.0750 3084 MSDTC - ok
    08:16:00.0750 3084 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    08:16:00.0750 3084 Msfs - ok
    08:16:00.0765 3084 MSIServer - ok
    08:16:00.0796 3084 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    08:16:00.0796 3084 MSKSSRV - ok
    08:16:00.0812 3084 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    08:16:00.0812 3084 MSPCLOCK - ok
    08:16:00.0828 3084 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    08:16:00.0843 3084 MSPQM - ok
    08:16:00.0875 3084 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    08:16:00.0875 3084 mssmbios - ok
    08:16:00.0906 3084 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    08:16:00.0906 3084 MSTEE - ok
    08:16:00.0953 3084 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    08:16:00.0953 3084 Mup - ok
    08:16:00.0984 3084 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    08:16:01.0046 3084 NABTSFEC - ok
    08:16:01.0125 3084 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    08:16:01.0140 3084 napagent - ok
    08:16:01.0171 3084 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    08:16:01.0187 3084 NDIS - ok
    08:16:01.0203 3084 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    08:16:01.0312 3084 NdisIP - ok
    08:16:01.0343 3084 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    08:16:01.0343 3084 NdisTapi - ok
    08:16:01.0390 3084 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    08:16:01.0406 3084 Ndisuio - ok
    08:16:01.0406 3084 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    08:16:01.0406 3084 NdisWan - ok
    08:16:01.0468 3084 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    08:16:01.0468 3084 NDProxy - ok
    08:16:01.0484 3084 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    08:16:01.0484 3084 NetBIOS - ok
    08:16:01.0515 3084 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    08:16:01.0546 3084 NetBT - ok
    08:16:01.0578 3084 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    08:16:01.0578 3084 NetDDE - ok
    08:16:01.0593 3084 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    08:16:01.0593 3084 NetDDEdsdm - ok
    08:16:01.0640 3084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    08:16:01.0640 3084 Netlogon - ok
    08:16:01.0671 3084 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    08:16:01.0687 3084 Netman - ok
    08:16:01.0796 3084 [ 25D4FD2151185172B6643C94F34F36BE ] NetSvc C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    08:16:01.0828 3084 NetSvc - ok
    08:16:01.0859 3084 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    08:16:01.0859 3084 NIC1394 - ok
    08:16:01.0937 3084 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    08:16:01.0937 3084 Nla - ok
    08:16:02.0000 3084 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    08:16:02.0000 3084 Npfs - ok
    08:16:02.0046 3084 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    08:16:02.0062 3084 Ntfs - ok
    08:16:02.0078 3084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    08:16:02.0078 3084 NtLmSsp - ok
    08:16:02.0140 3084 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    08:16:02.0156 3084 NtmsSvc - ok
    08:16:02.0187 3084 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    08:16:02.0187 3084 Null - ok
    08:16:02.0218 3084 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    08:16:02.0234 3084 NwlnkFlt - ok
    08:16:02.0234 3084 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    08:16:02.0234 3084 NwlnkFwd - ok
    08:16:02.0250 3084 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    08:16:02.0250 3084 ohci1394 - ok
    08:16:02.0328 3084 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    08:16:02.0343 3084 ose - ok
    08:16:02.0375 3084 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    08:16:02.0390 3084 Parport - ok
    08:16:02.0390 3084 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    08:16:02.0390 3084 PartMgr - ok
    08:16:02.0437 3084 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    08:16:02.0437 3084 ParVdm - ok
    08:16:02.0468 3084 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    08:16:02.0468 3084 PCI - ok
    08:16:02.0484 3084 PCIDump - ok
    08:16:02.0484 3084 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
    08:16:02.0500 3084 PCIIde - ok
    08:16:02.0515 3084 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    08:16:02.0531 3084 Pcmcia - ok
    08:16:02.0531 3084 PDCOMP - ok
    08:16:02.0546 3084 PDFRAME - ok
    08:16:02.0546 3084 PDRELI - ok
    08:16:02.0562 3084 PDRFRAME - ok
    08:16:02.0562 3084 perc2 - ok
    08:16:02.0578 3084 perc2hib - ok
    08:16:02.0656 3084 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    08:16:02.0656 3084 PlugPlay - ok
    08:16:02.0671 3084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    08:16:02.0687 3084 PolicyAgent - ok
    08:16:02.0703 3084 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    08:16:02.0703 3084 PptpMiniport - ok
    08:16:02.0718 3084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    08:16:02.0718 3084 ProtectedStorage - ok
    08:16:02.0718 3084 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    08:16:02.0734 3084 PSched - ok
    08:16:02.0781 3084 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    08:16:02.0781 3084 Ptilink - ok
    08:16:02.0812 3084 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    08:16:02.0875 3084 PxHelp20 - ok
    08:16:02.0875 3084 ql1080 - ok
    08:16:02.0890 3084 Ql10wnt - ok
    08:16:02.0906 3084 ql12160 - ok
    08:16:02.0906 3084 ql1240 - ok
    08:16:02.0921 3084 ql1280 - ok
    08:16:02.0953 3084 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    08:16:02.0953 3084 RasAcd - ok
    08:16:02.0984 3084 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    08:16:02.0984 3084 RasAuto - ok
    08:16:03.0015 3084 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    08:16:03.0015 3084 Rasl2tp - ok
    08:16:03.0078 3084 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    08:16:03.0078 3084 RasMan - ok
    08:16:03.0093 3084 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    08:16:03.0093 3084 RasPppoe - ok
    08:16:03.0109 3084 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    08:16:03.0109 3084 Raspti - ok
    08:16:03.0156 3084 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    08:16:03.0171 3084 Rdbss - ok
    08:16:03.0171 3084 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    08:16:03.0171 3084 RDPCDD - ok
    08:16:03.0234 3084 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    08:16:03.0234 3084 RDPWD - ok
    08:16:03.0281 3084 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    08:16:03.0281 3084 RDSessMgr - ok
    08:16:03.0328 3084 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    08:16:03.0328 3084 redbook - ok
    08:16:03.0375 3084 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    08:16:03.0375 3084 RemoteAccess - ok
    08:16:03.0406 3084 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    08:16:03.0406 3084 RpcLocator - ok
    08:16:03.0468 3084 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    08:16:03.0468 3084 RpcSs - ok
    08:16:03.0515 3084 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    08:16:03.0515 3084 RSVP - ok
    08:16:03.0562 3084 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    08:16:03.0562 3084 rtl8139 - ok
    08:16:03.0578 3084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    08:16:03.0578 3084 SamSs - ok
    08:16:03.0640 3084 SASDIFSV - ok
    08:16:03.0656 3084 SASKUTIL - ok
    08:16:03.0703 3084 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    08:16:03.0718 3084 SCardSvr - ok
    08:16:03.0765 3084 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    08:16:03.0781 3084 Schedule - ok
    08:16:03.0796 3084 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
    08:16:03.0812 3084 sdbus - ok
    08:16:03.0843 3084 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    08:16:03.0843 3084 Secdrv - ok
    08:16:03.0875 3084 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    08:16:03.0875 3084 seclogon - ok
    08:16:03.0890 3084 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    08:16:03.0890 3084 SENS - ok
    08:16:03.0953 3084 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    08:16:03.0953 3084 Serial - ok
    08:16:03.0968 3084 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    08:16:03.0968 3084 Sfloppy - ok
    08:16:04.0031 3084 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    08:16:04.0046 3084 SharedAccess - ok
    08:16:04.0062 3084 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    08:16:04.0078 3084 ShellHWDetection - ok
    08:16:04.0078 3084 Simbad - ok
    08:16:04.0109 3084 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    08:16:04.0156 3084 SLIP - ok
    08:16:04.0171 3084 Sparrow - ok
    08:16:04.0187 3084 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    08:16:04.0187 3084 splitter - ok
    08:16:04.0250 3084 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    08:16:04.0265 3084 Spooler - ok
    08:16:04.0281 3084 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    08:16:04.0281 3084 sr - ok
    08:16:04.0359 3084 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    08:16:04.0359 3084 srservice - ok
    08:16:04.0437 3084 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    08:16:04.0453 3084 Srv - ok
    08:16:04.0468 3084 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    08:16:04.0468 3084 SSDPSRV - ok
    08:16:04.0562 3084 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    08:16:04.0562 3084 stisvc - ok
    08:16:04.0609 3084 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    08:16:04.0671 3084 streamip - ok
    08:16:04.0703 3084 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    08:16:04.0703 3084 swenum - ok
    08:16:04.0734 3084 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    08:16:04.0734 3084 swmidi - ok
    08:16:04.0734 3084 SwPrv - ok
    08:16:04.0750 3084 symc810 - ok
    08:16:04.0765 3084 symc8xx - ok
    08:16:04.0765 3084 sym_hi - ok
    08:16:04.0781 3084 sym_u3 - ok
    08:16:04.0796 3084 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    08:16:04.0812 3084 sysaudio - ok
    08:16:04.0843 3084 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    08:16:04.0843 3084 SysmonLog - ok
    08:16:04.0890 3084 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    08:16:04.0890 3084 TapiSrv - ok
    08:16:04.0968 3084 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    08:16:04.0984 3084 Tcpip - ok
    08:16:05.0015 3084 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    08:16:05.0015 3084 TDPIPE - ok
    08:16:05.0046 3084 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    08:16:05.0046 3084 TDTCP - ok
    08:16:05.0093 3084 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    08:16:05.0093 3084 TermDD - ok
    08:16:05.0171 3084 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    08:16:05.0171 3084 TermService - ok
    08:16:05.0203 3084 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    08:16:05.0203 3084 Themes - ok
    08:16:05.0265 3084 [ F779BA4CD37963AB4600C9871B7752A3 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
    08:16:05.0359 3084 tifm21 - ok
    08:16:05.0359 3084 TosIde - ok
    08:16:05.0390 3084 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    08:16:05.0390 3084 TrkWks - ok
    08:16:05.0437 3084 [ F2AEE22231046CAD8D2F94D2C0F9BEFB ] trufos C:\WINDOWS\system32\DRIVERS\trufos.sys
    08:16:05.0500 3084 trufos - ok
    08:16:05.0515 3084 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    08:16:05.0515 3084 Udfs - ok
    08:16:05.0515 3084 ultra - ok
    08:16:05.0578 3084 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    08:16:05.0593 3084 Update - ok
    08:16:05.0687 3084 [ 1C5835420F2A8F6D683FD6BDFFA2FFDD ] UPDATESRV C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
    08:16:05.0687 3084 UPDATESRV - ok
    08:16:05.0734 3084 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    08:16:05.0734 3084 upnphost - ok
    08:16:05.0750 3084 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    08:16:05.0750 3084 UPS - ok
    08:16:05.0796 3084 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    08:16:05.0796 3084 USBAAPL - ok
    08:16:05.0843 3084 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    08:16:05.0875 3084 usbaudio - ok
    08:16:05.0890 3084 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    08:16:05.0890 3084 usbccgp - ok
    08:16:05.0921 3084 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    08:16:05.0921 3084 usbehci - ok
    08:16:05.0953 3084 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    08:16:05.0953 3084 usbhub - ok
    08:16:05.0984 3084 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    08:16:06.0015 3084 usbscan - ok
    08:16:06.0062 3084 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    08:16:06.0062 3084 USBSTOR - ok
    08:16:06.0093 3084 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    08:16:06.0093 3084 usbuhci - ok
    08:16:06.0140 3084 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    08:16:06.0171 3084 usbvideo - ok
    08:16:06.0171 3084 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    08:16:06.0171 3084 VgaSave - ok
    08:16:06.0187 3084 ViaIde - ok
    08:16:06.0218 3084 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    08:16:06.0218 3084 VolSnap - ok
    08:16:06.0265 3084 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    08:16:06.0281 3084 VSS - ok
    08:16:06.0390 3084 [ F92F8B40FA98A631ADAA772ABA7FA7EE ] VSSERV C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
    08:16:06.0453 3084 VSSERV - ok
    08:16:06.0625 3084 [ EFFAB2168B92025BF9A028461E029687 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
    08:16:06.0734 3084 w29n51 - ok
    08:16:06.0843 3084 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    08:16:06.0843 3084 W32Time - ok
    08:16:06.0906 3084 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    08:16:06.0906 3084 Wanarp - ok
    08:16:06.0984 3084 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    08:16:07.0093 3084 Wdf01000 - ok
    08:16:07.0093 3084 WDICA - ok
    08:16:07.0140 3084 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    08:16:07.0140 3084 wdmaud - ok
    08:16:07.0156 3084 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    08:16:07.0156 3084 WebClient - ok
    08:16:07.0265 3084 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    08:16:07.0265 3084 winmgmt - ok
    08:16:07.0328 3084 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
    08:16:07.0328 3084 WmdmPmSN - ok
    08:16:07.0375 3084 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    08:16:07.0390 3084 WmiApSrv - ok
    08:16:07.0437 3084 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    08:16:07.0437 3084 wscsvc - ok
    08:16:07.0484 3084 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    08:16:07.0546 3084 WSTCODEC - ok
    08:16:07.0546 3084 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    08:16:07.0562 3084 wuauserv - ok
    08:16:07.0625 3084 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    08:16:07.0640 3084 WZCSVC - ok
    08:16:07.0687 3084 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    08:16:07.0687 3084 xmlprov - ok
    08:16:07.0718 3084 ================ Scan global ===============================
    08:16:07.0750 3084 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    08:16:07.0812 3084 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
    08:16:07.0843 3084 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
    08:16:07.0859 3084 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    08:16:07.0859 3084 [Global] - ok
    08:16:07.0859 3084 ================ Scan MBR ==================================
    08:16:07.0890 3084 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    08:16:08.0078 3084 \Device\Harddisk0\DR0 - ok
    08:16:08.0078 3084 ================ Scan VBR ==================================
    08:16:08.0078 3084 [ A7C786328556EDF741107C9E4E753654 ] \Device\Harddisk0\DR0\Partition1
    08:16:08.0078 3084 \Device\Harddisk0\DR0\Partition1 - ok
    08:16:08.0093 3084 ============================================================
    08:16:08.0093 3084 Scan finished
    08:16:08.0093 3084 ============================================================
    08:16:08.0093 1772 Detected object count: 0
    08:16:08.0093 1772 Actual detected object count: 0
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

  16. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org

    Database version: v2013.05.22.10

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    New Account :: CHELSEA-797BB6F [administrator]

    03/01/2005 8:34:22 AM
    mbar-log-2005-01-03 (08-34-22).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 24879
    Time elapsed: 14 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    ...and the other MBAR log...
     
  18. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 592642048

    ------------ Kernel report ------------
    01/02/2005 10:49:11
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    PCIIde.sys
    \WINDOWS\System32\Drivers\PCIIDEX.SYS
    intelide.sys
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    avc3.sys
    gzflt.sys
    trufos.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ialmnt5.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\RTL8139.SYS
    \SystemRoot\system32\DRIVERS\w29n51.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\drivers\ALCXWDM.SYS
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\avchv.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\Drivers\wdf01000.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\system32\DRIVERS\bdvedisk.sys
    \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
    \SystemRoot\System32\Drivers\Udfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ialmdnt5.dll
    \SystemRoot\System32\ialmrnt5.dll
    \SystemRoot\System32\ialmdev5.DLL
    \SystemRoot\System32\ialmdd5.DLL
    \SystemRoot\system32\DRIVERS\avckf.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \??\C:\WINDOWS\system32\drivers\TrueSight.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86f6cab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
    Lower Device Object: 0xffffffff86f04b00
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.05.22.02
    Downloaded database version: v2013.05.14.03
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86f6cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86f3e900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86f6cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f04b00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe1124268, 0xffffffff86f6cab8, 0xffffffff85127308
    Lower DeviceData: 0xffffffffe1307358, 0xffffffff86f04b00, 0xffffffff851919a0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    MBR buffers are not equal
    MBR is forged! [b076b5afbb15b32b3fb554fe2375283f]
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B37DB37D

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 155878632
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x88)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 155878695 Numsec = 417690

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    failed to create file C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_rep.mbam - 32
    Replacement MBR for a drive 0 found
    MBR infection found on drive 0
    Disk Size: 80026361856 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
    Sectors 156281488 - 156281544 --> [Forged physical sectors]
    Sectors 156281551 - 156281743 --> [Forged physical sectors]
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 628699136

    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 451252224

    ------------ Kernel report ------------
    01/02/2005 11:47:08
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    PCIIde.sys
    \WINDOWS\System32\Drivers\PCIIDEX.SYS
    intelide.sys
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    avc3.sys
    gzflt.sys
    trufos.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ialmnt5.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\RTL8139.SYS
    \SystemRoot\system32\DRIVERS\w29n51.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\drivers\ALCXWDM.SYS
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\avchv.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\Drivers\wdf01000.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\system32\DRIVERS\bdvedisk.sys
    \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
    \SystemRoot\System32\Drivers\Udfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ialmdnt5.dll
    \SystemRoot\System32\ialmrnt5.dll
    \SystemRoot\System32\ialmdev5.DLL
    \SystemRoot\System32\ialmdd5.DLL
    \SystemRoot\system32\DRIVERS\avckf.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86f6cab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
    Lower Device Object: 0xffffffff86f04b00
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86f6cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86f3e900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86f6cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f04b00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe16ff8c8, 0xffffffff86f6cab8, 0xffffffff851aa2e8
    Lower DeviceData: 0xffffffffe13bf3c0, 0xffffffff86f04b00, 0xffffffff851e06e8
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    MBR buffers are not equal
    MBR is forged! [b076b5afbb15b32b3fb554fe2375283f]
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B37DB37D

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 155878632
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x88)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 155878695 Numsec = 417690

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    failed to create file C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_rep.mbam - 32
    Replacement MBR for a drive 0 found
    MBR infection found on drive 0
    Disk Size: 80026361856 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal successful. No system shutdown is required.
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 657940480

    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 601878528

    ------------ Kernel report ------------
    01/02/2005 22:36:26
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    PCIIde.sys
    \WINDOWS\System32\Drivers\PCIIDEX.SYS
    intelide.sys
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    avc3.sys
    gzflt.sys
    trufos.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ialmnt5.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\RTL8139.SYS
    \SystemRoot\system32\DRIVERS\w29n51.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\drivers\ALCXWDM.SYS
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\avchv.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\Drivers\wdf01000.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\bdvedisk.sys
    \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
    \SystemRoot\System32\Drivers\Udfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ialmdnt5.dll
    \SystemRoot\System32\ialmrnt5.dll
    \SystemRoot\System32\ialmdev5.DLL
    \SystemRoot\System32\ialmdd5.DLL
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\avckf.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86f03ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
    Lower Device Object: 0xffffffff86f82b00
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.05.22.03
    Downloaded database version: v2013.05.22.04
    Downloaded database version: v2013.05.22.05
    Downloaded database version: v2013.05.22.06
    Downloaded database version: v2013.05.22.07
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86f03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86f46240, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86f03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f82b00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe27977e8, 0xffffffff86f03ab8, 0xffffffff8526b270
    Lower DeviceData: 0xffffffffe11b6800, 0xffffffff86f82b00, 0xffffffff865689c0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    MBR buffers are not equal
    MBR is forged! [b076b5afbb15b32b3fb554fe2375283f]
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B37DB37D

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 155878632
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x88)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 155878695 Numsec = 417690

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    failed to create file C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_rep.mbam - 32
    Replacement MBR for a drive 0 found
    MBR infection found on drive 0
    Disk Size: 80026361856 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal successful. No system shutdown is required.
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 677732352

    ------------ Kernel report ------------
    01/02/2005 22:50:29
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    PCIIde.sys
    \WINDOWS\System32\Drivers\PCIIDEX.SYS
    intelide.sys
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    avc3.sys
    gzflt.sys
    trufos.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ialmnt5.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\RTL8139.SYS
    \SystemRoot\system32\DRIVERS\w29n51.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\drivers\ALCXWDM.SYS
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\avchv.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\Drivers\wdf01000.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\bdvedisk.sys
    \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
    \SystemRoot\System32\Drivers\Udfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ialmdnt5.dll
    \SystemRoot\System32\ialmrnt5.dll
    \SystemRoot\System32\ialmdev5.DLL
    \SystemRoot\System32\ialmdd5.DLL
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\avckf.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86f03ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
    Lower Device Object: 0xffffffff86f82b00
    Lower Device Driver Name: \Driver\atapi\
    Device already Exists: 0xffffffff865689c0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86f03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86f46240, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86f03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f82b00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe1308970, 0xffffffff86f03ab8, 0xffffffff8526b270
    Lower DeviceData: 0xffffffffe1179330, 0xffffffff86f82b00, 0xffffffff865689c0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    MBR buffers are not equal
    MBR is forged! [b076b5afbb15b32b3fb554fe2375283f]
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B37DB37D

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 155878632
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x88)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 155878695 Numsec = 417690

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    failed to create file C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_rep.mbam - 32
    Replacement MBR for a drive 0 found
    MBR infection found on drive 0
    Disk Size: 80026361856 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal successful. No system shutdown is required.
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 602517504

    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063677952, free: 604958720

    ------------ Kernel report ------------
    01/03/2005 02:07:38
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    PCIIde.sys
    \WINDOWS\System32\Drivers\PCIIDEX.SYS
    intelide.sys
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    avc3.sys
    gzflt.sys
    trufos.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ialmnt5.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\RTL8139.SYS
    \SystemRoot\system32\DRIVERS\w29n51.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\drivers\ALCXWDM.SYS
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\avchv.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\Drivers\wdf01000.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\bdvedisk.sys
    \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
    \SystemRoot\System32\Drivers\Udfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ialmdnt5.dll
    \SystemRoot\System32\ialmrnt5.dll
    \SystemRoot\System32\ialmdev5.DLL
    \SystemRoot\System32\ialmdd5.DLL
    \SystemRoot\system32\DRIVERS\avckf.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86f03ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
    Lower Device Object: 0xffffffff86f82b00
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.05.22.08
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86f03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86f46240, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86f03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f82b00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe2817198, 0xffffffff86f03ab8, 0xffffffff852b8538
    Lower DeviceData: 0xffffffffe2a54358, 0xffffffff86f82b00, 0xffffffff85341360
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    MBR buffers are not equal
    MBR is forged! [b076b5afbb15b32b3fb554fe2375283f]
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B37DB37D

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 155878632
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x88)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 155878695 Numsec = 417690

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Replacement MBR for a drive 0 found
    MBR infection found on drive 0
    Disk Size: 80026361856 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
    Done!
    Performing system, memory and registry scan...
    Scan Interrupted
    Done!
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063698432, free: 651771904

    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 1063698432, free: 702648320

    ------------ Kernel report ------------
    01/03/2005 08:18:04
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    90852752.sys
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    \WINDOWS\System32\Drivers\PCIIDEX.SYS
    intelide.sys
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    avc3.sys
    gzflt.sys
    trufos.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ialmnt5.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\RTL8139.SYS
    \SystemRoot\system32\DRIVERS\w29n51.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\drivers\ALCXWDM.SYS
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\avchv.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\Drivers\wdf01000.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\bdvedisk.sys
    \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
    \SystemRoot\System32\Drivers\Udfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ialmdnt5.dll
    \SystemRoot\System32\ialmrnt5.dll
    \SystemRoot\System32\ialmdev5.DLL
    \SystemRoot\System32\ialmdd5.DLL
    \SystemRoot\system32\DRIVERS\avckf.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86f40ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
    Lower Device Object: 0xffffffff86f10d98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.05.22.09
    Downloaded database version: v2013.05.22.10
    Downloaded database version: v2013.05.22.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86f40ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86ef0900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86f40ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f10d98, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe2a3e868, 0xffffffff86f40ab8, 0xffffffff85a7c9b8
    Lower DeviceData: 0xffffffffe2b06678, 0xffffffff86f10d98, 0xffffffff85da6040
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B37DB37D

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 155878632
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x88)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 155878695 Numsec = 417690

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 80026361856 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Very good :)

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  20. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    ComboFix 13-05-22.01 - New Account 03/01/2005 10:27:51.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.635 [GMT -7:00]
    Running from: c:\documents and settings\New Account\My Documents\Downloads\ComboFix.exe
    AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\~1kAlMiG2Kb7FzP
    c:\documents and settings\All Users\Application Data\~1kAlMiG2Kb7FzPr
    c:\documents and settings\All Users\Application Data\1104596161.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1104599412.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1104599423.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1104600242.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1104600247.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1104601172.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1104602246.2276.bin
    c:\documents and settings\All Users\Application Data\1104602246.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1104602269.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1104605016.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1kAlMiG2Kb7FzP
    C:\IE8-WI~1.EXE
    c:\windows\fspscprereqmsiinst.log
    c:\windows\system\winspool.drv
    .
    Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2004-12-03 to 2005-01-03 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-06 22:35 . 2005-01-01 15:54--------d-----w-C:\temp
    2011-05-11 16:24 . 2011-05-11 16:24--------d-----w-C:\divx
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-02 22:19 . 2004-08-04 12:0097304----a-w-c:\windows\system32\cdm.dll
    2011-09-26 17:41 . 2004-08-04 12:00220160------w-c:\windows\system32\oleacc.dll
    2011-09-26 17:41 . 2004-08-04 12:0020480----a-w-c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12 . 2004-08-04 12:00599040----a-w-c:\windows\system32\crypt32.dll
    2011-09-06 13:20 . 2004-08-04 12:001858944----a-w-c:\windows\system32\win32k.sys
    2011-08-22 23:48 . 2004-08-04 12:00916480----a-w-c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2004-08-04 12:0043520----a-w-c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2004-08-04 12:001469440----a-w-c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2004-08-04 12:00385024----a-w-c:\windows\system32\html.iec
    2011-08-17 13:49 . 2004-08-04 12:00138496----a-w-c:\windows\system32\drivers\afd.sys
    2011-07-15 13:29 . 2004-08-04 12:00456320----a-w-c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02 . 2004-08-04 12:0010496----a-w-c:\windows\system32\drivers\ndistapi.sys
    2011-06-20 17:44 . 2004-08-04 12:00293376----a-w-c:\windows\system32\winsrv.dll
    2011-04-29 17:25 . 2004-08-04 12:00151552----a-w-c:\windows\system32\schannel.dll
    2011-04-26 11:07 . 2004-08-04 12:0033280----a-w-c:\windows\system32\csrsrv.dll
    2011-04-21 13:37 . 2004-08-04 12:00105472----a-w-c:\windows\system32\drivers\mup.sys
    2011-03-04 06:37 . 2004-08-04 12:00420864------w-c:\windows\system32\vbscript.dll
    2011-02-17 13:18 . 2004-08-04 12:00357888----a-w-c:\windows\system32\drivers\srv.sys
    2011-02-15 12:56 . 2004-08-04 12:00290432----a-w-c:\windows\system32\atmfd.dll
    2011-02-09 13:53 . 2004-08-04 12:00270848----a-w-c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2004-08-04 12:00186880----a-w-c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2004-08-04 12:00978944----a-w-c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2004-08-04 12:00974848----a-w-c:\windows\system32\mfc42u.dll
    2011-01-21 14:44 . 2004-08-04 12:00439296----a-w-c:\windows\system32\shimgvw.dll
    2010-12-22 12:34 . 2004-08-04 12:00301568----a-w-c:\windows\system32\kerberos.dll
    2010-12-20 17:32 . 2004-08-04 12:00551936----a-w-c:\windows\system32\oleaut32.dll
    2010-12-20 17:26 . 2004-08-04 12:00730112----a-w-c:\windows\system32\lsasrv.dll
    2010-12-09 15:15 . 2004-08-04 12:00718336----a-w-c:\windows\system32\ntdll.dll
    2010-12-09 13:38 . 2004-08-04 12:002192768----a-w-c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07 . 2004-08-03 22:592069376----a-w-c:\windows\system32\ntkrnlpa.exe
    2010-11-09 14:52 . 2004-08-04 12:00249856----a-w-c:\windows\system32\odbc32.dll
    2010-11-02 15:17 . 2004-08-04 12:0040960----a-w-c:\windows\system32\drivers\ndproxy.sys
    2010-09-18 06:53 . 2004-08-04 12:00954368----a-w-c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-04 12:00953856----a-w-c:\windows\system32\mfc40u.dll
    2010-08-27 08:02 . 2004-08-04 12:00119808----a-w-c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2004-08-04 12:0099840----a-w-c:\windows\system32\srvsvc.dll
    2010-08-23 16:12 . 2004-08-04 12:00617472----a-w-c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2004-08-04 12:0058880----a-w-c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2004-08-04 12:00590848----a-w-c:\windows\system32\rpcrt4.dll
    2010-07-16 12:05 . 2004-08-04 12:001288192----a-w-c:\windows\system32\ole32.dll
    2010-06-17 14:03 . 2004-08-04 12:0080384----a-w-c:\windows\system32\iccvid.dll
    2010-06-15 16:17 . 2004-08-04 12:00143422----a-w-c:\windows\system32\l3codecx.ax
    2010-06-14 14:31 . 2011-04-12 06:53744448------w-c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41 . 2004-08-04 12:001172480----a-w-c:\windows\system32\msxml3.dll
    2010-04-16 15:36 . 2004-08-04 12:00406016----a-w-c:\windows\system32\usp10.dll
    2010-04-05 18:54 . 2004-08-04 12:00384512----a-w-c:\windows\system32\mp4sdmod.dll
    2010-03-30 07:52 . 2004-08-04 12:00262416----a-w-c:\windows\system32\mpg4ds32.ax
    2010-03-05 14:37 . 2004-08-04 12:0065536----a-w-c:\windows\system32\asycfilt.dll
    2010-02-12 04:33 . 2004-08-04 12:00100864----a-w-c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-08-04 12:00226880----a-w-c:\windows\system32\drivers\tcpip6.sys
    2010-02-05 18:27 . 2004-08-04 12:001291776----a-w-c:\windows\system32\quartz.dll
    2010-01-29 14:43 . 2004-08-04 12:00307260----a-w-c:\windows\system32\l3codeca.acm
    2010-01-13 14:01 . 2004-08-04 12:0086016----a-w-c:\windows\system32\cabview.dll
    2009-12-24 06:59 . 2004-08-04 12:00177664----a-w-c:\windows\system32\wintrust.dll
    2009-11-27 17:11 . 2004-08-04 00:5617920----a-w-c:\windows\system32\msyuv.dll
    2009-11-27 16:07 . 2004-08-04 12:0028672----a-w-c:\windows\system32\msvidc32.dll
    2009-11-27 16:07 . 2001-08-17 22:368704----a-w-c:\windows\system32\tsbyuv.dll
    2009-11-27 16:07 . 2004-08-04 12:0084992----a-w-c:\windows\system32\avifil32.dll
    2009-11-27 16:07 . 2004-08-04 12:0011264----a-w-c:\windows\system32\msrle32.dll
    2009-11-27 16:07 . 2004-08-04 00:5648128----a-w-c:\windows\system32\iyuv_32.dll
    2009-11-21 15:51 . 2004-08-04 12:00471552----a-w-c:\windows\apppatch\aclayers.dll
    2009-10-21 05:38 . 2004-08-04 12:0075776----a-w-c:\windows\system32\strmfilt.dll
    2009-10-21 05:38 . 2004-08-04 12:0025088----a-w-c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2004-08-04 12:00265728----a-w-c:\windows\system32\drivers\http.sys
    2009-10-15 16:28 . 2004-08-04 12:0081920----a-w-c:\windows\system32\fontsub.dll
    2009-10-13 10:30 . 2004-08-04 12:00270336----a-w-c:\windows\system32\oakley.dll
    2009-10-12 13:38 . 2004-08-04 12:00149504----a-w-c:\windows\system32\rastls.dll
    2009-10-12 13:38 . 2004-08-04 12:0079872----a-w-c:\windows\system32\raschap.dll
    2009-09-11 14:18 . 2004-08-04 12:00136192----a-w-c:\windows\system32\msv1_0.dll
    2009-09-04 21:03 . 2004-08-04 12:0058880----a-w-c:\windows\system32\msasn1.dll
    2009-09-01 14:46 . 2004-08-04 12:00282654----a-w-c:\windows\system32\msaud32.acm
    2009-08-26 08:00 . 2004-08-04 12:00247326----a-w-c:\windows\system32\strmdll.dll
    2009-08-25 09:17 . 2004-08-04 12:00354816------w-c:\windows\system32\winhttp.dll
    2009-08-05 09:01 . 2004-08-04 12:00204800------w-c:\windows\system32\mswebdvd.dll
    2009-07-17 19:01 . 2004-08-04 12:0058880------w-c:\windows\system32\atl.dll
    2009-07-17 16:22 . 2004-08-04 12:001435648----a-w-c:\windows\system32\query.dll
    2009-07-12 19:21 . 2004-08-04 12:00233472----a-w-c:\windows\system32\wmpdxm.dll
    2009-06-25 08:25 . 2004-08-04 12:0056832----a-w-c:\windows\system32\secur32.dll
    2009-06-25 08:25 . 2004-08-04 12:0054272----a-w-c:\windows\system32\wdigest.dll
    2009-06-24 11:18 . 2004-08-04 12:0092928----a-w-c:\windows\system32\drivers\ksecdd.sys
    2009-06-12 12:31 . 2004-08-04 12:0076288----a-w-c:\windows\system32\telnet.exe
    2009-06-10 06:14 . 2004-08-04 12:00132096----a-w-c:\windows\system32\wkssvc.dll
    2009-05-07 15:32 . 2004-08-04 12:00345600----a-w-c:\windows\system32\localspl.dll
    2009-04-20 17:17 . 2004-08-04 12:0045568----a-w-c:\windows\system32\dnsrslvr.dll
    2009-04-03 19:15 . 2004-08-04 12:00485376----a-w-c:\windows\system32\wmspdmod.dll
    2009-03-08 11:33 . 2004-08-04 12:0018944----a-w-c:\windows\system32\corpol.dll
    2009-03-08 11:32 . 2004-08-04 12:0072704----a-w-c:\windows\system32\admparse.dll
    2009-03-08 11:32 . 2004-08-04 12:0071680----a-w-c:\windows\system32\iesetup.dll
    2009-03-08 11:31 . 2004-08-04 12:0034816----a-w-c:\windows\system32\imgutil.dll
    2009-03-08 11:31 . 2004-08-04 12:0048128----a-w-c:\windows\system32\mshtmler.dll
    2009-03-08 11:31 . 2004-08-04 12:0045568----a-w-c:\windows\system32\mshta.exe
    2009-03-08 11:31 . 2004-08-04 12:001638912------w-c:\windows\system32\mshtml.tlb
    2009-03-08 11:30 . 2004-08-04 12:0066560------w-c:\windows\system32\tdc.ocx
    2009-03-08 11:22 . 2004-08-04 12:00156160----a-w-c:\windows\system32\msls31.dll
    2009-03-06 14:22 . 2004-08-04 12:00284160----a-w-c:\windows\system32\pdh.dll
    2009-02-09 12:10 . 2004-08-04 12:00617472----a-w-c:\windows\system32\advapi32.dll
    2009-02-09 12:10 . 2004-08-04 12:00401408----a-w-c:\windows\system32\rpcss.dll
    2009-02-06 11:11 . 2004-08-04 12:00110592----a-w-c:\windows\system32\services.exe
    2009-02-06 10:39 . 2004-08-04 12:0035328----a-w-c:\windows\system32\sc.exe
    2008-10-23 12:36 . 2004-08-04 12:00286720----a-w-c:\windows\system32\gdi32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
    @="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
    [HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
    2013-02-27 22:42241360----a-w-c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
    @="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
    [HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
    2013-02-27 22:42241360----a-w-c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
    @="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
    [HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
    2013-02-27 22:42241360----a-w-c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
    @="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
    [HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
    2013-02-27 22:42241360----a-w-c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2011-04-12 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2011-04-12 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2011-04-12 114688]
    "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2011-04-12 184320]
    "AGRSMMSG"="AGRSMMSG.exe" [2011-04-12 88358]
    "ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2006-08-03 639040]
    "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 135168]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-04-25 1611784]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    2006-08-03 10:20188482----a-w-c:\windows\system32\LgNotify.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [02/01/2005 1:24 AM 633344]
    R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [01/01/2005 9:04 PM 162976]
    R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [01/01/2005 10:11 PM 72704]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [02/01/2005 7:31 AM 418376]
    R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [01/01/2005 10:10 PM 55984]
    R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [01/01/2005 10:09 PM 242504]
    R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [01/01/2005 10:09 PM 486536]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [01/01/2005 10:10 PM 116560]
    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [02/01/2005 7:31 AM 701512]
    S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [01/01/2005 10:10 PM 66392]
    S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
    S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [01/01/2005 10:10 PM 62688]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2005-01-01 06:221642448------w-c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
    .
    2005-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 15:54]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 15:54]
    .
    .
    ------- Supplementary Scan -------
    .
    TCP: DhcpNameServer = 192.168.254.2 142.166.86.18
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-92142587.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2005-01-03 11:06
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1156)
    c:\windows\system32\LgNotify.dll
    .
    - - - - - - - > 'explorer.exe'(2424)
    c:\windows\system32\WININET.dll
    c:\program files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Bitdefender\Bitdefender 2013\vsserv.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\AGRSMMSG.exe
    .
    **************************************************************************
    .
    Completion time: 2005-01-03 11:11:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2005-01-03 18:11
    .
    Pre-Run: 67,081,560,064 bytes free
    Post-Run: 67,194,449,920 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - DE8B1FF6AA29382545C9DE73C6A25614
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good.

    How is computer doing?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  22. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    So far it is running better and no error or warning popups :D



    # AdwCleaner v2.301 - Logfile created 01/03/2005 at 11:25:00
    # Updated 16/05/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : New Account - CHELSEA-797BB6F
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\New Account\My Documents\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Google Chrome v26.0.1410.64

    File : C:\Documents and Settings\New Account\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1005 octets] - [03/01/2005 11:23:36]
    AdwCleaner[S1].txt - [940 octets] - [03/01/2005 11:25:00]

    ########## EOF - C:\AdwCleaner[S1].txt - [999 octets] ##########
     
  23. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    # AdwCleaner v2.301 - Logfile created 01/03/2005 at 11:25:00
    # Updated 16/05/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : New Account - CHELSEA-797BB6F
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\New Account\My Documents\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Google Chrome v26.0.1410.64

    File : C:\Documents and Settings\New Account\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1005 octets] - [03/01/2005 11:23:36]
    AdwCleaner[S1].txt - [940 octets] - [03/01/2005 11:25:00]

    ########## EOF - C:\AdwCleaner[S1].txt - [999 octets] ##########
     
  24. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    OTL logfile created on: 03/01/2005 11:43:52 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\New Account\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    1014.42 Mb Total Physical Memory | 541.59 Mb Available Physical Memory | 53.39% Memory free
    1.64 Gb Paging File | 1.15 Gb Available in Paging File | 70.13% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.33 Gb Total Space | 62.57 Gb Free Space | 84.18% Space Free | Partition Type: NTFS
    Drive D: | 5.21 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: CHELSEA-797BB6F | User Name: New Account | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/04/24 17:17:38 | 001,611,784 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
    PRC - [2013/04/24 07:44:02 | 001,345,008 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
    PRC - [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/02/26 17:33:03 | 000,055,984 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
    PRC - [2012/10/25 17:31:06 | 000,309,424 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\downloader.exe
    PRC - [2011/04/11 20:30:18 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
    PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/08/03 03:19:18 | 000,639,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
    PRC - [2005/01/03 11:22:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\New Account\My Documents\Downloads\OTL.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/04/25 16:08:43 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\ui\imsecurityal.ui
    MOD - [2013/04/25 16:08:41 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\ui\accessl.ui
    MOD - [2013/04/09 01:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
    MOD - [2013/04/09 01:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
    MOD - [2013/04/09 01:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
    MOD - [2013/04/09 01:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
    MOD - [2013/02/26 17:13:13 | 000,204,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
    MOD - [2012/09/07 18:09:26 | 000,394,408 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
    MOD - [2012/04/27 16:08:08 | 000,093,040 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll
    MOD - [2011/11/14 20:17:06 | 000,132,176 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/21 14:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2006/08/03 03:24:08 | 000,045,124 | ---- | M] () -- C:\WINDOWS\system32\LsaWrApi.dll
    MOD - [2006/08/03 03:15:16 | 000,528,453 | ---- | M] () -- C:\WINDOWS\system32\C1XStngs.dll
    MOD - [2005/01/01 23:27:55 | 000,546,240 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00013_002\ashttpdsp.mdl
    MOD - [2005/01/01 23:27:54 | 002,039,216 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00013_002\ashttpph.mdl
    MOD - [2005/01/01 23:27:41 | 000,996,928 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00013_002\ashttprbl.mdl
    MOD - [2005/01/01 23:27:20 | 000,673,448 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00013_002\ashttpbr.mdl


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/04/24 07:44:02 | 001,345,008 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/02/26 17:33:03 | 000,055,984 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
    SRV - [2013/02/26 17:20:55 | 000,062,688 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
    SRV - [2003/04/29 14:29:54 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
    DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2013/04/17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
    DRV - [2013/02/22 19:46:44 | 000,116,560 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
    DRV - [2012/11/12 18:11:11 | 000,066,392 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (BDSandBox)
    DRV - [2012/11/02 14:17:14 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
    DRV - [2012/10/31 13:13:10 | 000,343,456 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
    DRV - [2012/10/04 14:30:05 | 000,162,976 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt)
    DRV - [2012/10/02 12:31:18 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr)
    DRV - [2012/04/17 14:40:22 | 000,072,704 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
    DRV - [2011/04/11 20:48:57 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2011/04/11 20:32:34 | 002,324,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
    DRV - [2011/04/11 20:30:18 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/01/09 06:19:16 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
    DRV - [2005/01/02 01:24:28 | 000,633,344 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
    DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-299502267-1647877149-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
    IE - HKU\S-1-5-21-299502267-1647877149-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 BE C2 2F 7A F1 C4 01 [binary data]
    IE - HKU\S-1-5-21-299502267-1647877149-725345543-1004\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-299502267-1647877149-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-299502267-1647877149-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-299502267-1647877149-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 09:03:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 09:03:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2005/01/01 22:10:59 | 000,000,000 | ---D | M]

    [2005/01/01 08:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/10/09 12:25:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/04/15 18:30:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/10/27 22:57:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - Extension: Docs = C:\Documents and Settings\New Account\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\New Account\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: YouTube = C:\Documents and Settings\New Account\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Documents and Settings\New Account\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: DivX HiQ = C:\Documents and Settings\New Account\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\New Account\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
    CHR - Extension: Gmail = C:\Documents and Settings\New Account\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2005/01/03 11:05:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
    O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-299502267-1647877149-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-299502267-1647877149-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-299502267-1647877149-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-299502267-1647877149-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.2 142.166.86.18
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8E13BEB-66CC-418F-A135-C37C668EBFC7}: DhcpNameServer = 192.168.254.2 142.166.86.18
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\Sebring: DllName - (C:\WINDOWS\system32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/04/11 23:56:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/28 18:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Application Data\Macromedia
    [2011/10/28 18:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Application Data\Adobe
    [2011/10/28 18:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Local Settings\Application Data\Mozilla
    [2011/10/27 22:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/10/27 21:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
    [2011/10/27 13:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/10/27 13:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/10/26 19:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Application Data\Sun
    [2011/10/26 19:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Local Settings\Application Data\shaw
    [2011/10/26 19:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Local Settings\Application Data\Apple Computer
    [2011/10/26 19:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Application Data\Apple Computer
    [2011/10/26 19:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Application Data\Identities
    [2011/10/26 19:35:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New Account\My Documents\My Pictures
    [2011/10/26 19:35:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New Account\My Documents\My Music
    [2011/10/26 19:35:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\New Account\IETldCache
    [2011/10/26 19:35:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\New Account\Application Data\Microsoft
    [2011/10/26 19:35:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\New Account\Application Data
    [2011/10/26 19:35:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New Account\Favorites
    [2011/10/26 19:35:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\New Account\Cookies
    [2011/10/26 19:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Desktop
    [2011/10/26 19:35:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\New Account\SendTo
    [2011/10/26 19:35:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New Account\Start Menu\Programs\Startup
    [2011/10/26 19:35:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New Account\Start Menu
    [2011/10/26 19:35:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New Account\My Documents
    [2011/10/26 19:35:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New Account\Start Menu\Programs\Accessories
    [2011/10/26 19:35:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\New Account\Templates
    [2011/10/26 19:35:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\New Account\PrintHood
    [2011/10/26 19:35:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\New Account\NetHood
    [2011/10/26 19:35:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\New Account\Local Settings
    [2011/10/26 19:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Local Settings\Application Data\Microsoft
    [2011/10/25 20:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/10/20 13:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
    [2011/10/20 13:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Invoice2go
    [2011/10/20 13:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Sys
    [2011/10/20 12:32:18 | 004,194,304 | ---- | C] (Amyuni Technologies
    http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
    [2011/10/20 12:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Invoice2go 5.0
    [2011/10/20 06:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
    [2011/10/13 10:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2011/10/13 10:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2011/10/13 10:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2011/10/06 16:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
    [2011/10/06 16:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Shaw Secure
    [2011/10/06 15:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fssg
    [2011/10/06 15:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
    [2011/10/06 15:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\shaw
    [2011/10/06 15:35:13 | 000,000,000 | ---D | C] -- C:\temp
    [2011/10/06 14:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2011/10/06 14:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/05/11 09:24:53 | 000,000,000 | ---D | C] -- C:\divx
    [2011/05/09 14:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    [2011/05/09 14:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2011/05/03 11:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
    [2011/04/20 20:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\jLd06504nPhGj06504
    [2011/04/19 13:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2011/04/19 12:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
    [2011/04/19 12:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
    [2011/04/19 12:23:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
    [2011/04/19 12:23:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
    [2011/04/19 12:16:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
    [2011/04/19 12:09:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
    [2011/04/19 12:09:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
    [2011/04/16 03:02:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
    [2011/04/16 03:01:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2011/04/16 03:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
    [2011/04/15 21:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
    [2011/04/15 18:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
    [2011/04/15 18:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2011/04/15 18:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2011/04/15 17:14:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
    [2011/04/15 17:14:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
    [2011/04/14 10:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2011/04/13 09:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AC3Filter
    [2011/04/13 09:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
    [2011/04/13 09:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
    [2011/04/13 09:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
    [2011/04/13 09:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    [2011/04/13 08:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2011/04/13 08:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2011/04/13 08:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2011/04/13 08:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2011/04/13 08:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
    [2011/04/12 14:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/04/12 14:16:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2011/04/12 10:18:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/04/12 10:15:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
    [2011/04/12 10:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/04/12 09:44:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
    [2011/04/12 09:42:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2011/04/12 09:42:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
    [2011/04/12 08:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
    [2011/04/12 08:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
    [2011/04/12 08:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2011/04/12 08:25:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
    [2011/04/12 08:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2011/04/12 01:19:15 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
    [2011/04/12 01:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
    [2011/04/12 01:18:57 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
    [2011/04/12 01:18:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2011/04/12 01:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2011/04/11 23:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2011/04/11 23:59:49 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2011/04/11 23:58:30 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2011/04/11 23:58:30 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2011/04/11 23:57:07 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2011/04/11 23:56:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
    [2011/04/11 23:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
    [2011/04/11 23:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
    [2011/04/11 23:55:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
    [2011/04/11 23:55:14 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
    [2011/04/11 23:55:14 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
    [2011/04/11 23:55:04 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
    [2011/04/11 23:54:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
    [2011/04/11 23:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
    [2011/04/11 23:54:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
    [2011/04/11 23:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
    [2011/04/11 23:54:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
    [2011/04/11 23:53:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
    [2011/04/11 23:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
    [2011/04/11 23:53:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
    [2011/04/11 23:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
    [2011/04/11 23:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
    [2011/04/11 23:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
    [2011/04/11 23:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
    [2011/04/11 23:53:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
    [2011/04/11 23:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
    [2011/04/11 23:52:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
    [2011/04/11 23:52:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
    [2011/04/11 23:52:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
    [2011/04/11 23:52:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
    [2011/04/11 23:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
    [2011/04/11 23:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
    [2011/04/11 23:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
    [2011/04/11 23:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
    [2011/04/11 23:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
    [2011/04/11 23:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
    [2011/04/11 23:51:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
    [2011/04/11 23:51:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
    [2011/04/11 23:50:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
    [2011/04/11 21:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/04/11 21:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011/04/11 21:18:03 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2011/04/11 21:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2011/04/11 21:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
    [2011/04/11 21:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2011/04/11 21:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead
    [2011/04/11 21:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo Information Service
    [2011/04/11 21:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD
    [2011/04/11 21:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
    [2011/04/11 21:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
    [2011/04/11 20:58:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
    [2011/04/11 20:56:45 | 147,318,048 | ---- | C] (AVG Technologies) -- C:\avg201132bit.exe
    [2011/04/11 20:49:37 | 000,168,448 | ---- | C] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys
    [2011/04/11 20:48:56 | 000,000,000 | ---D | C] -- C:\cardreader
    [2011/04/11 20:47:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
    [2011/04/11 20:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel Network Adapters
    [2011/04/11 20:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2011/04/11 20:44:47 | 000,000,000 | ---D | C] -- C:\wireless
    [2011/04/11 20:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
    [2011/04/11 20:34:25 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
    [2011/04/11 20:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
    [2011/04/11 20:32:31 | 000,000,000 | ---D | C] -- C:\sound
    [2011/04/11 20:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TOSHIBA
    [2011/04/11 20:30:37 | 000,064,512 | ---- | C] (Agere Systems) -- C:\WINDOWS\agrsmdel.exe
    [2011/04/11 20:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\ltmoh
    [2011/04/11 20:30:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
    [2011/04/11 20:30:17 | 000,000,000 | ---D | C] -- C:\modem
    [2011/04/11 20:28:51 | 000,000,000 | ---D | C] -- C:\vga
    [2011/04/11 20:28:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
    [2011/04/11 20:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2011/04/11 20:27:51 | 000,000,000 | ---D | C] -- C:\chipset
    [2011/04/11 16:45:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
    [2011/04/11 16:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
    [2011/04/11 16:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
    [2011/04/11 16:45:22 | 000,000,000 | R--D | C] -- C:\Program Files
    [2011/04/11 16:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
    [2011/04/11 16:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
    [2011/04/11 16:44:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    [2011/04/11 16:44:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
    [2011/04/11 16:44:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
    [2011/04/11 16:44:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
    [2011/04/11 16:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
    [2011/04/11 16:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
    [2011/04/11 16:44:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
    [2011/04/11 16:44:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
    [2011/04/11 16:44:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
    [2011/04/11 16:44:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
    [2011/04/11 16:44:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2011/04/11 16:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings
    [2011/04/11 16:36:27 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
    [2011/04/11 16:36:27 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
    [2011/04/11 16:36:27 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
    [2011/04/11 16:36:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
    [2011/04/11 16:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
    [2010/11/11 17:44:54 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
    [2010/11/08 15:57:04 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
    [2010/02/19 12:27:36 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
    [2010/02/19 12:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
    [2010/02/19 12:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
    [2010/02/19 12:27:16 | 000,847,872 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
    [2010/02/19 12:27:16 | 000,843,776 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
    [2010/02/19 12:27:16 | 000,839,680 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
    [2005/03/05 06:02:20 | 001,066,278 | ---- | C] (Agere Systems) -- C:\WINDOWS\System32\drivers\AGRSM.sys
    [2005/01/03 11:34:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2005/01/03 11:33:56 | 000,000,000 | ---D | C] -- C:\JRT
    [2005/01/03 10:23:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2005/01/03 09:39:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2005/01/03 09:39:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2005/01/03 09:39:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2005/01/03 09:39:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2005/01/03 09:39:07 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2005/01/03 09:38:57 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2005/01/03 09:38:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2005/01/03 07:31:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2005/01/03 07:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Desktop\tdsskiller
    [2005/01/03 02:54:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\New Account\PrivacIE
    [2005/01/02 10:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Desktop\mbar-1.05.0.1001
    [2005/01/02 10:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New
     
  25. littleimp99

    littleimp99 TS Rookie Topic Starter Posts: 45

    Account\Desktop\RK_Quarantine
    [2005/01/02 08:10:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New Account\My Documents\My Videos
    [2005/01/02 08:10:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
    [2005/01/02 08:10:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New Account\Start Menu\Programs\Administrative Tools
    [2005/01/02 08:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\My Documents\malware log
    [2005/01/02 07:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2005/01/02 01:35:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\New Account\Recent
    [2005/01/02 01:24:28 | 000,633,344 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
    [2005/01/01 22:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
    [2005/01/01 22:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2013
    [2005/01/01 22:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging
    [2005/01/01 22:11:12 | 000,072,704 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdvedisk.sys
    [2005/01/01 22:10:56 | 000,116,560 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
    [2005/01/01 22:10:55 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys
    [2005/01/01 22:09:56 | 000,242,504 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys
    [2005/01/01 22:09:53 | 000,486,536 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
    [2005/01/01 21:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Application Data\Bitdefender
    [2005/01/01 21:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
    [2005/01/01 21:04:49 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys
    [2005/01/01 21:04:22 | 000,343,456 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
    [2005/01/01 11:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
    [2005/01/01 10:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
    [2005/01/01 09:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Application Data\QuickScan
    [2005/01/01 09:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\My Documents\Downloads
    [2005/01/01 09:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Local Settings\Application Data\Google
    [2005/01/01 08:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\Application Data\Malwarebytes
    [2005/01/01 08:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New Account\My Documents\My Backups
    [2005/01/01 04:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Product Key Finder
    [2005/01/01 04:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Product Key Finder
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/04/17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
    [2013/02/22 19:46:44 | 000,116,560 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
    [2012/11/12 18:11:11 | 000,066,392 | ---- | M] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys
    [2012/11/02 14:17:14 | 000,242,504 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys
    [2012/10/31 13:13:10 | 000,343,456 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
    [2012/10/04 14:30:05 | 000,162,976 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys
    [2012/04/17 14:40:22 | 000,072,704 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdvedisk.sys
    [2011/10/31 17:20:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/10/27 12:59:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/10/26 19:36:27 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\New Account\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/10/26 19:36:21 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\New Account\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2011/10/20 13:07:25 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\trfntw32.cfg
    [2011/10/20 10:15:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/10/13 10:31:36 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/10/12 06:26:52 | 000,195,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/10/12 02:07:12 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/10/06 14:32:23 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/06/25 23:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [2011/05/26 16:19:38 | 000,036,400 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/04/19 13:45:17 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2011/04/19 12:15:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/04/13 17:46:46 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/04/13 09:03:09 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
    [2011/04/13 09:02:43 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
    [2011/04/12 14:28:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2011/04/12 08:28:48 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2011/04/11 23:59:53 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
    [2011/04/11 23:59:10 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2011/04/11 23:56:23 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/04/11 23:56:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/04/11 23:56:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/04/11 23:56:23 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/04/11 23:56:23 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/04/11 23:56:13 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011/04/11 23:56:13 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011/04/11 23:56:01 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
    [2011/04/11 23:53:18 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/04/11 23:50:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/04/11 21:01:22 | 000,001,639 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InterVideo WinDVD 8.lnk
    [2011/04/11 20:58:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
    [2011/04/11 20:48:57 | 000,168,448 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys
    [2011/04/11 20:32:37 | 000,156,672 | ---- | M] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2011/04/11 20:32:36 | 000,141,016 | ---- | M] () -- C:\WINDOWS\System32\alsndmgr.wav
    [2011/04/11 20:32:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\ChCfg.exe
    [2011/04/11 20:32:31 | 000,001,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
    [2011/04/11 20:32:31 | 000,000,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\alcxhweq.dat
    [2011/04/11 20:32:31 | 000,000,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\alcxeq.dat
    [2011/04/11 20:30:18 | 001,066,278 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\drivers\AGRSM.sys
    [2011/04/11 20:30:18 | 000,128,113 | ---- | M] () -- C:\WINDOWS\System32\csellang.ini
    [2011/04/11 20:30:18 | 000,064,512 | ---- | M] (Agere Systems) -- C:\WINDOWS\agrsmdel.exe
    [2011/04/11 20:30:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\csellang.dll
    [2011/04/11 20:30:18 | 000,010,165 | ---- | M] () -- C:\WINDOWS\System32\tosmreg.ini
    [2011/04/11 20:30:18 | 000,007,671 | ---- | M] () -- C:\WINDOWS\System32\cseltbl.ini
    [2011/04/11 20:28:53 | 000,524,850 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.cpa
    [2011/04/11 20:28:53 | 000,058,675 | ---- | M] () -- C:\WINDOWS\System32\igxpxk32.vp
    [2011/04/11 20:28:53 | 000,018,496 | ---- | M] () -- C:\WINDOWS\System32\igxpxs32.vp
    [2011/04/11 20:28:53 | 000,000,900 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.vp
    [2011/02/09 06:53:52 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sbe.dll
    [2011/02/09 06:53:52 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll
    [2010/12/02 23:16:40 | 147,318,048 | ---- | M] (AVG Technologies) -- C:\avg201132bit.exe
    [2010/11/11 17:44:54 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
    [2010/11/08 15:57:04 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
    [2010/11/07 10:20:24 | 000,208,896 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/05/10 11:01:10 | 000,072,192 | ---- | M] () -- C:\WINDOWS\System32\zlib.dll
    [2010/02/22 15:12:32 | 000,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
    [2010/02/19 12:27:36 | 000,720,384 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
    [2010/02/19 12:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
    [2010/02/19 12:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
    [2010/02/19 12:27:16 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
    [2010/02/19 12:27:16 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
    [2010/02/19 12:27:16 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
    [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
    [2009/09/09 15:49:14 | 004,194,304 | ---- | M] (Amyuni Technologies
    http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
    [2009/08/11 21:18:28 | 000,497,664 | ---- | M] () -- C:\WINDOWS\System32\ac3filter.acm
    [2009/04/19 21:56:28 | 000,060,416 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2009/02/12 22:20:42 | 000,005,630 | ---- | M] () -- C:\WINDOWS\System32\IE8Eula.rtf
    [2009/01/07 18:20:20 | 000,008,798 | ---- | M] () -- C:\WINDOWS\System32\icrav03.rat
    [2009/01/07 18:20:20 | 000,001,988 | ---- | M] () -- C:\WINDOWS\System32\ticrf.rat
    [2008/04/13 17:25:26 | 000,001,804 | ---- | M] () -- C:\WINDOWS\System32\dcache.bin
    [2008/04/13 17:12:42 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\mpg2splt.ax
    [2008/04/13 17:12:42 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\mpeg2data.ax
    [2008/04/13 17:11:52 | 000,498,742 | ---- | M] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
    [2008/04/13 17:10:34 | 000,175,104 | ---- | M] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
    [2008/04/13 17:10:08 | 000,844,314 | ---- | M] () -- C:\WINDOWS\System32\msdxm.ocx
    [2008/04/13 17:10:08 | 000,844,314 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
    [2008/04/13 17:10:08 | 000,004,126 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
    [2008/04/13 17:09:39 | 013,463,552 | ---- | M] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
    [2008/04/13 17:09:05 | 000,173,568 | ---- | M] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
    [2008/04/13 10:28:53 | 000,066,725 | ---- | M] () -- C:\WINDOWS\System32\dllcache\revert.wmz
    [2008/04/13 10:28:15 | 000,184,959 | ---- | M] () -- C:\WINDOWS\System32\dllcache\compact.wmz
    [2008/04/13 10:26:09 | 000,004,310 | ---- | M] () -- C:\WINDOWS\System32\odbcconf.rsp
    [2008/04/13 10:23:23 | 000,029,070 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wmp.inf
    [2007/09/17 01:48:10 | 000,001,261 | ---- | M] () -- C:\WINDOWS\System32\pid.inf
    [2007/06/25 22:58:10 | 000,067,374 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
    [2007/06/25 22:56:36 | 000,001,477 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
    [2007/06/25 22:56:36 | 000,001,477 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
    [2007/06/25 22:56:36 | 000,001,474 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
    [2007/06/25 22:56:36 | 000,001,451 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
    [2007/06/25 22:56:36 | 000,001,448 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
    [2007/06/25 22:56:36 | 000,001,250 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
    [2007/06/25 22:56:36 | 000,001,049 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
    [2007/06/25 22:56:36 | 000,001,046 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
    [2007/06/25 22:56:36 | 000,001,036 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
    [2007/06/25 22:56:36 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
    [2007/06/25 22:56:36 | 000,000,787 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
    [2007/06/25 22:56:36 | 000,000,784 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
    [2007/06/25 22:56:36 | 000,000,783 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
    [2007/06/25 22:56:36 | 000,000,775 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
    [2007/06/25 22:56:36 | 000,000,733 | ---- | M] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
    [2007/04/02 10:51:05 | 000,023,195 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
    [2006/08/03 03:24:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\PfMgrTool.exe
    [2006/08/03 03:24:08 | 000,045,124 | ---- | M] () -- C:\WINDOWS\System32\LsaWrApi.dll
    [2006/08/03 03:16:54 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\ShellNav.dll
    [2006/08/03 03:15:16 | 000,528,453 | ---- | M] () -- C:\WINDOWS\System32\C1XStngs.dll
    [2006/08/03 03:14:18 | 000,069,632 | ---- | M] () -- C:\WINDOWS\System32\D8021Xps.dll
    [2006/05/11 18:41:14 | 000,000,654 | ---- | M] () -- C:\WINDOWS\remove.iss
    [2005/01/13 03:02:14 | 000,006,760 | ---- | M] () -- C:\WINDOWS\System32\EncHWLst
    [2005/01/13 03:00:14 | 000,147,456 | ---- | M] () -- C:\WINDOWS\System32\ssleay32.dll
    [2005/01/13 03:00:10 | 000,651,264 | ---- | M] () -- C:\WINDOWS\System32\libeay32.dll
    [2005/01/03 11:30:18 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2005/01/03 11:26:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2005/01/03 11:05:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2005/01/03 10:23:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2005/01/02 22:35:15 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\New Account\Application Datauser_gensett.xml
    [2005/01/02 22:33:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2005/01/02 07:31:15 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2005/01/02 01:24:28 | 000,633,344 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
    [2005/01/02 00:48:56 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
    [2005/01/01 22:26:26 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security 2013.lnk
    [2005/01/01 22:26:24 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Safepay.lnk
    [2005/01/01 22:26:06 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
    [2005/01/01 22:25:00 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2005/01/01 10:59:27 | 000,002,842 | ---- | M] () -- C:\WINDOWS\System32\lic2.xml29967
    [2005/01/01 10:26:20 | 000,002,842 | ---- | M] () -- C:\WINDOWS\System32\lic2.xml25104
    [2005/01/01 10:03:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\lic2.xml21493
    [2005/01/01 09:05:05 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\New Account\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2005/01/01 08:49:04 | 000,314,788 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2005/01/01 08:49:04 | 000,041,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/12/31 23:23:16 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/10/27 12:59:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/10/26 19:36:27 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\New Account\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/10/26 19:36:27 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\New Account\Start Menu\Programs\Internet Explorer.lnk
    [2011/10/26 19:36:21 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\New Account\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2011/10/26 19:36:08 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\New Account\Start Menu\Programs\Outlook Express.lnk
    [2011/10/26 19:35:02 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\New Account\Start Menu\Programs\Remote Assistance.lnk
    [2011/10/26 19:35:02 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\New Account\Start Menu\Programs\Windows Media Player.lnk
    [2011/10/20 13:07:25 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\trfntw32.cfg
    [2011/10/13 10:31:36 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2011/10/13 10:31:36 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/10/06 14:32:23 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/10/06 10:57:29 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
    [2011/05/26 16:19:38 | 000,036,400 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/04/18 21:07:44 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
    [2011/04/18 21:07:44 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
    [2011/04/18 21:07:44 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
    [2011/04/18 21:07:43 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
    [2011/04/18 21:07:43 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
    [2011/04/18 21:07:43 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
    [2011/04/18 21:07:43 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
    [2011/04/18 21:07:43 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
    [2011/04/18 21:07:43 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
    [2011/04/18 21:07:43 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
    [2011/04/18 21:07:43 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
    [2011/04/18 21:07:43 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
    [2011/04/18 21:07:43 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
    [2011/04/18 21:07:43 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
    [2011/04/18 21:07:43 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
    [2011/04/18 21:07:43 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
    [2011/04/18 21:07:43 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
    [2011/04/18 21:07:43 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
    [2011/04/18 21:07:43 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
    [2011/04/18 21:07:43 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
    [2011/04/18 21:07:43 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
    [2011/04/18 21:07:42 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
    [2011/04/18 21:07:42 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
    [2011/04/18 21:07:42 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
    [2011/04/18 21:07:42 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
    [2011/04/18 21:07:40 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
    [2011/04/18 21:07:40 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
    [2011/04/18 21:07:40 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
    [2011/04/18 21:07:37 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
    [2011/04/18 21:07:37 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
    [2011/04/18 21:07:37 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
    [2011/04/18 21:07:37 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
    [2011/04/18 21:07:37 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
    [2011/04/18 21:07:37 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
    [2011/04/18 21:07:37 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
    [2011/04/18 21:07:36 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
    [2011/04/18 21:07:36 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
    [2011/04/18 21:07:36 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
    [2011/04/18 21:07:34 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
    [2011/04/18 21:07:34 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
    [2011/04/18 21:07:33 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
    [2011/04/18 21:07:31 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
    [2011/04/18 21:07:29 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
    [2011/04/18 21:07:29 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
    [2011/04/18 21:07:29 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
    [2011/04/18 21:07:28 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
    [2011/04/18 21:07:21 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
    [2011/04/18 21:07:21 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
    [2011/04/18 21:07:21 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
    [2011/04/18 21:07:19 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
    [2011/04/18 21:07:10 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
    [2011/04/18 21:06:57 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
    [2011/04/18 21:06:57 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
    [2011/04/18 21:06:57 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
    [2011/04/18 21:06:57 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
    [2011/04/18 21:06:57 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
    [2011/04/18 21:06:57 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
    [2011/04/18 21:06:57 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
    [2011/04/18 21:06:57 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
    [2011/04/18 21:06:57 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
    [2011/04/18 21:06:57 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
    [2011/04/18 21:06:56 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
    [2011/04/18 21:04:15 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
    [2011/04/13 17:46:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/04/13 09:25:37 | 000,497,664 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm
    [2011/04/13 09:02:43 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
    [2011/04/13 09:02:15 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
    [2011/04/13 09:01:21 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2011/04/13 08:54:35 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/13 08:54:34 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/12 14:28:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/04/12 08:28:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2011/04/11 23:59:53 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
    [2011/04/11 23:59:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/04/11 23:58:22 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
    [2011/04/11 23:57:57 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [2011/04/11 23:57:50 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
    [2011/04/11 23:57:49 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
    [2011/04/11 23:57:47 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
    [2011/04/11 23:57:34 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
    [2011/04/11 23:57:28 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
    [2011/04/11 23:57:10 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
    [2011/04/11 23:56:23 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/04/11 23:56:23 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2011/04/11 23:56:23 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2011/04/11 23:56:23 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
    [2011/04/11 23:56:23 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
    [2011/04/11 23:56:13 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011/04/11 23:56:13 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011/04/11 23:56:12 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
    [2011/04/11 23:55:03 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
    [2011/04/11 23:54:48 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
    [2011/04/11 23:54:17 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
    [2011/04/11 23:54:17 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
    [2011/04/11 23:54:10 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
    [2011/04/11 23:53:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/04/11 23:52:29 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
    [2011/04/11 23:52:29 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
    [2011/04/11 23:52:03 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
    [2011/04/11 23:52:02 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
    [2011/04/11 23:52:02 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
    [2011/04/11 23:52:02 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
    [2011/04/11 23:52:02 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
    [2011/04/11 23:52:02 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
    [2011/04/11 23:52:02 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
    [2011/04/11 23:52:01 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
    [2011/04/11 23:52:01 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
    [2011/04/11 23:52:01 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
    [2011/04/11 23:52:01 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
    [2011/04/11 23:51:58 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
    [2011/04/11 23:51:58 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
    [2011/04/11 23:51:57 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
    [2011/04/11 23:51:50 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
    [2011/04/11 21:19:11 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
    [2011/04/11 21:02:14 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/04/11 21:01:26 | 000,000,654 | ---- | C] () -- C:\WINDOWS\remove.iss
    [2011/04/11 21:01:25 | 000,001,794 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo Information Service.lnk
    [2011/04/11 21:01:22 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InterVideo WinDVD 8.lnk
    [2011/04/11 20:58:10 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
    [2011/04/11 20:34:26 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2011/04/11 20:34:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2011/04/11 20:34:25 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
    [2011/04/11 20:34:25 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
    [2011/04/11 20:34:25 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxhweq.dat
    [2011/04/11 20:34:25 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxeq.dat
    [2011/04/11 20:30:38 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
    [2011/04/11 20:30:37 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
    [2011/04/11 20:30:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
    [2011/04/11 20:30:37 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
    [2011/04/11 16:45:30 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2011/04/11 16:45:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/04/11 16:45:24 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
    [2011/04/11 16:45:24 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
    [2011/04/11 16:45:24 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
    [2011/04/11 16:45:23 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
    [2011/04/11 16:45:07 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
    [2011/04/11 16:44:54 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
    [2011/04/11 16:44:54 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
    [2011/04/11 16:44:54 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
    [2011/04/11 16:44:54 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
    [2011/04/11 16:44:54 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
    [2011/04/11 16:44:54 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
    [2011/04/11 16:44:54 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
    [2011/04/11 16:44:53 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
    [2011/04/11 16:44:05 | 000,195,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/04/11 16:43:27 | 000,000,327 | RHS- | C] () -- C:\boot.ini
    [2011/04/11 16:43:23 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
    [2011/02/09 06:53:52 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
    [2011/02/09 06:53:52 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
    [2009/11/27 10:11:44 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
    [2009/02/12 22:20:42 | 000,005,630 | ---- | C] () -- C:\WINDOWS\System32\IE8Eula.rtf
    [2009/01/07 18:20:20 | 000,008,798 | ---- | C] () -- C:\WINDOWS\System32\icrav03.rat
    [2009/01/07 18:20:20 | 000,001,988 | ---- | C] () -- C:\WINDOWS\System32\ticrf.rat
    [2008/04/13 10:28:53 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
    [2008/04/13 10:28:15 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
    [2008/04/13 10:23:23 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
    [2007/09/17 01:48:10 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
    [2007/06/25 22:58:10 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
    [2007/06/25 22:56:36 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
    [2007/06/25 22:56:36 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
    [2007/06/25 22:56:36 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
    [2007/06/25 22:56:36 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
    [2007/06/25 22:56:36 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
    [2007/06/25 22:56:36 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
    [2007/06/25 22:56:36 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
    [2007/06/25 22:56:36 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
    [2007/06/25 22:56:36 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
    [2007/06/25 22:56:36 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
    [2007/06/25 22:56:36 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
    [2007/06/25 22:56:36 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
    [2007/06/25 22:56:36 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
    [2007/06/25 22:56:36 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
    [2007/06/25 22:56:36 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
    [2007/04/02 10:51:05 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
    [2006/08/03 03:24:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PfMgrTool.exe
    [2006/08/03 03:24:08 | 000,045,124 | ---- | C] () -- C:\WINDOWS\System32\LsaWrApi.dll
    [2006/08/03 03:16:54 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\ShellNav.dll
    [2006/08/03 03:15:16 | 000,528,453 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
    [2006/08/03 03:14:18 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\D8021Xps.dll
    [2005/07/19 13:04:32 | 000,018,496 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
    [2005/07/19 12:02:18 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
    [2005/07/19 12:02:18 | 000,058,675 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
    [2005/07/19 12:02:18 | 000,000,900 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
    [2005/01/13 03:02:14 | 000,006,760 | ---- | C] () -- C:\WINDOWS\System32\EncHWLst
    [2005/01/13 03:00:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2005/01/13 03:00:10 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2005/01/03 10:23:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2005/01/03 10:23:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2005/01/03 09:39:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2005/01/03 09:39:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2005/01/03 09:39:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2005/01/03 09:39:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2005/01/03 09:39:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2005/01/02 22:35:15 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\New Account\Application Datauser_gensett.xml
    [2005/01/02 07:31:15 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2005/01/02 00:48:56 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
    [2005/01/01 22:26:26 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security 2013.lnk
    [2005/01/01 22:26:23 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Safepay.lnk
    [2005/01/01 22:26:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
    [2005/01/01 22:25:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2005/01/01 10:47:12 | 000,002,842 | ---- | C] () -- C:\WINDOWS\System32\lic2.xml29967
    [2005/01/01 10:22:22 | 000,002,842 | ---- | C] () -- C:\WINDOWS\System32\lic2.xml25104
    [2005/01/01 10:03:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lic2.xml21493
    [2005/01/01 04:57:42 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\New Account\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 05:00:00 | 000,314,788 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 05:00:00 | 000,041,608 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== ZeroAccess Check ==========


    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2005/01/01 22:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
    [2005/01/01 22:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
    [2011/04/12 10:18:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2005/01/01 08:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
    [2011/10/06 16:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
    [2011/05/03 12:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jLd06504nPhGj06504
    [2011/10/06 16:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2005/01/01 08:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\shaw
    [2011/10/20 07:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
    [2011/04/11 21:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2005/01/01 22:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
    [2005/01/01 21:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\New Account\Application Data\Bitdefender
    [2005/01/01 09:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\New Account\Application Data\QuickScan

    ========== Purity Check ==========

    < End of report >
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...