site Search:
Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
    All Forums Hot Topics Gallery
 
Forums >

Broadband Tech > Security > Security Cleanup > [Rootkit] I give up - redirect / Malware? virus? Trojan? Rootkit

Search Topic:
 Uniqs:
5372		 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
page: 1 · 2
AuthorAll Replies

Mark8g

join:2012-02-01

[Rootkit] I give up - redirect / Malware? virus? Trojan? Rootkit

For days now I've tried everything to clean up my Win-XP system.
Nothing works.

I get re-directs when I try to go to a website.
404 errors.
400 errors.
Bookmarked sites work, and then re-direct or just stop.

I made an online purchase and on the last page to complete the transaction get an SSL error.

I've gone through every clean up trick I could find...still happens.

~ ~ ~ ~ MBAM log:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.01.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Adas :: ADAS [administrator]

Protection: Disabled

2/1/2012 12:29:02 PM
mbam-log-2012-02-01 (12-29-02).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 519101
Time elapsed: 3 hour(s), 27 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

~ ~ ~ ~ ~ OTL.txt:

OTL logfile created on: 2/1/2012 4:00:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Adas\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 79.14% Memory free
5.84 Gb Paging File | 5.32 Gb Available in Paging File | 91.05% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 97.61 Gb Free Space | 42.79% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 58.86 Gb Free Space | 12.64% Space Free | Partition Type: NTFS

Computer Name: ADAS | User Name: Adas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/02/01 13:26:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adas\Desktop\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/11/03 07:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/03/02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/09/23 14:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/09/23 14:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/02/05 14:55:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/13 16:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/04/25 05:49:52 | 000,086,142 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2012/02/01 00:12:03 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/09/23 14:05:06 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2009/09/23 14:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys -- (sftvol)
DRV - [2009/09/23 14:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys -- (sftplay)
DRV - [2009/09/23 14:04:52 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys -- (sftfs)
DRV - [2009/03/04 17:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/04/13 10:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/06/15 01:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/28 14:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/04/14 23:14:58 | 001,130,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/10 09:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 09:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/12/22 10:58:14 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)
DRV - [2004/11/02 12:12:14 | 000,019,456 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 01:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 01:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 01:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2002/11/08 16:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = »www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = »www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Adas\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Adas\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 12:19:25 | 000,000,000 | ---D | M]

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Adas\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Adas\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Poppit = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Classic Blue Theme for Google Chrome\u2122 = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oppbdedflbioggjkeneigjcmpomohajo\1.3_0\

O1 HOSTS File: ([2012/01/26 12:29:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Medialink Utilty] C:\Program Files\Medialink\MWN-USB150N\UI.exe (MEDIALINK)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Adas\Start Menu\Programs\Startup\TClock2.lnk = C:\Documents and Settings\Adas\Desktop\tclock2_120\tclock2.exe (Two_toNe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} »codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} »support.att.net/sdccommon/downlo···tlcm.cab (Support.com Configuration Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} »support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} »housecall60.trendmicro.com/house···an60.cab (HouseCall Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} »fpdownload.macromedia.com/get/sh···r/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} »download.microsoft.com/download/···trol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} »www.trendsecure.com/framework/co···cmsX.CAB (TmHcmsX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} »office.microsoft.com/officeupdat···puc3.cab (Office Update Installation Engine)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} »dlm.tools.akamai.com/dlmanager/v···.5.0.cab (DLM Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} »catalog.update.microsoft.com/v7/···22681802 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} »update.microsoft.com/windowsupda···71376303 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} »download.divx.com/player/DivXBro···ugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} »update.microsoft.com/microsoftup···70480250 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} »housecall65.trendmicro.com/house···Impl.cab (Trend Micro ActiveX Scan Agent 6.5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} »fpdownload.macromedia.com/get/fl···shim.cab (Reg Error: Key error.)
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} »www.trendmicro.com/spyware-scan/as4web.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} »wwwimages.adobe.com/www.adobe.co···s/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} »fpdownload2.macromedia.com/get/s···lash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F53F207-C041-46F9-B32C-35B8C03FEEE9}: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Adas/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Adas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 13:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/02/01 15:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adas\Desktop\ScanFiles
[2012/02/01 13:26:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adas\Desktop\OTL.exe
[2012/02/01 12:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/01 12:28:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/01 12:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/01 12:27:03 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Adas\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/01 11:58:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adas\Desktop\TFC.exe
[2012/01/31 23:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2012/01/31 23:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2012/01/31 23:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/01/31 22:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adas\My Documents\[ www.TorrentDay.com ] - 400.Years.of.the.Telescope.HDTV.XviD-QCF
[2012/01/31 14:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/01/31 05:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adas\Desktop\TrendHijackThis
[2012/01/27 20:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2012/01/27 14:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adas\Start Menu\Programs\Google Chrome
[2012/01/27 14:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/26 17:58:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/26 12:10:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/26 12:08:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/26 12:08:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/26 12:08:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/26 12:08:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/26 12:06:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/26 11:23:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/25 10:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/01/25 10:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/25 07:42:08 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/01/25 00:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adas\Desktop\pina
[2012/01/24 23:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/01/24 23:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adas\Desktop\HitmanPro
[2012/01/24 23:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/24 23:20:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adas\Desktop\SupAntiSpy
[2012/01/24 23:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/24 23:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adas\Desktop\spyDr
[2012/01/24 23:14:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/24 23:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adas\Desktop\tdsskiller
[2012/01/23 23:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\PeerNetworking
[2012/01/23 23:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\crowsoft
[2012/01/23 23:28:54 | 000,153,088 | ---- | C] (CrowSoft) -- C:\WINDOWS\System32\LOILSP.dll
[2012/01/23 23:28:54 | 000,032,768 | ---- | C] (CrowSoft) -- C:\WINDOWS\System32\ilannsp.dll
[2012/01/23 23:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\LAN On Internet Pro
[2012/01/15 09:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/01/15 09:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adas\Application Data\PerformerSoft
[2012/01/14 22:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adas\Desktop\Tinker
[2008/11/03 17:44:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Adas\Application Data\pcouffin.sys
[2005/09/28 03:21:24 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/02/01 15:51:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/01 15:51:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/01 15:39:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2083693124-1905285605-2234644732-1006UA.job
[2012/02/01 13:39:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2083693124-1905285605-2234644732-1006Core.job
[2012/02/01 13:27:44 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Adas\Desktop\SecurityCheck.exe
[2012/02/01 13:26:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adas\Desktop\OTL.exe
[2012/02/01 12:27:19 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Adas\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/01 12:24:06 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/02/01 12:20:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/01 12:19:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/01 12:18:59 | 3219,296,256 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/01 11:58:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adas\Desktop\TFC.exe
[2012/02/01 10:44:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/01 08:13:56 | 087,917,769 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/01 07:13:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{91698C7F-12F0-4233-8367-1B419D53299C}.job
[2012/02/01 00:12:03 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/02/01 00:07:45 | 000,000,338 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2012/01/31 23:57:45 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2012/01/31 23:54:06 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\Adas\Desktop\Virus Redirects & prevents updates.url
[2012/01/31 23:00:43 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/31 11:36:35 | 000,000,195 | ---- | M] () -- C:\Documents and Settings\Adas\Desktop\Trojan Remover - Program Details.url
[2012/01/31 11:20:09 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\Adas\Desktop\Internet browser redirecting [Solved] Kioskea.net.url
[2012/01/31 07:00:08 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\Adas\Desktop\How To Easily Remove Google Redirect Virus.url
[2012/01/30 17:42:27 | 000,270,191 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/30 11:40:50 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Adas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2012/01/30 00:36:44 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Adas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007 (2).lnk
[2012/01/27 20:21:31 | 000,000,113 | ---- | M] () -- C:\Documents and Settings\Adas\Desktop\How do I remove a Google Redirect Virus-- My TrendMicro and Windows Defender are not finding it. - Google Groups.url
[2012/01/27 20:07:59 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Adas\Desktop\How to fix Google results hijacker (Google redirect) virus problem- - easy2resolve.com.url
[2012/01/27 14:50:02 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Adas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/27 14:07:31 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System32\shortcut_ex.dat
[2012/01/27 11:23:44 | 000,139,114 | ---- | M] () -- C:\Documents and Settings\Adas\Desktop\bookmarks_1_27_12.html
[2012/01/27 10:46:02 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Adas\Application Data\vso_ts_preview.xml
[2012/01/26 22:24:22 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\Adas\Desktop\ARKive - Bald eagle video - Haliaeetus leucocephalus - 09d.url
[2012/01/26 12:29:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/26 11:51:41 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/01/25 08:04:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/25 07:58:57 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/01/25 07:52:16 | 000,499,746 | ---- | M] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\census.cache
[2012/01/25 07:52:13 | 000,226,416 | ---- | M] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\ars.cache
[2012/01/24 23:59:01 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/01/24 23:19:10 | 000,727,250 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/24 23:13:22 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Adas\Desktop\sdasetup_revwire207.exe
[2012/01/24 17:41:08 | 000,007,017 | ---- | M] () -- C:\Documents and Settings\Adas\Desktop\images.jpg
[2012/01/23 23:28:57 | 000,486,406 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/23 23:28:57 | 000,081,492 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/22 20:35:48 | 734,013,440 | ---- | M] () -- C:\Documents and Settings\Adas\Desktop\Rogue Trader - The story of Nick Leeson.avi
[2012/01/18 16:09:38 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Adas\Desktop\rossmckitrick.url
[2012/01/18 15:53:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/15 09:33:21 | 000,001,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2012/01/09 20:07:44 | 000,000,297 | ---- | M] () -- C:\Documents and Settings\Adas\Desktop\Greek Meatza with Creamy Feta, Kalamata Olives and Red Onion Mark's Daily Apple.url

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/02/01 13:27:40 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Adas\Desktop\SecurityCheck.exe
[2012/02/01 00:07:45 | 000,000,338 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2012/01/31 23:57:46 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/01/31 23:57:45 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2012/01/31 14:46:59 | 000,000,171 | ---- | C] () -- C:\Documents and Settings\Adas\Desktop\Virus Redirects & prevents updates.url
[2012/01/31 11:28:01 | 000,000,195 | ---- | C] () -- C:\Documents and Settings\Adas\Desktop\Trojan Remover - Program Details.url
[2012/01/31 11:20:09 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Adas\Desktop\Internet browser redirecting [Solved] Kioskea.net.url
[2012/01/31 06:59:12 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\Adas\Desktop\How To Easily Remove Google Redirect Virus.url
[2012/01/27 20:21:31 | 000,000,113 | ---- | C] () -- C:\Documents and Settings\Adas\Desktop\How do I remove a Google Redirect Virus-- My TrendMicro and Windows Defender are not finding it. - Google Groups.url
[2012/01/27 20:07:59 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Adas\Desktop\How to fix Google results hijacker (Google redirect) virus problem- - easy2resolve.com.url
[2012/01/27 14:50:02 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Adas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/27 14:07:31 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\shortcut_ex.dat
[2012/01/27 11:23:44 | 000,139,114 | ---- | C] () -- C:\Documents and Settings\Adas\Desktop\bookmarks_1_27_12.html
[2012/01/26 22:24:22 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\Adas\Desktop\ARKive - Bald eagle video - Haliaeetus leucocephalus - 09d.url
[2012/01/26 21:51:55 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Adas\Application Data\vso_ts_preview.xml
[2012/01/26 12:10:41 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/01/26 12:10:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/26 12:08:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/26 12:08:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/26 12:08:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/26 12:08:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/26 12:08:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/25 08:09:57 | 3219,296,256 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/25 07:58:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/01/24 23:59:01 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/01/24 23:18:38 | 000,727,250 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/24 23:15:29 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Adas\Desktop\sdasetup_revwire207.exe
[2012/01/24 17:41:15 | 000,007,017 | ---- | C] () -- C:\Documents and Settings\Adas\Desktop\images.jpg
[2012/01/23 18:11:47 | 734,013,440 | ---- | C] () -- C:\Documents and Settings\Adas\Desktop\Rogue Trader - The story of Nick Leeson.avi
[2012/01/15 09:33:21 | 000,001,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/10/21 16:56:09 | 000,118,870 | ---- | C] () -- C:\WINDOWS\hpoins30.dat
[2011/10/21 16:56:09 | 000,000,449 | ---- | C] () -- C:\WINDOWS\hpomdl30.dat
[2011/09/15 20:00:22 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/08/02 13:09:34 | 000,499,746 | ---- | C] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\census.cache
[2011/08/02 13:09:12 | 000,226,416 | ---- | C] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\ars.cache
[2011/02/24 00:50:44 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/02/24 00:50:44 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\drivers\RaCoInst.dat
[2011/02/13 00:26:25 | 000,442,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/27 09:50:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/04 14:12:47 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2009/10/08 02:09:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\housecall.guid.cache
[2009/01/15 05:00:03 | 000,066,544 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/03 17:44:43 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Adas\Application Data\pcouffin.cat
[2008/11/03 17:44:43 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Adas\Application Data\pcouffin.inf
[2008/08/27 09:04:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/08/27 09:00:53 | 000,000,142 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2008/03/13 14:12:46 | 000,000,077 | ---- | C] () -- C:\WINDOWS\slsetup.ini
[2008/03/08 06:41:07 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/22 23:16:28 | 000,009,119 | ---- | C] () -- C:\Documents and Settings\Adas\Application Data\.googlewebacchosts
[2007/11/10 23:11:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2007/11/10 23:06:55 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007/11/08 10:12:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/10/01 07:28:15 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/09/28 18:36:05 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/09/28 18:36:05 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/09/28 18:36:05 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/09/24 07:39:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedit.INI
[2007/09/19 06:10:47 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/09/16 07:12:32 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2007/08/30 23:16:42 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/25 11:13:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/04 23:34:05 | 000,000,726 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/01/17 14:47:13 | 000,027,136 | ---- | C] () -- C:\WINDOWS\toFront.dll
[2006/01/17 14:47:13 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2006/01/12 12:44:03 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/07 15:49:58 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2005/11/30 16:01:26 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/11/30 16:01:16 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/10/20 17:44:34 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/11 19:31:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/10/11 19:09:34 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\fusioncache.dat
[2005/09/28 03:55:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/28 03:50:37 | 000,000,140 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/28 03:48:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/09/28 03:44:30 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/09/28 03:44:29 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/09/28 03:44:22 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/09/28 03:44:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/09/28 03:44:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/09/28 03:21:24 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/09/28 03:21:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/09/28 03:21:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/09/28 03:21:10 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/09/28 03:20:42 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/09 14:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/03 16:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/02/03 19:59:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\metaflac.exe
[2005/02/03 19:59:44 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\flac.exe
[2004/10/01 17:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/08/19 13:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 13:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 13:03:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 13:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 12:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 12:57:07 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 12:49:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 12:49:47 | 000,486,406 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 12:49:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 12:49:47 | 000,081,492 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 12:49:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 12:49:47 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 12:49:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 12:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 12:49:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 12:49:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 12:49:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 12:49:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/10/15 14:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/05/17 14:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010/04/07 21:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\AnvSoft
[2011/09/29 08:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\AVG2012
[2007/12/24 07:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\Azureus
[2010/04/08 07:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\CocoonSoftware
[2010/01/25 08:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/24 22:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\HandBrake
[2010/03/01 12:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\ieSpell
[2007/11/16 15:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\ImgBurn
[2012/01/31 11:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\IObit
[2009/03/01 17:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\LaCie
[2006/02/25 07:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\Leadertech
[2011/10/05 06:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\M8 Software
[2007/10/22 13:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\MSNInstaller
[2010/05/10 05:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\NVD
[2007/09/26 07:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\OverDrive
[2012/01/15 09:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\PerformerSoft
[2007/11/08 09:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\Seven Zip
[2011/08/18 02:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\SoftGrid Client
[2009/01/28 16:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\Softland
[2010/05/10 05:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\TP
[2008/12/10 05:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\TuneUp Software
[2009/04/30 05:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2012/02/01 11:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\uTorrent
[2012/01/27 10:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\Vso
[2008/07/29 14:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adas\Application Data\Windows Search
[2009/06/25 11:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/09/29 08:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/04/30 23:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/02 18:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2010/11/17 06:15:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/14 07:23:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/23 23:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\crowsoft
[2007/10/01 07:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2009/11/04 14:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2012/02/01 00:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/01/24 23:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/02/01 08:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/08 07:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2010/04/30 18:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2012/01/27 14:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/10 05:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/05/10 07:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2008/11/21 18:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007/07/09 06:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/03/14 04:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/11 08:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/12/10 05:07:37 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/09/17 19:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/16 19:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/30 23:22:53 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/02/01 07:13:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{91698C7F-12F0-4233-8367-1B419D53299C}.job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\Adas\Desktop\ThrillerWalnutCreek.mp4:SummaryInformation
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

Any help would be greatly appreciated.
to forum · permalink · 2012-02-01 23:03:55 ·

Mark8g

join:2012-02-01

Re: [Rootkit] I give up - redirect / Malware? virus? Trojan? Roo

~ ~ ~ checkup.txt

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Enabled!
AVG 2012
Antivirus up to date!
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Java(TM) 6 Update 20
[color=red]Out of date Java installed![/color]
Adobe Flash Player ( 10.0.45.2) [color=red]Flash Player Out of Date![/color]
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

~ ~ ~ ~ Extras.log

OTL Extras logfile created on: 2/1/2012 4:00:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Adas\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 79.14% Memory free
5.84 Gb Paging File | 5.32 Gb Available in Paging File | 91.05% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 97.61 Gb Free Space | 42.79% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 58.86 Gb Free Space | 12.64% Space Free | Partition Type: NTFS

Computer Name: ADAS | User Name: Adas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"55061:TCP" = 55061:TCP:*:Enabled:uTorr
"55061:UDP" = 55061:UDP:*:Enabled:uTorr
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"3587:TCP" = 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Adas\Local Settings\Temp\7zS2913\setup\hpznui01.exe" = C:\Documents and Settings\Adas\Local Settings\Temp\7zS2913\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver 12.0 Rel .4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
"{20140062-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - English
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}" = Medialink MWN-USB150N
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193j
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"AviSynth" = AviSynth 2.5
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DirectVobSub" = DirectVobSub (remove only)
"doPDF 6 printer_is1" = doPDF 6.1 printer
"DS-Monkey Audio Source" = DS-Monkey Audio Source 1.00
"DVD Flick_is1" = DVD Flick
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ffdshow_is1" = ffdshow [rev 2792] [2009-03-20]
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"HandBrake" = HandBrake 0.9.3
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"ImgBurn" = ImgBurn
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.3.0 Full
"M8 Free Clipboard" = M8 Free Clipboard
"M8 Free Multi Clipboard" = M8 Free Multi Clipboard
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
"Picasa 3" = Picasa 3
"PokerStars.net" = PokerStars.net
"PRJPRO" = Microsoft Office Project Professional 2007
"PROSetDX" = Intel(R) PRO Network Connections Software v9.2.4.11
"Qlock" = Qlock Lite
"Series 7 Exam For Dummies" = Series 7 Exam For Dummies
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"TagScanner_is1" = TagScanner 4.9 build 497b Beta
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"TWS Beta (Build 8841)" = TWS Beta (Build 8841)

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ OSession Events ]
Error - 11/23/2008 8:33:06 PM | Computer Name = ADAS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8065
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 12/19/2008 3:29:31 PM | Computer Name = ADAS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8105
seconds with 960 seconds of active time. This session ended with a crash.

Error - 1/17/2009 1:44:38 PM | Computer Name = ADAS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3011
seconds with 540 seconds of active time. This session ended with a crash.

Error - 1/17/2009 1:50:54 PM | Computer Name = ADAS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 362
seconds with 300 seconds of active time. This session ended with a crash.

Error - 1/17/2009 1:51:15 PM | Computer Name = ADAS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/25/2009 4:38:50 PM | Computer Name = ADAS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19975
seconds with 120 seconds of active time. This session ended with a crash.

Error - 5/5/2009 3:44:45 AM | Computer Name = ADAS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/6/2009 11:54:35 PM | Computer Name = ADAS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3850
seconds with 60 seconds of active time. This session ended with a crash.

Error - 5/21/2009 11:25:45 AM | Computer Name = ADAS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 64241
seconds with 420 seconds of active time. This session ended with a crash.

Error - 8/21/2009 12:55:09 PM | Computer Name = ADAS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 144
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/1/2012 4:19:15 PM | Computer Name = ADAS | Source = Service Control Manager | ID = 7000
Description = The TLRecAgent service failed to start due to the following error:
%%2

Error - 2/1/2012 4:24:19 PM | Computer Name = ADAS | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/1/2012 4:24:19 PM | Computer Name = ADAS | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/1/2012 4:24:19 PM | Computer Name = ADAS | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/1/2012 4:24:19 PM | Computer Name = ADAS | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 2/1/2012 4:24:19 PM | Computer Name = ADAS | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/1/2012 4:24:19 PM | Computer Name = ADAS | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/1/2012 4:24:19 PM | Computer Name = ADAS | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Service Agent service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/1/2012 4:24:19 PM | Computer Name = ADAS | Source = Service Control Manager | ID = 7034
Description = The Client Virtualization Handler service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/1/2012 4:24:24 PM | Computer Name = ADAS | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Client service terminated unexpectedly.
It has done this 1 time(s).
to forum · permalink · 2012-02-01 23:09:58 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

In addition to those logs, can you also run:

(you can try safe mode with networking if needed)

Try to download and run TDSS Killer (#4), posting the log in your next reply - is there another accessible known good pc to download it to?
We'll need the entire log, even if you 'think/see' nothing detected.

»Security Cleanup FAQ »Rootkit Detection Applications
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2012-02-01 23:14:00 ·

Mark8g

join:2012-02-01

Step 4 is Download Security Check, saving it to your Desktop

This is the log.

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Enabled!
AVG 2012
Antivirus up to date!
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Java(TM) 6 Update 20
[color=red]Out of date Java installed![/color]
Adobe Flash Player ( 10.0.45.2) [color=red]Flash Player Out of Date![/color]
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

to forum · permalink · 2012-02-01 23:23:14 ·

Mark8g

join:2012-02-01

reply to lilhurricane
TDSSKiller report

20:24:49.0478 0656 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
20:24:50.0228 0656 ============================================================
20:24:50.0228 0656 Current date / time: 2012/02/01 20:24:50.0228
20:24:50.0228 0656 SystemInfo:
20:24:50.0228 0656
20:24:50.0228 0656 OS Version: 5.1.2600 ServicePack: 3.0
20:24:50.0228 0656 Product type: Workstation
20:24:50.0228 0656 ComputerName: ADAS
20:24:50.0228 0656 UserName: Adas
20:24:50.0228 0656 Windows directory: C:\WINDOWS
20:24:50.0228 0656 System windows directory: C:\WINDOWS
20:24:50.0228 0656 Processor architecture: Intel x86
20:24:50.0228 0656 Number of processors: 2
20:24:50.0228 0656 Page size: 0x1000
20:24:50.0228 0656 Boot type: Normal boot
20:24:50.0228 0656 ============================================================
20:24:52.0666 0656 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:24:52.0682 0656 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:24:52.0728 0656 \Device\Harddisk0\DR0:
20:24:52.0728 0656 MBR used
20:24:52.0728 0656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1C844A15
20:24:52.0728 0656 \Device\Harddisk1\DR1:
20:24:52.0744 0656 MBR used
20:24:52.0744 0656 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
20:24:53.0119 0656 Initialize success
20:24:53.0119 0656 ============================================================
20:25:05.0307 4068 ============================================================
20:25:05.0307 4068 Scan started
20:25:05.0307 4068 Mode: Manual; SigCheck; TDLFS;
20:25:05.0307 4068 ============================================================
20:25:05.0807 4068 Abiosdsk - ok
20:25:05.0900 4068 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:25:08.0275 4068 abp480n5 - ok
20:25:08.0353 4068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:25:08.0635 4068 ACPI - ok
20:25:08.0728 4068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:25:08.0900 4068 ACPIEC - ok
20:25:09.0010 4068 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:25:09.0150 4068 adpu160m - ok
20:25:09.0244 4068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:25:09.0432 4068 aec - ok
20:25:09.0510 4068 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:25:09.0557 4068 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:25:09.0557 4068 AegisP - detected UnsignedFile.Multi.Generic (1)
20:25:09.0635 4068 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:25:09.0697 4068 AFD - ok
20:25:09.0760 4068 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:25:09.0916 4068 agp440 - ok
20:25:10.0057 4068 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:25:10.0228 4068 agpCPQ - ok
20:25:10.0275 4068 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:25:10.0385 4068 Aha154x - ok
20:25:10.0432 4068 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:25:10.0603 4068 aic78u2 - ok
20:25:10.0650 4068 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:25:10.0791 4068 aic78xx - ok
20:25:10.0885 4068 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:25:11.0057 4068 AliIde - ok
20:25:11.0182 4068 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:25:11.0353 4068 alim1541 - ok
20:25:11.0400 4068 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:25:11.0572 4068 amdagp - ok
20:25:11.0603 4068 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:25:11.0682 4068 amsint - ok
20:25:11.0807 4068 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:25:11.0963 4068 asc - ok
20:25:12.0041 4068 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:25:12.0119 4068 asc3350p - ok
20:25:12.0197 4068 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:25:12.0369 4068 asc3550 - ok
20:25:12.0432 4068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:25:12.0603 4068 AsyncMac - ok
20:25:12.0635 4068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:25:12.0791 4068 atapi - ok
20:25:12.0807 4068 Atdisk - ok
20:25:12.0932 4068 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:25:13.0166 4068 ati2mtag - ok
20:25:13.0322 4068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:25:13.0463 4068 Atmarpc - ok
20:25:13.0603 4068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:25:13.0760 4068 audstub - ok
20:25:13.0838 4068 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
20:25:14.0088 4068 AVGIDSDriver - ok
20:25:14.0166 4068 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
20:25:14.0197 4068 AVGIDSEH - ok
20:25:14.0260 4068 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
20:25:14.0275 4068 AVGIDSFilter - ok
20:25:14.0635 4068 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
20:25:14.0869 4068 AVGIDSShim - ok
20:25:15.0166 4068 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:25:15.0182 4068 Avgldx86 - ok
20:25:15.0228 4068 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:25:15.0244 4068 Avgmfx86 - ok
20:25:15.0307 4068 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:25:15.0322 4068 Avgrkx86 - ok
20:25:15.0385 4068 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:25:15.0400 4068 Avgtdix - ok
20:25:15.0432 4068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:25:15.0588 4068 Beep - ok
20:25:15.0603 4068 bvrp_pci - ok
20:25:15.0822 4068 catchme - ok
20:25:15.0916 4068 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:25:16.0057 4068 cbidf - ok
20:25:16.0088 4068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:25:16.0228 4068 cbidf2k - ok
20:25:16.0275 4068 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:25:16.0369 4068 cd20xrnt - ok
20:25:16.0400 4068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:25:16.0557 4068 Cdaudio - ok
20:25:16.0775 4068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:25:16.0963 4068 Cdfs - ok
20:25:17.0119 4068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:25:17.0275 4068 Cdrom - ok
20:25:17.0338 4068 Changer - ok
20:25:17.0400 4068 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:25:17.0572 4068 CmdIde - ok
20:25:17.0619 4068 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:25:17.0760 4068 Cpqarray - ok
20:25:17.0885 4068 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
20:25:17.0978 4068 ctsfm2k - ok
20:25:18.0135 4068 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:25:18.0307 4068 dac2w2k - ok
20:25:18.0400 4068 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:25:18.0572 4068 dac960nt - ok
20:25:18.0713 4068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:25:18.0853 4068 Disk - ok
20:25:18.0932 4068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:25:19.0213 4068 dmboot - ok
20:25:19.0244 4068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:25:19.0400 4068 dmio - ok
20:25:19.0478 4068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:25:19.0635 4068 dmload - ok
20:25:19.0713 4068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:25:19.0853 4068 DMusic - ok
20:25:19.0932 4068 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:25:20.0103 4068 dpti2o - ok
20:25:20.0150 4068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:25:20.0291 4068 drmkaud - ok
20:25:20.0416 4068 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
20:25:20.0447 4068 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
20:25:20.0447 4068 drvmcdb - detected UnsignedFile.Multi.Generic (1)
20:25:20.0478 4068 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
20:25:20.0510 4068 drvnddm ( UnsignedFile.Multi.Generic ) - warning
20:25:20.0510 4068 drvnddm - detected UnsignedFile.Multi.Generic (1)
20:25:20.0635 4068 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
20:25:20.0682 4068 DSproct ( UnsignedFile.Multi.Generic ) - warning
20:25:20.0682 4068 DSproct - detected UnsignedFile.Multi.Generic (1)
20:25:20.0775 4068 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:25:20.0838 4068 E100B - ok
20:25:20.0963 4068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:25:21.0166 4068 Fastfat - ok
20:25:21.0275 4068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:25:21.0447 4068 Fdc - ok
20:25:21.0525 4068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:25:21.0666 4068 Fips - ok
20:25:21.0728 4068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:25:21.0853 4068 Flpydisk - ok
20:25:21.0963 4068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:25:22.0197 4068 FltMgr - ok
20:25:22.0228 4068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:25:22.0369 4068 Fs_Rec - ok
20:25:22.0494 4068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:25:22.0650 4068 Ftdisk - ok
20:25:22.0713 4068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:25:22.0728 4068 GEARAspiWDM - ok
20:25:22.0775 4068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:25:22.0916 4068 Gpc - ok
20:25:23.0025 4068 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
20:25:23.0197 4068 HidIr - ok
20:25:23.0307 4068 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:25:23.0447 4068 HidUsb - ok
20:25:23.0541 4068 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\WINDOWS\system32\drivers\hitmanpro35.sys
20:25:23.0557 4068 hitmanpro35 - ok
20:25:23.0635 4068 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:25:23.0775 4068 hpn - ok
20:25:23.0822 4068 HTCAND32 - ok
20:25:23.0916 4068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:25:24.0010 4068 HTTP - ok
20:25:24.0119 4068 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:25:24.0260 4068 i2omgmt - ok
20:25:24.0307 4068 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:25:24.0478 4068 i2omp - ok
20:25:24.0572 4068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:25:24.0744 4068 i8042prt - ok
20:25:24.0791 4068 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys
20:25:24.0994 4068 iastor - ok
20:25:25.0072 4068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:25:25.0197 4068 Imapi - ok
20:25:25.0307 4068 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:25:25.0478 4068 ini910u - ok
20:25:25.0603 4068 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
20:25:25.0760 4068 IntelC51 - ok
20:25:25.0807 4068 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
20:25:25.0916 4068 IntelC52 - ok
20:25:25.0947 4068 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
20:25:25.0978 4068 IntelC53 - ok
20:25:26.0119 4068 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:25:26.0275 4068 IntelIde - ok
20:25:26.0338 4068 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:25:26.0478 4068 intelppm - ok
20:25:26.0525 4068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:25:26.0682 4068 Ip6Fw - ok
20:25:26.0963 4068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:25:27.0182 4068 IpFilterDriver - ok
20:25:27.0291 4068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:25:27.0432 4068 IpInIp - ok
20:25:27.0525 4068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:25:27.0682 4068 IpNat - ok
20:25:27.0775 4068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:25:27.0916 4068 IPSec - ok
20:25:27.0994 4068 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
20:25:28.0228 4068 IrBus - ok
20:25:28.0322 4068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:25:28.0463 4068 IRENUM - ok
20:25:28.0541 4068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:25:28.0682 4068 isapnp - ok
20:25:28.0744 4068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:25:28.0885 4068 Kbdclass - ok
20:25:28.0916 4068 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:25:29.0057 4068 kbdhid - ok
20:25:29.0182 4068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:25:29.0322 4068 kmixer - ok
20:25:29.0400 4068 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:25:29.0541 4068 KSecDD - ok
20:25:29.0619 4068 lbrtfdc - ok
20:25:29.0713 4068 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
20:25:29.0728 4068 MBAMProtector - ok
20:25:29.0838 4068 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:25:29.0900 4068 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
20:25:29.0900 4068 MHNDRV - detected UnsignedFile.Multi.Generic (1)
20:25:29.0963 4068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:25:30.0119 4068 mnmdd - ok
20:25:30.0213 4068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:25:30.0369 4068 Modem - ok
20:25:30.0494 4068 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:25:30.0635 4068 MODEMCSA - ok
20:25:30.0713 4068 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
20:25:30.0744 4068 mohfilt - ok
20:25:30.0822 4068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:25:30.0978 4068 Mouclass - ok
20:25:31.0166 4068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:25:31.0322 4068 mouhid - ok
20:25:31.0400 4068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:25:31.0557 4068 MountMgr - ok
20:25:31.0666 4068 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:25:31.0838 4068 mraid35x - ok
20:25:31.0885 4068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:25:32.0057 4068 MRxDAV - ok
20:25:32.0166 4068 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:25:32.0353 4068 MRxSmb - ok
20:25:32.0400 4068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:25:32.0557 4068 Msfs - ok
20:25:32.0666 4068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:25:32.0807 4068 MSKSSRV - ok
20:25:32.0869 4068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:25:33.0057 4068 MSPCLOCK - ok
20:25:33.0135 4068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:25:33.0307 4068 MSPQM - ok
20:25:33.0432 4068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:25:33.0572 4068 mssmbios - ok
20:25:33.0697 4068 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:25:33.0760 4068 Mup - ok
20:25:33.0853 4068 NAL (9121d8ffff773c66bbf4955e4f7aac23) C:\WINDOWS\system32\Drivers\iqvw32.sys
20:25:33.0900 4068 NAL ( UnsignedFile.Multi.Generic ) - warning
20:25:33.0900 4068 NAL - detected UnsignedFile.Multi.Generic (1)
20:25:33.0978 4068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:25:34.0260 4068 NDIS - ok
20:25:34.0385 4068 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:25:34.0447 4068 NdisTapi - ok
20:25:34.0525 4068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:25:34.0666 4068 Ndisuio - ok
20:25:34.0744 4068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:25:34.0916 4068 NdisWan - ok
20:25:35.0150 4068 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:25:35.0213 4068 NDProxy - ok
20:25:35.0260 4068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:25:35.0400 4068 NetBIOS - ok
20:25:35.0463 4068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:25:35.0619 4068 NetBT - ok
20:25:35.0697 4068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:25:35.0838 4068 Npfs - ok
20:25:35.0916 4068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:25:36.0103 4068 Ntfs - ok
20:25:36.0182 4068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:25:36.0322 4068 Null - ok
20:25:36.0400 4068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:25:36.0572 4068 NwlnkFlt - ok
20:25:36.0697 4068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:25:36.0869 4068 NwlnkFwd - ok
20:25:36.0963 4068 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
20:25:36.0978 4068 omci ( UnsignedFile.Multi.Generic ) - warning
20:25:36.0978 4068 omci - detected UnsignedFile.Multi.Generic (1)
20:25:37.0119 4068 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
20:25:37.0135 4068 ossrv - ok
20:25:37.0228 4068 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
20:25:37.0338 4068 P17 - ok
20:25:37.0416 4068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:25:37.0588 4068 Parport - ok
20:25:37.0650 4068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:25:37.0807 4068 PartMgr - ok
20:25:37.0900 4068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:25:38.0150 4068 ParVdm - ok
20:25:38.0291 4068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:25:38.0494 4068 PCI - ok
20:25:38.0541 4068 PCIDump - ok
20:25:38.0557 4068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:25:38.0713 4068 PCIIde - ok
20:25:38.0760 4068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:25:38.0916 4068 Pcmcia - ok
20:25:39.0041 4068 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
20:25:39.0072 4068 pcouffin ( UnsignedFile.Multi.Generic ) - warning
20:25:39.0072 4068 pcouffin - detected UnsignedFile.Multi.Generic (1)
20:25:39.0119 4068 PDCOMP - ok
20:25:39.0228 4068 PDFRAME - ok
20:25:39.0307 4068 PDRELI - ok
20:25:39.0353 4068 PDRFRAME - ok
20:25:39.0400 4068 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:25:39.0525 4068 perc2 - ok
20:25:39.0619 4068 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:25:39.0775 4068 perc2hib - ok
20:25:39.0869 4068 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys
20:25:39.0885 4068 PfModNT - ok
20:25:39.0963 4068 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
20:25:40.0072 4068 pnetmdm ( UnsignedFile.Multi.Generic ) - warning
20:25:40.0072 4068 pnetmdm - detected UnsignedFile.Multi.Generic (1)
20:25:40.0213 4068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:25:40.0353 4068 PptpMiniport - ok
20:25:40.0385 4068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:25:40.0525 4068 PSched - ok
20:25:40.0635 4068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:25:40.0791 4068 Ptilink - ok
20:25:40.0869 4068 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:25:40.0885 4068 PxHelp20 - ok
20:25:40.0932 4068 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:25:41.0072 4068 ql1080 - ok
20:25:41.0166 4068 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:25:41.0307 4068 Ql10wnt - ok
20:25:41.0385 4068 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:25:41.0557 4068 ql12160 - ok
20:25:41.0650 4068 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:25:41.0807 4068 ql1240 - ok
20:25:41.0885 4068 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:25:42.0057 4068 ql1280 - ok
20:25:42.0135 4068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:25:42.0275 4068 RasAcd - ok
20:25:42.0353 4068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:25:42.0510 4068 Rasl2tp - ok
20:25:42.0588 4068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:25:42.0713 4068 RasPppoe - ok
20:25:42.0744 4068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:25:42.0885 4068 Raspti - ok
20:25:42.0978 4068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:25:43.0275 4068 Rdbss - ok
20:25:43.0369 4068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:25:43.0510 4068 RDPCDD - ok
20:25:43.0635 4068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:25:43.0807 4068 rdpdr - ok
20:25:43.0963 4068 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:25:44.0057 4068 RDPWD - ok
20:25:44.0135 4068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:25:44.0291 4068 redbook - ok
20:25:44.0369 4068 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:25:44.0510 4068 ROOTMODEM - ok
20:25:44.0650 4068 rt2870 (ee5ad71a1f576d4d58d8d014560eb856) C:\WINDOWS\system32\DRIVERS\rt2870.sys
20:25:44.0791 4068 rt2870 - ok
20:25:44.0900 4068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:25:45.0057 4068 Secdrv - ok
20:25:45.0166 4068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:25:45.0338 4068 serenum - ok
20:25:45.0432 4068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:25:45.0572 4068 Serial - ok
20:25:45.0666 4068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:25:45.0807 4068 Sfloppy - ok
20:25:46.0057 4068 sftfs (21fd68e11d15ac0c4b3a0846e39be565) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfsXP.sys
20:25:46.0103 4068 sftfs - ok
20:25:46.0150 4068 sftplay (38fd811e7f58250916548031bd9308d0) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayXP.sys
20:25:46.0182 4068 sftplay - ok
20:25:46.0275 4068 Sftredir (1f13f3c7907588d017299b008eeed06c) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
20:25:46.0291 4068 Sftredir - ok
20:25:46.0307 4068 sftvol (634274439e8701799f6fce42933cdb06) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvolXP.sys
20:25:46.0322 4068 sftvol - ok
20:25:46.0369 4068 Simbad - ok
20:25:46.0432 4068 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:25:46.0603 4068 sisagp - ok
20:25:46.0775 4068 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:25:46.0963 4068 Sparrow - ok
20:25:47.0150 4068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:25:47.0307 4068 splitter - ok
20:25:47.0353 4068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:25:47.0510 4068 sr - ok
20:25:47.0557 4068 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:25:47.0666 4068 Srv - ok
20:25:47.0760 4068 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:25:47.0775 4068 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
20:25:47.0775 4068 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
20:25:47.0822 4068 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
20:25:47.0838 4068 ssrtln ( UnsignedFile.Multi.Generic ) - warning
20:25:47.0838 4068 ssrtln - detected UnsignedFile.Multi.Generic (1)
20:25:47.0916 4068 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:25:48.0041 4068 StillCam - ok
20:25:48.0275 4068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:25:48.0447 4068 swenum - ok
20:25:48.0525 4068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:25:48.0666 4068 swmidi - ok
20:25:48.0807 4068 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:25:48.0978 4068 symc810 - ok
20:25:49.0150 4068 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:25:49.0291 4068 symc8xx - ok
20:25:49.0385 4068 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:25:49.0557 4068 sym_hi - ok
20:25:49.0650 4068 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:25:49.0791 4068 sym_u3 - ok
20:25:49.0900 4068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:25:50.0041 4068 sysaudio - ok
20:25:50.0182 4068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:25:50.0369 4068 Tcpip - ok
20:25:50.0432 4068 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
20:25:50.0478 4068 Tcpip6 - ok
20:25:50.0541 4068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:25:50.0713 4068 TDPIPE - ok
20:25:50.0838 4068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:25:51.0010 4068 TDTCP - ok
20:25:51.0135 4068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:25:51.0275 4068 TermDD - ok
20:25:51.0432 4068 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
20:25:51.0447 4068 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0447 4068 tfsnboio - detected UnsignedFile.Multi.Generic (1)
20:25:51.0478 4068 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
20:25:51.0510 4068 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0510 4068 tfsncofs - detected UnsignedFile.Multi.Generic (1)
20:25:51.0541 4068 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
20:25:51.0557 4068 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0557 4068 tfsndrct - detected UnsignedFile.Multi.Generic (1)
20:25:51.0603 4068 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
20:25:51.0619 4068 tfsndres ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0619 4068 tfsndres - detected UnsignedFile.Multi.Generic (1)
20:25:51.0650 4068 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
20:25:51.0666 4068 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0666 4068 tfsnifs - detected UnsignedFile.Multi.Generic (1)
20:25:51.0682 4068 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
20:25:51.0713 4068 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0713 4068 tfsnopio - detected UnsignedFile.Multi.Generic (1)
20:25:51.0744 4068 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
20:25:51.0760 4068 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0760 4068 tfsnpool - detected UnsignedFile.Multi.Generic (1)
20:25:51.0791 4068 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
20:25:51.0822 4068 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0822 4068 tfsnudf - detected UnsignedFile.Multi.Generic (1)
20:25:51.0853 4068 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
20:25:51.0869 4068 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0869 4068 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
20:25:51.0900 4068 TLRecAgent - ok
20:25:51.0963 4068 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:25:52.0088 4068 TosIde - ok
20:25:52.0135 4068 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
20:25:52.0291 4068 tunmp - ok
20:25:52.0322 4068 UALFDrv2 - ok
20:25:52.0400 4068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:25:52.0572 4068 Udfs - ok
20:25:52.0713 4068 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:25:52.0807 4068 ultra - ok
20:25:52.0869 4068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:25:53.0025 4068 Update - ok
20:25:53.0119 4068 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:25:53.0228 4068 USBAAPL - ok
20:25:53.0307 4068 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:25:53.0447 4068 usbaudio - ok
20:25:53.0541 4068 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
20:25:53.0603 4068 usbbus - ok
20:25:53.0713 4068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:25:53.0853 4068 usbccgp - ok
20:25:53.0932 4068 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
20:25:53.0978 4068 UsbDiag - ok
20:25:54.0103 4068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:25:54.0322 4068 usbehci - ok
20:25:54.0432 4068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:25:54.0588 4068 usbhub - ok
20:25:54.0666 4068 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
20:25:54.0728 4068 USBModem - ok
20:25:54.0807 4068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:25:54.0963 4068 usbprint - ok
20:25:55.0103 4068 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:25:55.0244 4068 usbscan - ok
20:25:55.0353 4068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:25:55.0494 4068 USBSTOR - ok
20:25:55.0525 4068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:25:55.0666 4068 usbuhci - ok
20:25:55.0728 4068 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
20:25:55.0900 4068 usb_rndisx - ok
20:25:56.0103 4068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:25:56.0260 4068 VgaSave - ok
20:25:56.0353 4068 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:25:56.0494 4068 viaagp - ok
20:25:56.0588 4068 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:25:56.0760 4068 ViaIde - ok
20:25:56.0869 4068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:25:57.0010 4068 VolSnap - ok
20:25:57.0057 4068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:25:57.0213 4068 Wanarp - ok
20:25:57.0244 4068 wanatw - ok
20:25:57.0338 4068 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:25:57.0385 4068 Wdf01000 - ok
20:25:57.0432 4068 WDICA - ok
20:25:57.0478 4068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:25:57.0635 4068 wdmaud - ok
20:25:57.0728 4068 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
20:25:57.0744 4068 WinUSB - ok
20:25:57.0853 4068 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:25:57.0963 4068 WpdUsb - ok
20:25:58.0072 4068 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:25:58.0213 4068 WS2IFSL - ok
20:25:58.0275 4068 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:25:58.0307 4068 WudfPf - ok
20:25:58.0400 4068 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:25:58.0432 4068 WudfRd - ok
20:25:58.0463 4068 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
20:25:58.0572 4068 \Device\Harddisk0\DR0 - ok
20:25:58.0572 4068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:25:58.0619 4068 \Device\Harddisk1\DR1 - ok
20:25:58.0666 4068 Boot (0x1200) (8f40cdef114d27cfc3267cbb77ba0a73) \Device\Harddisk0\DR0\Partition0
20:25:58.0666 4068 \Device\Harddisk0\DR0\Partition0 - ok
20:25:58.0666 4068 Boot (0x1200) (dc580cdbd9d56fc8813c7df2a07adcab) \Device\Harddisk1\DR1\Partition0
20:25:58.0666 4068 \Device\Harddisk1\DR1\Partition0 - ok
20:25:58.0666 4068 ============================================================
20:25:58.0666 4068 Scan finished
20:25:58.0666 4068 ============================================================
20:25:58.0807 0828 Detected object count: 20
20:25:58.0807 0828 Actual detected object count: 20
20:26:20.0353 0828 C:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine
20:26:20.0353 0828 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:20.0478 0828 C:\WINDOWS\system32\drivers\drvmcdb.sys - copied to quarantine
20:26:20.0478 0828 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:20.0572 0828 C:\WINDOWS\system32\drivers\drvnddm.sys - copied to quarantine
20:26:20.0588 0828 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:20.0713 0828 C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys - copied to quarantine
20:26:20.0713 0828 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:20.0869 0828 C:\WINDOWS\system32\DRIVERS\mhndrv.sys - copied to quarantine
20:26:20.0869 0828 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0010 0828 C:\WINDOWS\system32\Drivers\iqvw32.sys - copied to quarantine
20:26:21.0010 0828 NAL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0197 0828 C:\WINDOWS\system32\DRIVERS\omci.sys - copied to quarantine
20:26:21.0197 0828 omci ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0353 0828 C:\WINDOWS\system32\Drivers\pcouffin.sys - copied to quarantine
20:26:21.0353 0828 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0478 0828 C:\WINDOWS\system32\DRIVERS\pnetmdm.sys - copied to quarantine
20:26:21.0478 0828 pnetmdm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0603 0828 C:\WINDOWS\system32\drivers\sscdbhk5.sys - copied to quarantine
20:26:21.0603 0828 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0682 0828 C:\WINDOWS\system32\drivers\ssrtln.sys - copied to quarantine
20:26:21.0682 0828 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0775 0828 C:\WINDOWS\system32\dla\tfsnboio.sys - copied to quarantine
20:26:21.0775 0828 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0838 0828 C:\WINDOWS\system32\dla\tfsncofs.sys - copied to quarantine
20:26:21.0838 0828 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0994 0828 C:\WINDOWS\system32\dla\tfsndrct.sys - copied to quarantine
20:26:21.0994 0828 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:22.0072 0828 C:\WINDOWS\system32\dla\tfsndres.sys - copied to quarantine
20:26:22.0072 0828 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:22.0166 0828 C:\WINDOWS\system32\dla\tfsnifs.sys - copied to quarantine
20:26:22.0166 0828 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:22.0228 0828 C:\WINDOWS\system32\dla\tfsnopio.sys - copied to quarantine
20:26:22.0228 0828 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:22.0385 0828 C:\WINDOWS\system32\dla\tfsnpool.sys - copied to quarantine
20:26:22.0385 0828 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:22.0463 0828 C:\WINDOWS\system32\dla\tfsnudf.sys - copied to quarantine
20:26:22.0463 0828 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:22.0557 0828 C:\WINDOWS\system32\dla\tfsnudfa.sys - copied to quarantine
20:26:22.0557 0828 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

to forum · permalink · 2012-02-01 23:28:34 ·

Mark8g

join:2012-02-01

reply to lilhurricane
TDSS report

20:24:49.0478 0656 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
20:24:50.0228 0656 ============================================================
20:24:50.0228 0656 Current date / time: 2012/02/01 20:24:50.0228
20:24:50.0228 0656 SystemInfo:
20:24:50.0228 0656
20:24:50.0228 0656 OS Version: 5.1.2600 ServicePack: 3.0
20:24:50.0228 0656 Product type: Workstation
20:24:50.0228 0656 ComputerName: ADAS
20:24:50.0228 0656 UserName: Adas
20:24:50.0228 0656 Windows directory: C:\WINDOWS
20:24:50.0228 0656 System windows directory: C:\WINDOWS
20:24:50.0228 0656 Processor architecture: Intel x86
20:24:50.0228 0656 Number of processors: 2
20:24:50.0228 0656 Page size: 0x1000
20:24:50.0228 0656 Boot type: Normal boot
20:24:50.0228 0656 ============================================================
20:24:52.0666 0656 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:24:52.0682 0656 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:24:52.0728 0656 \Device\Harddisk0\DR0:
20:24:52.0728 0656 MBR used
20:24:52.0728 0656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1C844A15
20:24:52.0728 0656 \Device\Harddisk1\DR1:
20:24:52.0744 0656 MBR used
20:24:52.0744 0656 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
20:24:53.0119 0656 Initialize success
20:24:53.0119 0656 ============================================================
20:25:05.0307 4068 ============================================================
20:25:05.0307 4068 Scan started
20:25:05.0307 4068 Mode: Manual; SigCheck; TDLFS;
20:25:05.0307 4068 ============================================================
20:25:05.0807 4068 Abiosdsk - ok
20:25:05.0900 4068 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:25:08.0275 4068 abp480n5 - ok
20:25:08.0353 4068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:25:08.0635 4068 ACPI - ok
20:25:08.0728 4068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:25:08.0900 4068 ACPIEC - ok
20:25:09.0010 4068 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:25:09.0150 4068 adpu160m - ok
20:25:09.0244 4068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:25:09.0432 4068 aec - ok
20:25:09.0510 4068 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:25:09.0557 4068 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:25:09.0557 4068 AegisP - detected UnsignedFile.Multi.Generic (1)
20:25:09.0635 4068 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:25:09.0697 4068 AFD - ok
20:25:09.0760 4068 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:25:09.0916 4068 agp440 - ok
20:25:10.0057 4068 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:25:10.0228 4068 agpCPQ - ok
20:25:10.0275 4068 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:25:10.0385 4068 Aha154x - ok
20:25:10.0432 4068 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:25:10.0603 4068 aic78u2 - ok
20:25:10.0650 4068 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:25:10.0791 4068 aic78xx - ok
20:25:10.0885 4068 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:25:11.0057 4068 AliIde - ok
20:25:11.0182 4068 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:25:11.0353 4068 alim1541 - ok
20:25:11.0400 4068 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:25:11.0572 4068 amdagp - ok
20:25:11.0603 4068 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:25:11.0682 4068 amsint - ok
20:25:11.0807 4068 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:25:11.0963 4068 asc - ok
20:25:12.0041 4068 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:25:12.0119 4068 asc3350p - ok
20:25:12.0197 4068 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:25:12.0369 4068 asc3550 - ok
20:25:12.0432 4068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:25:12.0603 4068 AsyncMac - ok
20:25:12.0635 4068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:25:12.0791 4068 atapi - ok
20:25:12.0807 4068 Atdisk - ok
20:25:12.0932 4068 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:25:13.0166 4068 ati2mtag - ok
20:25:13.0322 4068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:25:13.0463 4068 Atmarpc - ok
20:25:13.0603 4068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:25:13.0760 4068 audstub - ok
20:25:13.0838 4068 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
20:25:14.0088 4068 AVGIDSDriver - ok
20:25:14.0166 4068 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
20:25:14.0197 4068 AVGIDSEH - ok
20:25:14.0260 4068 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
20:25:14.0275 4068 AVGIDSFilter - ok
20:25:14.0635 4068 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
20:25:14.0869 4068 AVGIDSShim - ok
20:25:15.0166 4068 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:25:15.0182 4068 Avgldx86 - ok
20:25:15.0228 4068 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:25:15.0244 4068 Avgmfx86 - ok
20:25:15.0307 4068 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:25:15.0322 4068 Avgrkx86 - ok
20:25:15.0385 4068 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:25:15.0400 4068 Avgtdix - ok
20:25:15.0432 4068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:25:15.0588 4068 Beep - ok
20:25:15.0603 4068 bvrp_pci - ok
20:25:15.0822 4068 catchme - ok
20:25:15.0916 4068 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:25:16.0057 4068 cbidf - ok
20:25:16.0088 4068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:25:16.0228 4068 cbidf2k - ok
20:25:16.0275 4068 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:25:16.0369 4068 cd20xrnt - ok
20:25:16.0400 4068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:25:16.0557 4068 Cdaudio - ok
20:25:16.0775 4068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:25:16.0963 4068 Cdfs - ok
20:25:17.0119 4068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:25:17.0275 4068 Cdrom - ok
20:25:17.0338 4068 Changer - ok
20:25:17.0400 4068 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:25:17.0572 4068 CmdIde - ok
20:25:17.0619 4068 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:25:17.0760 4068 Cpqarray - ok
20:25:17.0885 4068 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
20:25:17.0978 4068 ctsfm2k - ok
20:25:18.0135 4068 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:25:18.0307 4068 dac2w2k - ok
20:25:18.0400 4068 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:25:18.0572 4068 dac960nt - ok
20:25:18.0713 4068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:25:18.0853 4068 Disk - ok
20:25:18.0932 4068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:25:19.0213 4068 dmboot - ok
20:25:19.0244 4068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:25:19.0400 4068 dmio - ok
20:25:19.0478 4068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:25:19.0635 4068 dmload - ok
20:25:19.0713 4068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:25:19.0853 4068 DMusic - ok
20:25:19.0932 4068 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:25:20.0103 4068 dpti2o - ok
20:25:20.0150 4068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:25:20.0291 4068 drmkaud - ok
20:25:20.0416 4068 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
20:25:20.0447 4068 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
20:25:20.0447 4068 drvmcdb - detected UnsignedFile.Multi.Generic (1)
20:25:20.0478 4068 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
20:25:20.0510 4068 drvnddm ( UnsignedFile.Multi.Generic ) - warning
20:25:20.0510 4068 drvnddm - detected UnsignedFile.Multi.Generic (1)
20:25:20.0635 4068 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
20:25:20.0682 4068 DSproct ( UnsignedFile.Multi.Generic ) - warning
20:25:20.0682 4068 DSproct - detected UnsignedFile.Multi.Generic (1)
20:25:20.0775 4068 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:25:20.0838 4068 E100B - ok
20:25:20.0963 4068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:25:21.0166 4068 Fastfat - ok
20:25:21.0275 4068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:25:21.0447 4068 Fdc - ok
20:25:21.0525 4068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:25:21.0666 4068 Fips - ok
20:25:21.0728 4068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:25:21.0853 4068 Flpydisk - ok
20:25:21.0963 4068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:25:22.0197 4068 FltMgr - ok
20:25:22.0228 4068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:25:22.0369 4068 Fs_Rec - ok
20:25:22.0494 4068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:25:22.0650 4068 Ftdisk - ok
20:25:22.0713 4068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:25:22.0728 4068 GEARAspiWDM - ok
20:25:22.0775 4068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:25:22.0916 4068 Gpc - ok
20:25:23.0025 4068 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
20:25:23.0197 4068 HidIr - ok
20:25:23.0307 4068 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:25:23.0447 4068 HidUsb - ok
20:25:23.0541 4068 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\WINDOWS\system32\drivers\hitmanpro35.sys
20:25:23.0557 4068 hitmanpro35 - ok
20:25:23.0635 4068 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:25:23.0775 4068 hpn - ok
20:25:23.0822 4068 HTCAND32 - ok
20:25:23.0916 4068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:25:24.0010 4068 HTTP - ok
20:25:24.0119 4068 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:25:24.0260 4068 i2omgmt - ok
20:25:24.0307 4068 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:25:24.0478 4068 i2omp - ok
20:25:24.0572 4068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:25:24.0744 4068 i8042prt - ok
20:25:24.0791 4068 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys
20:25:24.0994 4068 iastor - ok
20:25:25.0072 4068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:25:25.0197 4068 Imapi - ok
20:25:25.0307 4068 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:25:25.0478 4068 ini910u - ok
20:25:25.0603 4068 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
20:25:25.0760 4068 IntelC51 - ok
20:25:25.0807 4068 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
20:25:25.0916 4068 IntelC52 - ok
20:25:25.0947 4068 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
20:25:25.0978 4068 IntelC53 - ok
20:25:26.0119 4068 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:25:26.0275 4068 IntelIde - ok
20:25:26.0338 4068 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:25:26.0478 4068 intelppm - ok
20:25:26.0525 4068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:25:26.0682 4068 Ip6Fw - ok
20:25:26.0963 4068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:25:27.0182 4068 IpFilterDriver - ok
20:25:27.0291 4068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:25:27.0432 4068 IpInIp - ok
20:25:27.0525 4068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:25:27.0682 4068 IpNat - ok
20:25:27.0775 4068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:25:27.0916 4068 IPSec - ok
20:25:27.0994 4068 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
20:25:28.0228 4068 IrBus - ok
20:25:28.0322 4068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:25:28.0463 4068 IRENUM - ok
20:25:28.0541 4068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:25:28.0682 4068 isapnp - ok
20:25:28.0744 4068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:25:28.0885 4068 Kbdclass - ok
20:25:28.0916 4068 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:25:29.0057 4068 kbdhid - ok
20:25:29.0182 4068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:25:29.0322 4068 kmixer - ok
20:25:29.0400 4068 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:25:29.0541 4068 KSecDD - ok
20:25:29.0619 4068 lbrtfdc - ok
20:25:29.0713 4068 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
20:25:29.0728 4068 MBAMProtector - ok
20:25:29.0838 4068 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:25:29.0900 4068 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
20:25:29.0900 4068 MHNDRV - detected UnsignedFile.Multi.Generic (1)
20:25:29.0963 4068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:25:30.0119 4068 mnmdd - ok
20:25:30.0213 4068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:25:30.0369 4068 Modem - ok
20:25:30.0494 4068 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:25:30.0635 4068 MODEMCSA - ok
20:25:30.0713 4068 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
20:25:30.0744 4068 mohfilt - ok
20:25:30.0822 4068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:25:30.0978 4068 Mouclass - ok
20:25:31.0166 4068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:25:31.0322 4068 mouhid - ok
20:25:31.0400 4068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:25:31.0557 4068 MountMgr - ok
20:25:31.0666 4068 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:25:31.0838 4068 mraid35x - ok
20:25:31.0885 4068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:25:32.0057 4068 MRxDAV - ok
20:25:32.0166 4068 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:25:32.0353 4068 MRxSmb - ok
20:25:32.0400 4068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:25:32.0557 4068 Msfs - ok
20:25:32.0666 4068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:25:32.0807 4068 MSKSSRV - ok
20:25:32.0869 4068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:25:33.0057 4068 MSPCLOCK - ok
20:25:33.0135 4068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:25:33.0307 4068 MSPQM - ok
20:25:33.0432 4068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:25:33.0572 4068 mssmbios - ok
20:25:33.0697 4068 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:25:33.0760 4068 Mup - ok
20:25:33.0853 4068 NAL (9121d8ffff773c66bbf4955e4f7aac23) C:\WINDOWS\system32\Drivers\iqvw32.sys
20:25:33.0900 4068 NAL ( UnsignedFile.Multi.Generic ) - warning
20:25:33.0900 4068 NAL - detected UnsignedFile.Multi.Generic (1)
20:25:33.0978 4068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:25:34.0260 4068 NDIS - ok
20:25:34.0385 4068 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:25:34.0447 4068 NdisTapi - ok
20:25:34.0525 4068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:25:34.0666 4068 Ndisuio - ok
20:25:34.0744 4068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:25:34.0916 4068 NdisWan - ok
20:25:35.0150 4068 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:25:35.0213 4068 NDProxy - ok
20:25:35.0260 4068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:25:35.0400 4068 NetBIOS - ok
20:25:35.0463 4068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:25:35.0619 4068 NetBT - ok
20:25:35.0697 4068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:25:35.0838 4068 Npfs - ok
20:25:35.0916 4068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:25:36.0103 4068 Ntfs - ok
20:25:36.0182 4068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:25:36.0322 4068 Null - ok
20:25:36.0400 4068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:25:36.0572 4068 NwlnkFlt - ok
20:25:36.0697 4068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:25:36.0869 4068 NwlnkFwd - ok
20:25:36.0963 4068 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
20:25:36.0978 4068 omci ( UnsignedFile.Multi.Generic ) - warning
20:25:36.0978 4068 omci - detected UnsignedFile.Multi.Generic (1)
20:25:37.0119 4068 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
20:25:37.0135 4068 ossrv - ok
20:25:37.0228 4068 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
20:25:37.0338 4068 P17 - ok
20:25:37.0416 4068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:25:37.0588 4068 Parport - ok
20:25:37.0650 4068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:25:37.0807 4068 PartMgr - ok
20:25:37.0900 4068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:25:38.0150 4068 ParVdm - ok
20:25:38.0291 4068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:25:38.0494 4068 PCI - ok
20:25:38.0541 4068 PCIDump - ok
20:25:38.0557 4068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:25:38.0713 4068 PCIIde - ok
20:25:38.0760 4068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:25:38.0916 4068 Pcmcia - ok
20:25:39.0041 4068 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
20:25:39.0072 4068 pcouffin ( UnsignedFile.Multi.Generic ) - warning
20:25:39.0072 4068 pcouffin - detected UnsignedFile.Multi.Generic (1)
20:25:39.0119 4068 PDCOMP - ok
20:25:39.0228 4068 PDFRAME - ok
20:25:39.0307 4068 PDRELI - ok
20:25:39.0353 4068 PDRFRAME - ok
20:25:39.0400 4068 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:25:39.0525 4068 perc2 - ok
20:25:39.0619 4068 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:25:39.0775 4068 perc2hib - ok
20:25:39.0869 4068 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys
20:25:39.0885 4068 PfModNT - ok
20:25:39.0963 4068 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
20:25:40.0072 4068 pnetmdm ( UnsignedFile.Multi.Generic ) - warning
20:25:40.0072 4068 pnetmdm - detected UnsignedFile.Multi.Generic (1)
20:25:40.0213 4068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:25:40.0353 4068 PptpMiniport - ok
20:25:40.0385 4068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:25:40.0525 4068 PSched - ok
20:25:40.0635 4068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:25:40.0791 4068 Ptilink - ok
20:25:40.0869 4068 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:25:40.0885 4068 PxHelp20 - ok
20:25:40.0932 4068 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:25:41.0072 4068 ql1080 - ok
20:25:41.0166 4068 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:25:41.0307 4068 Ql10wnt - ok
20:25:41.0385 4068 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:25:41.0557 4068 ql12160 - ok
20:25:41.0650 4068 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:25:41.0807 4068 ql1240 - ok
20:25:41.0885 4068 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:25:42.0057 4068 ql1280 - ok
20:25:42.0135 4068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:25:42.0275 4068 RasAcd - ok
20:25:42.0353 4068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:25:42.0510 4068 Rasl2tp - ok
20:25:42.0588 4068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:25:42.0713 4068 RasPppoe - ok
20:25:42.0744 4068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:25:42.0885 4068 Raspti - ok
20:25:42.0978 4068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:25:43.0275 4068 Rdbss - ok
20:25:43.0369 4068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:25:43.0510 4068 RDPCDD - ok
20:25:43.0635 4068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:25:43.0807 4068 rdpdr - ok
20:25:43.0963 4068 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:25:44.0057 4068 RDPWD - ok
20:25:44.0135 4068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:25:44.0291 4068 redbook - ok
20:25:44.0369 4068 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:25:44.0510 4068 ROOTMODEM - ok
20:25:44.0650 4068 rt2870 (ee5ad71a1f576d4d58d8d014560eb856) C:\WINDOWS\system32\DRIVERS\rt2870.sys
20:25:44.0791 4068 rt2870 - ok
20:25:44.0900 4068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:25:45.0057 4068 Secdrv - ok
20:25:45.0166 4068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:25:45.0338 4068 serenum - ok
20:25:45.0432 4068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:25:45.0572 4068 Serial - ok
20:25:45.0666 4068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:25:45.0807 4068 Sfloppy - ok
20:25:46.0057 4068 sftfs (21fd68e11d15ac0c4b3a0846e39be565) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfsXP.sys
20:25:46.0103 4068 sftfs - ok
20:25:46.0150 4068 sftplay (38fd811e7f58250916548031bd9308d0) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayXP.sys
20:25:46.0182 4068 sftplay - ok
20:25:46.0275 4068 Sftredir (1f13f3c7907588d017299b008eeed06c) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
20:25:46.0291 4068 Sftredir - ok
20:25:46.0307 4068 sftvol (634274439e8701799f6fce42933cdb06) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvolXP.sys
20:25:46.0322 4068 sftvol - ok
20:25:46.0369 4068 Simbad - ok
20:25:46.0432 4068 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:25:46.0603 4068 sisagp - ok
20:25:46.0775 4068 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:25:46.0963 4068 Sparrow - ok
20:25:47.0150 4068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:25:47.0307 4068 splitter - ok
20:25:47.0353 4068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:25:47.0510 4068 sr - ok
20:25:47.0557 4068 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:25:47.0666 4068 Srv - ok
20:25:47.0760 4068 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:25:47.0775 4068 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
20:25:47.0775 4068 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
20:25:47.0822 4068 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
20:25:47.0838 4068 ssrtln ( UnsignedFile.Multi.Generic ) - warning
20:25:47.0838 4068 ssrtln - detected UnsignedFile.Multi.Generic (1)
20:25:47.0916 4068 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:25:48.0041 4068 StillCam - ok
20:25:48.0275 4068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:25:48.0447 4068 swenum - ok
20:25:48.0525 4068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:25:48.0666 4068 swmidi - ok
20:25:48.0807 4068 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:25:48.0978 4068 symc810 - ok
20:25:49.0150 4068 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:25:49.0291 4068 symc8xx - ok
20:25:49.0385 4068 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:25:49.0557 4068 sym_hi - ok
20:25:49.0650 4068 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:25:49.0791 4068 sym_u3 - ok
20:25:49.0900 4068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:25:50.0041 4068 sysaudio - ok
20:25:50.0182 4068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:25:50.0369 4068 Tcpip - ok
20:25:50.0432 4068 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
20:25:50.0478 4068 Tcpip6 - ok
20:25:50.0541 4068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:25:50.0713 4068 TDPIPE - ok
20:25:50.0838 4068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:25:51.0010 4068 TDTCP - ok
20:25:51.0135 4068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:25:51.0275 4068 TermDD - ok
20:25:51.0432 4068 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
20:25:51.0447 4068 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0447 4068 tfsnboio - detected UnsignedFile.Multi.Generic (1)
20:25:51.0478 4068 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
20:25:51.0510 4068 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0510 4068 tfsncofs - detected UnsignedFile.Multi.Generic (1)
20:25:51.0541 4068 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
20:25:51.0557 4068 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0557 4068 tfsndrct - detected UnsignedFile.Multi.Generic (1)
20:25:51.0603 4068 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
20:25:51.0619 4068 tfsndres ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0619 4068 tfsndres - detected UnsignedFile.Multi.Generic (1)
20:25:51.0650 4068 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
20:25:51.0666 4068 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0666 4068 tfsnifs - detected UnsignedFile.Multi.Generic (1)
20:25:51.0682 4068 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
20:25:51.0713 4068 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0713 4068 tfsnopio - detected UnsignedFile.Multi.Generic (1)
20:25:51.0744 4068 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
20:25:51.0760 4068 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0760 4068 tfsnpool - detected UnsignedFile.Multi.Generic (1)
20:25:51.0791 4068 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
20:25:51.0822 4068 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0822 4068 tfsnudf - detected UnsignedFile.Multi.Generic (1)
20:25:51.0853 4068 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
20:25:51.0869 4068 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
20:25:51.0869 4068 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
20:25:51.0900 4068 TLRecAgent - ok
20:25:51.0963 4068 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:25:52.0088 4068 TosIde - ok
20:25:52.0135 4068 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
20:25:52.0291 4068 tunmp - ok
20:25:52.0322 4068 UALFDrv2 - ok
20:25:52.0400 4068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:25:52.0572 4068 Udfs - ok
20:25:52.0713 4068 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:25:52.0807 4068 ultra - ok
20:25:52.0869 4068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:25:53.0025 4068 Update - ok
20:25:53.0119 4068 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:25:53.0228 4068 USBAAPL - ok
20:25:53.0307 4068 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:25:53.0447 4068 usbaudio - ok
20:25:53.0541 4068 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
20:25:53.0603 4068 usbbus - ok
20:25:53.0713 4068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:25:53.0853 4068 usbccgp - ok
20:25:53.0932 4068 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
20:25:53.0978 4068 UsbDiag - ok
20:25:54.0103 4068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:25:54.0322 4068 usbehci - ok
20:25:54.0432 4068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:25:54.0588 4068 usbhub - ok
20:25:54.0666 4068 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
20:25:54.0728 4068 USBModem - ok
20:25:54.0807 4068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:25:54.0963 4068 usbprint - ok
20:25:55.0103 4068 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:25:55.0244 4068 usbscan - ok
20:25:55.0353 4068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:25:55.0494 4068 USBSTOR - ok
20:25:55.0525 4068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:25:55.0666 4068 usbuhci - ok
20:25:55.0728 4068 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
20:25:55.0900 4068 usb_rndisx - ok
20:25:56.0103 4068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:25:56.0260 4068 VgaSave - ok
20:25:56.0353 4068 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:25:56.0494 4068 viaagp - ok
20:25:56.0588 4068 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:25:56.0760 4068 ViaIde - ok
20:25:56.0869 4068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:25:57.0010 4068 VolSnap - ok
20:25:57.0057 4068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:25:57.0213 4068 Wanarp - ok
20:25:57.0244 4068 wanatw - ok
20:25:57.0338 4068 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:25:57.0385 4068 Wdf01000 - ok
20:25:57.0432 4068 WDICA - ok
20:25:57.0478 4068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:25:57.0635 4068 wdmaud - ok
20:25:57.0728 4068 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
20:25:57.0744 4068 WinUSB - ok
20:25:57.0853 4068 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:25:57.0963 4068 WpdUsb - ok
20:25:58.0072 4068 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:25:58.0213 4068 WS2IFSL - ok
20:25:58.0275 4068 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:25:58.0307 4068 WudfPf - ok
20:25:58.0400 4068 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:25:58.0432 4068 WudfRd - ok
20:25:58.0463 4068 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
20:25:58.0572 4068 \Device\Harddisk0\DR0 - ok
20:25:58.0572 4068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:25:58.0619 4068 \Device\Harddisk1\DR1 - ok
20:25:58.0666 4068 Boot (0x1200) (8f40cdef114d27cfc3267cbb77ba0a73) \Device\Harddisk0\DR0\Partition0
20:25:58.0666 4068 \Device\Harddisk0\DR0\Partition0 - ok
20:25:58.0666 4068 Boot (0x1200) (dc580cdbd9d56fc8813c7df2a07adcab) \Device\Harddisk1\DR1\Partition0
20:25:58.0666 4068 \Device\Harddisk1\DR1\Partition0 - ok
20:25:58.0666 4068 ============================================================
20:25:58.0666 4068 Scan finished
20:25:58.0666 4068 ============================================================
20:25:58.0807 0828 Detected object count: 20
20:25:58.0807 0828 Actual detected object count: 20
20:26:20.0353 0828 C:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine
20:26:20.0353 0828 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:20.0478 0828 C:\WINDOWS\system32\drivers\drvmcdb.sys - copied to quarantine
20:26:20.0478 0828 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:20.0572 0828 C:\WINDOWS\system32\drivers\drvnddm.sys - copied to quarantine
20:26:20.0588 0828 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:20.0713 0828 C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys - copied to quarantine
20:26:20.0713 0828 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:20.0869 0828 C:\WINDOWS\system32\DRIVERS\mhndrv.sys - copied to quarantine
20:26:20.0869 0828 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0010 0828 C:\WINDOWS\system32\Drivers\iqvw32.sys - copied to quarantine
20:26:21.0010 0828 NAL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0197 0828 C:\WINDOWS\system32\DRIVERS\omci.sys - copied to quarantine
20:26:21.0197 0828 omci ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0353 0828 C:\WINDOWS\system32\Drivers\pcouffin.sys - copied to quarantine
20:26:21.0353 0828 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0478 0828 C:\WINDOWS\system32\DRIVERS\pnetmdm.sys - copied to quarantine
20:26:21.0478 0828 pnetmdm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0603 0828 C:\WINDOWS\system32\drivers\sscdbhk5.sys - copied to quarantine
20:26:21.0603 0828 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0682 0828 C:\WINDOWS\system32\drivers\ssrtln.sys - copied to quarantine
20:26:21.0682 0828 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0775 0828 C:\WINDOWS\system32\dla\tfsnboio.sys - copied to quarantine
20:26:21.0775 0828 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0838 0828 C:\WINDOWS\system32\dla\tfsncofs.sys - copied to quarantine
20:26:21.0838 0828 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:21.0994 0828 C:\WINDOWS\system32\dla\tfsndrct.sys - copied to quarantine
20:26:21.0994 0828 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:22.0072 0828 C:\WINDOWS\system32\dla\tfsndres.sys - copied to quarantine
20:26:22.0072 0828 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:22.0166 0828 C:\WINDOWS\system32\dla\tfsnifs.sys - copied to quarantine
20:26:22.0166 0828 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:22.0228 0828 C:\WINDOWS\system32\dla\tfsnopio.sys - copied to quarantine
20:26:22.0228 0828 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:22.0385 0828 C:\WINDOWS\system32\dla\tfsnpool.sys - copied to quarantine
20:26:22.0385 0828 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:22.0463 0828 C:\WINDOWS\system32\dla\tfsnudf.sys - copied to quarantine
20:26:22.0463 0828 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:26:22.0557 0828 C:\WINDOWS\system32\dla\tfsnudfa.sys - copied to quarantine
20:26:22.0557 0828 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

to forum · permalink · 2012-02-01 23:29:20 ·

Mark8g

join:2012-02-01

reply to Mark8g
TDSSKiller report

20:33:48.0322 1696 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
20:33:48.0775 1696 ============================================================
20:33:48.0775 1696 Current date / time: 2012/02/01 20:33:48.0775
20:33:48.0775 1696 SystemInfo:
20:33:48.0775 1696
20:33:48.0775 1696 OS Version: 5.1.2600 ServicePack: 3.0
20:33:48.0775 1696 Product type: Workstation
20:33:48.0775 1696 ComputerName: ADAS
20:33:48.0775 1696 UserName: Adas
20:33:48.0775 1696 Windows directory: C:\WINDOWS
20:33:48.0775 1696 System windows directory: C:\WINDOWS
20:33:48.0775 1696 Processor architecture: Intel x86
20:33:48.0775 1696 Number of processors: 2
20:33:48.0775 1696 Page size: 0x1000
20:33:48.0775 1696 Boot type: Normal boot
20:33:48.0775 1696 ============================================================
20:33:51.0916 1696 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:33:51.0932 1696 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:33:51.0978 1696 \Device\Harddisk0\DR0:
20:33:51.0978 1696 MBR used
20:33:51.0978 1696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1C844A15
20:33:51.0978 1696 \Device\Harddisk1\DR1:
20:33:51.0978 1696 MBR used
20:33:51.0978 1696 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
20:33:52.0432 1696 Initialize success
20:33:52.0432 1696 ============================================================
20:33:54.0322 3112 ============================================================
20:33:54.0322 3112 Scan started
20:33:54.0322 3112 Mode: Manual;
20:33:54.0322 3112 ============================================================
20:33:55.0791 3112 Abiosdsk - ok
20:33:55.0869 3112 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:33:55.0869 3112 abp480n5 - ok
20:33:55.0978 3112 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:33:55.0978 3112 ACPI - ok
20:33:56.0041 3112 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:33:56.0041 3112 ACPIEC - ok
20:33:56.0119 3112 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:33:56.0135 3112 adpu160m - ok
20:33:56.0182 3112 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:33:56.0182 3112 aec - ok
20:33:56.0260 3112 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:33:56.0260 3112 AegisP - ok
20:33:56.0338 3112 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:33:56.0338 3112 AFD - ok
20:33:56.0385 3112 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:33:56.0385 3112 agp440 - ok
20:33:56.0447 3112 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:33:56.0447 3112 agpCPQ - ok
20:33:56.0885 3112 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:33:56.0885 3112 Aha154x - ok
20:33:57.0041 3112 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:33:57.0041 3112 aic78u2 - ok
20:33:57.0103 3112 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:33:57.0103 3112 aic78xx - ok
20:33:57.0166 3112 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:33:57.0166 3112 AliIde - ok
20:33:57.0228 3112 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:33:57.0228 3112 alim1541 - ok
20:33:57.0291 3112 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:33:57.0291 3112 amdagp - ok
20:33:57.0353 3112 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:33:57.0353 3112 amsint - ok
20:33:57.0400 3112 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:33:57.0416 3112 asc - ok
20:33:57.0447 3112 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:33:57.0447 3112 asc3350p - ok
20:33:57.0619 3112 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:33:57.0619 3112 asc3550 - ok
20:33:57.0728 3112 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:33:57.0728 3112 AsyncMac - ok
20:33:57.0807 3112 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:33:57.0807 3112 atapi - ok
20:33:57.0869 3112 Atdisk - ok
20:33:57.0994 3112 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:33:58.0010 3112 ati2mtag - ok
20:33:58.0072 3112 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:33:58.0072 3112 Atmarpc - ok
20:33:58.0119 3112 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:33:58.0119 3112 audstub - ok
20:33:58.0197 3112 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
20:33:58.0213 3112 AVGIDSDriver - ok
20:33:58.0275 3112 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
20:33:58.0275 3112 AVGIDSEH - ok
20:33:58.0338 3112 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
20:33:58.0353 3112 AVGIDSFilter - ok
20:33:58.0432 3112 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
20:33:58.0432 3112 AVGIDSShim - ok
20:33:58.0603 3112 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:33:58.0603 3112 Avgldx86 - ok
20:33:58.0650 3112 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:33:58.0650 3112 Avgmfx86 - ok
20:33:58.0713 3112 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:33:58.0713 3112 Avgrkx86 - ok
20:33:58.0760 3112 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:33:58.0775 3112 Avgtdix - ok
20:33:58.0807 3112 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:33:58.0807 3112 Beep - ok
20:33:58.0838 3112 bvrp_pci - ok
20:33:59.0041 3112 catchme - ok
20:33:59.0135 3112 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:33:59.0135 3112 cbidf - ok
20:33:59.0166 3112 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:33:59.0166 3112 cbidf2k - ok
20:33:59.0228 3112 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:33:59.0228 3112 cd20xrnt - ok
20:33:59.0275 3112 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:33:59.0275 3112 Cdaudio - ok
20:33:59.0291 3112 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:33:59.0291 3112 Cdfs - ok
20:33:59.0322 3112 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:33:59.0322 3112 Cdrom - ok
20:33:59.0353 3112 Changer - ok
20:33:59.0416 3112 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:33:59.0432 3112 CmdIde - ok
20:33:59.0525 3112 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:33:59.0525 3112 Cpqarray - ok
20:33:59.0635 3112 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
20:33:59.0635 3112 ctsfm2k - ok
20:33:59.0682 3112 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:33:59.0682 3112 dac2w2k - ok
20:33:59.0744 3112 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:33:59.0744 3112 dac960nt - ok
20:33:59.0822 3112 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:33:59.0822 3112 Disk - ok
20:33:59.0916 3112 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:33:59.0916 3112 dmboot - ok
20:33:59.0963 3112 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:33:59.0963 3112 dmio - ok
20:33:59.0994 3112 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:33:59.0994 3112 dmload - ok
20:34:00.0025 3112 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:34:00.0025 3112 DMusic - ok
20:34:00.0072 3112 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:34:00.0088 3112 dpti2o - ok
20:34:00.0135 3112 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:34:00.0135 3112 drmkaud - ok
20:34:00.0182 3112 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
20:34:00.0197 3112 drvmcdb - ok
20:34:00.0228 3112 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
20:34:00.0228 3112 drvnddm - ok
20:34:00.0369 3112 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
20:34:00.0369 3112 DSproct - ok
20:34:00.0478 3112 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:34:00.0478 3112 E100B - ok
20:34:00.0557 3112 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:34:00.0557 3112 Fastfat - ok
20:34:00.0619 3112 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:34:00.0635 3112 Fdc - ok
20:34:00.0682 3112 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:34:00.0682 3112 Fips - ok
20:34:00.0728 3112 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:34:00.0728 3112 Flpydisk - ok
20:34:00.0791 3112 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:34:00.0791 3112 FltMgr - ok
20:34:00.0869 3112 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:34:00.0869 3112 Fs_Rec - ok
20:34:00.0916 3112 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:34:00.0916 3112 Ftdisk - ok
20:34:00.0963 3112 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:34:00.0963 3112 GEARAspiWDM - ok
20:34:01.0010 3112 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:34:01.0010 3112 Gpc - ok
20:34:01.0072 3112 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
20:34:01.0072 3112 HidIr - ok
20:34:01.0197 3112 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:34:01.0197 3112 HidUsb - ok
20:34:01.0260 3112 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\WINDOWS\system32\drivers\hitmanpro35.sys
20:34:01.0260 3112 hitmanpro35 - ok
20:34:01.0322 3112 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:34:01.0322 3112 hpn - ok
20:34:01.0369 3112 HTCAND32 - ok
20:34:01.0463 3112 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:34:01.0463 3112 HTTP - ok
20:34:01.0525 3112 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:34:01.0541 3112 i2omgmt - ok
20:34:01.0588 3112 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:34:01.0588 3112 i2omp - ok
20:34:01.0650 3112 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:34:01.0650 3112 i8042prt - ok
20:34:01.0713 3112 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys
20:34:01.0713 3112 iastor - ok
20:34:01.0744 3112 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:34:01.0744 3112 Imapi - ok
20:34:01.0807 3112 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:34:01.0807 3112 ini910u - ok
20:34:01.0916 3112 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
20:34:01.0932 3112 IntelC51 - ok
20:34:01.0963 3112 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
20:34:01.0963 3112 IntelC52 - ok
20:34:01.0978 3112 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
20:34:01.0994 3112 IntelC53 - ok
20:34:02.0041 3112 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:34:02.0041 3112 IntelIde - ok
20:34:02.0088 3112 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:34:02.0088 3112 intelppm - ok
20:34:02.0119 3112 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:34:02.0119 3112 Ip6Fw - ok
20:34:02.0150 3112 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:34:02.0150 3112 IpFilterDriver - ok
20:34:02.0213 3112 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:34:02.0213 3112 IpInIp - ok
20:34:02.0291 3112 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:34:02.0291 3112 IpNat - ok
20:34:02.0322 3112 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:34:02.0322 3112 IPSec - ok
20:34:02.0400 3112 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
20:34:02.0400 3112 IrBus - ok
20:34:02.0557 3112 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:34:02.0557 3112 IRENUM - ok
20:34:02.0635 3112 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:34:02.0635 3112 isapnp - ok
20:34:02.0666 3112 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:34:02.0666 3112 Kbdclass - ok
20:34:02.0697 3112 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:34:02.0697 3112 kbdhid - ok
20:34:02.0728 3112 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:34:02.0728 3112 kmixer - ok
20:34:02.0775 3112 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:34:02.0775 3112 KSecDD - ok
20:34:02.0822 3112 lbrtfdc - ok
20:34:02.0900 3112 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
20:34:02.0900 3112 MBAMProtector - ok
20:34:02.0994 3112 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:34:02.0994 3112 MHNDRV - ok
20:34:03.0041 3112 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:34:03.0041 3112 mnmdd - ok
20:34:03.0088 3112 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:34:03.0088 3112 Modem - ok
20:34:03.0119 3112 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:34:03.0119 3112 MODEMCSA - ok
20:34:03.0135 3112 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
20:34:03.0135 3112 mohfilt - ok
20:34:03.0166 3112 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:34:03.0166 3112 Mouclass - ok
20:34:03.0260 3112 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:34:03.0260 3112 mouhid - ok
20:34:03.0291 3112 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:34:03.0291 3112 MountMgr - ok
20:34:03.0338 3112 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:34:03.0338 3112 mraid35x - ok
20:34:03.0432 3112 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:34:03.0432 3112 MRxDAV - ok
20:34:03.0603 3112 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:34:03.0603 3112 MRxSmb - ok
20:34:03.0682 3112 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:34:03.0682 3112 Msfs - ok
20:34:03.0791 3112 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:34:03.0791 3112 MSKSSRV - ok
20:34:03.0869 3112 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:34:03.0869 3112 MSPCLOCK - ok
20:34:03.0963 3112 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:34:03.0963 3112 MSPQM - ok
20:34:04.0057 3112 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:34:04.0057 3112 mssmbios - ok
20:34:04.0103 3112 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:34:04.0103 3112 Mup - ok
20:34:04.0197 3112 NAL (9121d8ffff773c66bbf4955e4f7aac23) C:\WINDOWS\system32\Drivers\iqvw32.sys
20:34:04.0197 3112 NAL - ok
20:34:04.0244 3112 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:34:04.0244 3112 NDIS - ok
20:34:04.0322 3112 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:34:04.0322 3112 NdisTapi - ok
20:34:04.0369 3112 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:34:04.0369 3112 Ndisuio - ok
20:34:04.0416 3112 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:34:04.0416 3112 NdisWan - ok
20:34:04.0463 3112 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:34:04.0463 3112 NDProxy - ok
20:34:04.0541 3112 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:34:04.0541 3112 NetBIOS - ok
20:34:04.0572 3112 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:34:04.0572 3112 NetBT - ok
20:34:04.0619 3112 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:34:04.0619 3112 Npfs - ok
20:34:04.0666 3112 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:34:04.0666 3112 Ntfs - ok
20:34:04.0713 3112 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:34:04.0713 3112 Null - ok
20:34:04.0760 3112 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:34:04.0760 3112 NwlnkFlt - ok
20:34:04.0853 3112 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:34:04.0853 3112 NwlnkFwd - ok
20:34:04.0932 3112 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
20:34:04.0932 3112 omci - ok
20:34:05.0041 3112 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
20:34:05.0041 3112 ossrv - ok
20:34:05.0166 3112 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
20:34:05.0182 3112 P17 - ok
20:34:05.0275 3112 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:34:05.0275 3112 Parport - ok
20:34:05.0353 3112 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:34:05.0353 3112 PartMgr - ok
20:34:05.0432 3112 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:34:05.0432 3112 ParVdm - ok
20:34:05.0478 3112 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:34:05.0478 3112 PCI - ok
20:34:05.0572 3112 PCIDump - ok
20:34:05.0588 3112 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:34:05.0603 3112 PCIIde - ok
20:34:05.0650 3112 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:34:05.0666 3112 Pcmcia - ok
20:34:05.0760 3112 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
20:34:05.0760 3112 pcouffin - ok
20:34:05.0807 3112 PDCOMP - ok
20:34:05.0822 3112 PDFRAME - ok
20:34:05.0853 3112 PDRELI - ok
20:34:05.0885 3112 PDRFRAME - ok
20:34:05.0932 3112 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:34:05.0932 3112 perc2 - ok
20:34:06.0010 3112 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:34:06.0025 3112 perc2hib - ok
20:34:06.0088 3112 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys
20:34:06.0088 3112 PfModNT - ok
20:34:06.0182 3112 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
20:34:06.0182 3112 pnetmdm - ok
20:34:06.0244 3112 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:34:06.0244 3112 PptpMiniport - ok
20:34:06.0275 3112 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:34:06.0275 3112 PSched - ok
20:34:06.0291 3112 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:34:06.0291 3112 Ptilink - ok
20:34:06.0369 3112 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:34:06.0369 3112 PxHelp20 - ok
20:34:06.0432 3112 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:34:06.0432 3112 ql1080 - ok
20:34:06.0525 3112 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:34:06.0525 3112 Ql10wnt - ok
20:34:06.0603 3112 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:34:06.0603 3112 ql12160 - ok
20:34:06.0697 3112 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:34:06.0697 3112 ql1240 - ok
20:34:06.0744 3112 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:34:06.0744 3112 ql1280 - ok
20:34:06.0775 3112 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:34:06.0775 3112 RasAcd - ok
20:34:06.0822 3112 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:34:06.0822 3112 Rasl2tp - ok
20:34:06.0838 3112 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:34:06.0853 3112 RasPppoe - ok
20:34:06.0869 3112 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:34:06.0869 3112 Raspti - ok
20:34:06.0900 3112 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:34:06.0900 3112 Rdbss - ok
20:34:06.0932 3112 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:34:06.0932 3112 RDPCDD - ok
20:34:06.0947 3112 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:34:06.0963 3112 rdpdr - ok
20:34:07.0025 3112 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:34:07.0041 3112 RDPWD - ok
20:34:07.0119 3112 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:34:07.0119 3112 redbook - ok
20:34:07.0166 3112 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:34:07.0166 3112 ROOTMODEM - ok
20:34:07.0291 3112 rt2870 (ee5ad71a1f576d4d58d8d014560eb856) C:\WINDOWS\system32\DRIVERS\rt2870.sys
20:34:07.0291 3112 rt2870 - ok
20:34:07.0385 3112 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:34:07.0385 3112 Secdrv - ok
20:34:07.0463 3112 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:34:07.0463 3112 serenum - ok
20:34:07.0541 3112 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:34:07.0541 3112 Serial - ok
20:34:07.0588 3112 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:34:07.0588 3112 Sfloppy - ok
20:34:07.0775 3112 sftfs (21fd68e11d15ac0c4b3a0846e39be565) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfsXP.sys
20:34:07.0775 3112 sftfs - ok
20:34:07.0807 3112 sftplay (38fd811e7f58250916548031bd9308d0) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayXP.sys
20:34:07.0807 3112 sftplay - ok
20:34:07.0822 3112 Sftredir (1f13f3c7907588d017299b008eeed06c) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
20:34:07.0822 3112 Sftredir - ok
20:34:07.0838 3112 sftvol (634274439e8701799f6fce42933cdb06) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvolXP.sys
20:34:07.0838 3112 sftvol - ok
20:34:07.0869 3112 Simbad - ok
20:34:07.0947 3112 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:34:07.0947 3112 sisagp - ok
20:34:08.0025 3112 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:34:08.0025 3112 Sparrow - ok
20:34:08.0088 3112 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:34:08.0088 3112 splitter - ok
20:34:08.0182 3112 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:34:08.0182 3112 sr - ok
20:34:08.0619 3112 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:34:08.0619 3112 Srv - ok
20:34:08.0791 3112 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:34:08.0791 3112 sscdbhk5 - ok
20:34:08.0853 3112 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
20:34:08.0869 3112 ssrtln - ok
20:34:08.0947 3112 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:34:08.0947 3112 StillCam - ok
20:34:09.0041 3112 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:34:09.0041 3112 swenum - ok
20:34:09.0072 3112 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:34:09.0072 3112 swmidi - ok
20:34:09.0119 3112 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:34:09.0119 3112 symc810 - ok
20:34:09.0182 3112 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:34:09.0182 3112 symc8xx - ok
20:34:09.0228 3112 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:34:09.0228 3112 sym_hi - ok
20:34:09.0322 3112 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:34:09.0322 3112 sym_u3 - ok
20:34:09.0385 3112 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:34:09.0385 3112 sysaudio - ok
20:34:09.0541 3112 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:34:09.0557 3112 Tcpip - ok
20:34:09.0603 3112 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
20:34:09.0603 3112 Tcpip6 - ok
20:34:09.0775 3112 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:34:09.0775 3112 TDPIPE - ok
20:34:09.0869 3112 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:34:09.0869 3112 TDTCP - ok
20:34:09.0978 3112 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:34:09.0978 3112 TermDD - ok
20:34:10.0057 3112 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
20:34:10.0057 3112 tfsnboio - ok
20:34:10.0072 3112 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
20:34:10.0072 3112 tfsncofs - ok
20:34:10.0103 3112 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
20:34:10.0103 3112 tfsndrct - ok
20:34:10.0135 3112 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
20:34:10.0135 3112 tfsndres - ok
20:34:10.0166 3112 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
20:34:10.0166 3112 tfsnifs - ok
20:34:10.0182 3112 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
20:34:10.0182 3112 tfsnopio - ok
20:34:10.0213 3112 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
20:34:10.0213 3112 tfsnpool - ok
20:34:10.0228 3112 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
20:34:10.0244 3112 tfsnudf - ok
20:34:10.0275 3112 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
20:34:10.0275 3112 tfsnudfa - ok
20:34:10.0291 3112 TLRecAgent - ok
20:34:10.0369 3112 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:34:10.0369 3112 TosIde - ok
20:34:10.0416 3112 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
20:34:10.0416 3112 tunmp - ok
20:34:10.0447 3112 UALFDrv2 - ok
20:34:10.0541 3112 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:34:10.0541 3112 Udfs - ok
20:34:10.0603 3112 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:34:10.0603 3112 ultra - ok
20:34:10.0666 3112 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:34:10.0682 3112 Update - ok
20:34:10.0744 3112 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:34:10.0744 3112 USBAAPL - ok
20:34:10.0822 3112 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:34:10.0822 3112 usbaudio - ok
20:34:10.0916 3112 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
20:34:10.0916 3112 usbbus - ok
20:34:10.0978 3112 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:34:10.0978 3112 usbccgp - ok
20:34:11.0041 3112 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
20:34:11.0041 3112 UsbDiag - ok
20:34:11.0119 3112 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:34:11.0119 3112 usbehci - ok
20:34:11.0213 3112 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:34:11.0213 3112 usbhub - ok
20:34:11.0307 3112 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
20:34:11.0307 3112 USBModem - ok
20:34:11.0463 3112 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:34:11.0463 3112 usbprint - ok
20:34:11.0572 3112 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:34:11.0572 3112 usbscan - ok
20:34:11.0619 3112 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:34:11.0619 3112 USBSTOR - ok
20:34:11.0650 3112 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:34:11.0650 3112 usbuhci - ok
20:34:11.0697 3112 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
20:34:11.0697 3112 usb_rndisx - ok
20:34:11.0760 3112 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:34:11.0760 3112 VgaSave - ok
20:34:11.0807 3112 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:34:11.0807 3112 viaagp - ok
20:34:11.0885 3112 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:34:11.0885 3112 ViaIde - ok
20:34:11.0978 3112 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:34:11.0978 3112 VolSnap - ok
20:34:12.0025 3112 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:34:12.0025 3112 Wanarp - ok
20:34:12.0041 3112 wanatw - ok
20:34:12.0119 3112 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:34:12.0135 3112 Wdf01000 - ok
20:34:12.0166 3112 WDICA - ok
20:34:12.0197 3112 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:34:12.0197 3112 wdmaud - ok
20:34:12.0291 3112 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
20:34:12.0291 3112 WinUSB - ok
20:34:12.0400 3112 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:34:12.0400 3112 WpdUsb - ok
20:34:12.0572 3112 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:34:12.0572 3112 WS2IFSL - ok
20:34:12.0650 3112 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:34:12.0650 3112 WudfPf - ok
20:34:12.0728 3112 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:34:12.0728 3112 WudfRd - ok
20:34:12.0760 3112 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
20:34:12.0807 3112 \Device\Harddisk0\DR0 - ok
20:34:12.0822 3112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:34:12.0822 3112 \Device\Harddisk1\DR1 - ok
20:34:12.0853 3112 Boot (0x1200) (8f40cdef114d27cfc3267cbb77ba0a73) \Device\Harddisk0\DR0\Partition0
20:34:12.0853 3112 \Device\Harddisk0\DR0\Partition0 - ok
20:34:12.0869 3112 Boot (0x1200) (dc580cdbd9d56fc8813c7df2a07adcab) \Device\Harddisk1\DR1\Partition0
20:34:12.0869 3112 \Device\Harddisk1\DR1\Partition0 - ok
20:34:12.0869 3112 ============================================================
20:34:12.0869 3112 Scan finished
20:34:12.0869 3112 ============================================================
20:34:12.0885 2332 Detected object count: 0
20:34:12.0885 2332 Actual detected object count: 0

to forum · permalink · 2012-02-01 23:35:18 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

Thanks for adding that

We ask for your patience till LoPhatPhuud See Profile has time to review.

Please do not make any changes to your system at this time

to forum · permalink · 2012-02-01 23:51:04 ·

Mark8g

join:2012-02-01

I await LoPhatPhuud.........

to forum · permalink · 2012-02-02 00:30:32 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

reply to Mark8g
The OTL log shows both HitMan Pro and Combofix installed.

If still available, post the logs from both programs please.

to forum · permalink · 2012-02-02 12:06:42 ·

Mark8g

join:2012-02-01

Hitmanlog saved as xml and couldn't post.

to forum · permalink · 2012-02-02 12:53:25 ·

Mark8g

join:2012-02-01

reply to LoPhatPhuud

~ ~ ~ ComboFix:
ComboFix 12-01-26.03 - Adas 02/02/2012 9:33.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2411 [GMT -8:00]
Running from: c:\documents and settings\Adas\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Adas\Application Data\vso_ts_preview.xml
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-02 00:21 . 2012-02-02 00:21 -------- d-----w- c:\program files\ESET
2012-02-02 00:15 . 2012-02-02 00:15 -------- d-----w- c:\documents and settings\Adas\Application Data\QuickScan
2012-02-01 20:28 . 2012-02-01 20:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-01 20:28 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 07:57 . 2012-02-02 17:21 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-02-01 07:57 . 2012-02-01 07:57 -------- d-----w- c:\program files\Hitman Pro 3.5
2012-02-01 07:56 . 2012-02-01 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2012-01-31 22:50 . 2012-01-31 22:50 -------- d-----w- c:\program files\Sophos
2012-01-28 04:27 . 2012-01-28 04:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-01-25 18:54 . 2012-01-25 18:56 -------- d-----w- c:\program files\iTunes
2012-01-25 15:42 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-01-25 07:59 . 2012-01-25 07:59 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-25 07:58 . 2012-01-25 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-01-25 07:22 . 2012-01-27 22:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-25 07:15 . 2012-01-27 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-01-25 07:14 . 2012-01-25 15:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-24 07:29 . 2012-01-24 07:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\PeerNetworking
2012-01-24 07:29 . 2012-01-24 07:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PeerNetworking
2012-01-24 07:28 . 2012-01-24 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\crowsoft
2012-01-24 07:28 . 2012-01-24 07:38 -------- d-----w- c:\program files\LAN On Internet Pro
2012-01-24 07:28 . 2009-12-31 21:21 153088 ----a-w- c:\windows\system32\LOILSP.dll
2012-01-24 07:28 . 2009-12-31 21:21 32768 ----a-w- c:\windows\system32\ilannsp.dll
2012-01-15 17:43 . 2012-01-19 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-15 17:33 . 2012-01-15 17:35 -------- d-----w- c:\documents and settings\Adas\Application Data\PerformerSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2004-08-19 20:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 18:01 . 2011-07-22 08:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-08-19 20:49 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-19 20:49 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-19 20:49 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-19 20:49 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2004-08-19 20:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-19 20:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-19 20:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Medialink Utilty"="c:\program files\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2170904]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2009-09-26 518040]
.
c:\documents and settings\Adas\Start Menu\Programs\Startup\
TClock2.lnk - c:\documents and settings\Adas\Desktop\tclock2_120\tclock2.exe [2003-8-3 90624]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Adas^Start Menu^Programs^Startup^santa.bat]
path=c:\documents and settings\Adas\Start Menu\Programs\Startup\santa.bat
backup=c:\windows\pss\santa.batStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Adas^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Adas\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=c:\windows\pss\LaunchU3.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2009-09-26 14:39 518040 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C86 Series]
2003-11-25 11:00 99840 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2R1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-05 01:12 136176 ----atw- c:\documents and settings\Adas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-08-24 17:29 206240 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 14:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-17 01:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 22:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor with AntiVirus]
2012-01-25 07:13 512992 ----a-w- c:\documents and settings\Adas\Desktop\sdasetup_revwire207.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 18:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"WMPNetworkSvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Adas\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55061:TCP"= 55061:TCP:uTorr
"55061:UDP"= 55061:UDP:uTorr
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 3:32 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 6:54 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 6:35 AM 819600]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/1/2012 12:28 PM 652360]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 2:04 PM 447832]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3/30/2011 4:17 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/1/2012 12:28 PM 20464]
R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 2:04 PM 543064]
R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 2:04 PM 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 2:05 PM 21864]
R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 2:04 PM 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 2:04 PM 203608]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/29/2009 2:42 AM 135664]
S2 TLRecAgent;TLRecAgent;\??\c:\windows\system32\drivers\TLRecAgent.sys --> c:\windows\system32\drivers\TLRecAgent.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/29/2009 2:42 AM 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 3:28 AM 4639136]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/3/2008 5:44 PM 47360]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [3/6/2010 4:57 PM 9472]
S3 UALFDrv2;UALFDrv2;c:\windows\system32\DRIVERS\UALFDrv2.sys --> c:\windows\system32\DRIVERS\UALFDrv2.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/19/2004 12:49 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - hitmanpro35
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 10:42]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 10:42]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083693124-1905285605-2234644732-1006Core.job
- c:\documents and settings\Adas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:12]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083693124-1905285605-2234644732-1006UA.job
- c:\documents and settings\Adas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:12]
.
2011-05-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
2012-02-02 c:\windows\Tasks\User_Feed_Synchronization-{91698C7F-12F0-4233-8367-1B419D53299C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2012-02-02 09:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-02-02 09:41:07
ComboFix-quarantined-files.txt 2012-02-02 17:40
ComboFix2.txt 2012-01-26 20:36
.
Pre-Run: 105,129,107,456 bytes free
Post-Run: 105,107,849,216 bytes free
.
- - End Of File - - 50474C8AAB7B9B6483F73D1B47D2DB4A

~ ~ ~ ~ Hitman
to forum · permalink · 2012-02-02 12:54:12 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to Mark8g
This shows in the Combofix log, any idea what it is?

c:\documents and settings\Adas\Start Menu\Programs\Startup\santa.bat

Also...

Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-02-02 13:12:29 ·

Mark8g

join:2012-02-01

Took a while to get to sophos…kept getting SSL errors …like:

[ This is probably not the site you are looking for! You attempted to reach www.google.com, but instead you actually reached a server identifying itself as*.addthis.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of www.google.com. You should not proceed.]

and

[You attempted to reach www.intrade.com, but instead you actually reached a server identifying itself as*.googleapis.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of www.intrade.com. You should not proceed.]

Btw – I try Chrome and IE..got to site by going through a cached snapshot…and then I only got unformatted text version.

Also if I do manage to get to a website – often time lots of empty placeholders with Invalid URL.
[The requested URL "/udm/img.fetch?sid=4105;tid=2;ev=1;dt=1;", is invalid. Reference #9.58f4c541.1328209278.552bd0b0]

Don’t know what santa.bat is – don’t see it when I look in c:\documents and settings\Adas\Start Menu\Programs\Startup\.

Also – have one laptop and two ipads and two smart phones connected to my router – none show issues so I am discounting any potential router virus/issues.

~ ~ ~ Sophos log

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 2/2/2012 at 10:25:11 AM
User "Adas" on computer "ADAS"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet108-109man.exe
Hidden: file C:\dell\Utilities\Driver Reset Tool\Driver Reset.exe
Hidden: file C:\dell\mmkey.exe
Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf108-109man.exe
Hidden: file C:\Program Files\VideoLAN\vlc-1.1.11-win32.exe
Hidden: file C:\Program Files\Dell Support\BrowserPlugins\LicValidate.dll
Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet111-112man.exe
Hidden: file C:\Program Files\Sonic\MyDVD\MyDVD.EXE
Hidden: file C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Paint Shop Pro Studio.exe
Hidden: file C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acssetup.exe
Hidden: file C:\Program Files\Common Files\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll
Hidden: file C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\HTML\MakeDesktopShortcut.EXE
Hidden: file C:\Documents and Settings\Adas\Desktop\MOTIVATION\BT\BT Etc\Winning Secrets\youtubedownloader.exe
Hidden: file C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0000ec
Hidden: file C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch7\HTML\MakeDesktopShortcut.EXE
Hidden: file C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch8\HTML\MakeDesktopShortcut.EXE
Hidden: file C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1517\A0230201.exe
Hidden: file C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1517\A0230215.exe
Hidden: file C:\WINDOWS\PEV.exe
Hidden: file C:\Documents and Settings\Adas\.housecall\tsc.exe
Hidden: file C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1517\A0230289.exe
Hidden: file C:\dell\WBDBU32I.DLL
Hidden: file C:\Program Files\YouTube Downloader\Uninstall.exe
Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet110-111man.exe
Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf110-111man.exe
Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet114-115man.exe
Hidden: file C:\Program Files\VirtualDub\VirtualDub.exe
Hidden: file C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
Hidden: file C:\Documents and Settings\Adas\My Documents\Bohuslav Martinu\Piano Concertos\Piano Concertos - Czech Philharmonic Orchestra Leichner Belohlavek Neumann\Martinu - Concerto Piano, Timpani & Double String Orchestra 3. Czech Philharmonic Orchestra. Saroun. Mazacek. Belohlavek..mp3
Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet113-114man.exe
Hidden: file C:\Program Files\Azureus\Uninstall.exe
Hidden: file C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\Uninstall.exe
Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf112-113man.exe
Hidden: file C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000401
Hidden: file C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1525\A0236333.exe
Hidden: file C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000483
Hidden: file C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1525\A0236393.exe
Hidden: file C:\Program Files\Essentials Codec Pack\mplayerc.exe
Hidden: file C:\Documents and Settings\Adas\.housecall6.6\tsc.exe
Hidden: file C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1519\A0230747.exe
Hidden: file C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe
Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet109-110man.exe
Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf109-110man.exe
Hidden: file C:\Documents and Settings\Adas\Local Settings\Application Data\Trend Micro\HCMS\checkup\en-US\components\TSC.EXE
Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet112-113man.exe
Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf111-112man.exe
Hidden: file C:\Program Files\DVD Flick\imgburn\ImgBurnPreview.exe
Hidden: file C:\Program Files\VideoLAN\VLC\uninstall.exe
Hidden: file C:\epson\epson11350\SETUP\SETUP.EXE
Hidden: file C:\Documents and Settings\Adas\My Documents\videoraipodconverter_Installer.exe
Hidden: file C:\Program Files\AviSynth 2.5\Uninstall.exe
Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet116-117man.exe
Hidden: file C:\Program Files\DVD Flick\imgburn\imgburn.exe
Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf114-115man.exe
Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet115-116man.exe
Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf113-114man.exe
Hidden: file C:\Program Files\Microsoft Games\Flight Simulator 9\fs9_org.exe
Hidden: file C:\Documents and Settings\Adas\My Documents\Bohuslav Martinu\Piano Concertos\Piano Concertos - Czech Philharmonic Orchestra Leichner Belohlavek Neumann\Martinu - Concerto Piano, Timpani & Double String Orchestra 1. Czech Philharmonic Orchestra. Saroun. Mazacek. Belohlavek..mp3
Hidden: file C:\Documents and Settings\Adas\My Documents\Bohuslav Martinu\Piano Concertos\Piano Concertos - Czech Philharmonic Orchestra Leichner Belohlavek Neumann\Martinu - Concerto Piano, Timpani & Double String Orchestra 2. Czech Philharmonic Orchestra. Saroun. Mazacek. Belohlavek..mp3
Hidden: file C:\Program Files\Series7_Exam_FD\PracticeTest1.exe
Hidden: file C:\Program Files\Series7_Exam_FD\PracticeTest2.exe
Hidden: file C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
Hidden: file C:\Program Files\K-Lite Codec Pack\filters\bass_aac.dll
Hidden: file C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll
Hidden: file C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll
Hidden: file C:\Program Files\AoA Audio Extractor\avcodec-51.dll
Hidden: file C:\Program Files\AoA Audio Extractor\avformat-50.dll
Hidden: file C:\Documents and Settings\Adas\Desktop\Series 7\Start.exe
Hidden: file C:\Documents and Settings\Adas\Desktop\Series 7\tests\PracticeTest1.exe
Hidden: file C:\Documents and Settings\Adas\Desktop\Series 7\tests\PracticeTest2.exe
Hidden: file C:\Documents and Settings\Adas\Desktop\Series 7\tests\installTests.EXE
Hidden: file C:\Documents and Settings\Adas\Desktop\MOTIVATION\Winning Secrets\youtubedownloader.exe
Hidden: file C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
Hidden: file C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1515\A0229722.exe
Info: Starting disk scan of D: (NTFS).
Hidden: file D:\~Music\Kronos quartet - Pieces of Africa\flac112a.exe
Hidden: file D:\Rosetta.Stone\Rosetta Stone v3.3.5 for Windows\Rosetta Stone v3.3.5 for Windows\RosettaStoneSetup.exe
Hidden: file D:\~High Performance Selling\High Performance Selling [Robert Kiyosaki, Tony robbins, T Harv Eker, Bonnie Holscher, Bob Proctor]\Free Texas Holdem Poker Bot\HoldemIndicatorSetup.exe
Hidden: file D:\Ringtones_Deluxe\Ringtones4DLX_MP3_PALM\Ringtone Browser.exe
Stopped logging on 2/2/2012 at 12:37:22 PM
to forum · permalink · 2012-02-02 16:38:19 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to Mark8g
Thanks for the info. The router was on my list of things to question. This is a puzzler. Nothing glaring so far to indicate what is the cause. The santa.bat, by name alone is suspicious so that's out next target.

Also, I am going to ask someone else to take a look at this thread for a second opinion. Sometimes it's starting at you and you don't see it.

For Now...

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

quote:
KillAll::

File::
c:\documents and settings\Adas\Start Menu\Programs\Startup\santa.bat

Folder::

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Let me know if this makes a difference.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum
to forum · permalink · 2012-02-04 11:37:13 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to Mark8g
One other check..

Please download

 
http://public.avast.com/~gmerek/aswMBR.exe

aswMBR ( 511KB ) to your desktop.

[*]Double click the aswMBR.exe icon to run it
[*]Click the Scanbutton to start the scan
[*]On completion of the scan, click the save logbutton, save it to your desktop and post it in your next reply.

Note: Do not install Avast anti virus when offered.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum
to forum · permalink · 2012-02-05 10:24:17 ·

Mark8g

join:2012-02-01
1 edit

reply to LoPhatPhuud

Ran Combofix as instructed....

Cobofix log below.

Searched registry and found the following after running Combofix:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Adas^Start Menu^Programs^Startup^santa.bat

Unsuccessful downloading :

 
http://public.avast.com/~gmerek/aswMBR.exe

It's a matter of principal now - need to fix this old girl.

~ ~ Combofix log

ComboFix 12-02-02.02 - Adas 02/05/2012 19:40:38.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2561 [GMT -8:00]
Running from: c:\documents and settings\Adas\Desktop\ComboFix\ComboFix.exe
Command switches used :: c:\documents and settings\Adas\Desktop\ComboFix\CFScript.txt
.
FILE ::
"c:\documents and settings\Adas\Start Menu\Programs\Startup\santa.bat"
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-03 04:13 . 2012-02-03 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2012-02-03 04:13 . 2012-02-03 04:13 -------- d-----w- c:\program files\iolo
2012-02-03 04:13 . 2012-02-03 04:13 -------- d-----w- c:\documents and settings\Adas\Application Data\iolo
2012-02-02 00:21 . 2012-02-02 00:21 -------- d-----w- c:\program files\ESET
2012-02-02 00:15 . 2012-02-02 00:15 -------- d-----w- c:\documents and settings\Adas\Application Data\QuickScan
2012-02-01 20:28 . 2012-02-01 20:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-01 20:28 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 07:57 . 2012-02-02 17:21 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-02-01 07:57 . 2012-02-01 07:57 -------- d-----w- c:\program files\Hitman Pro 3.5
2012-02-01 07:56 . 2012-02-01 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2012-01-31 22:50 . 2012-01-31 22:50 -------- d-----w- c:\program files\Sophos
2012-01-28 04:27 . 2012-01-28 04:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-01-25 18:54 . 2012-01-25 18:56 -------- d-----w- c:\program files\iTunes
2012-01-25 15:42 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-01-25 07:59 . 2012-01-25 07:59 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-25 07:58 . 2012-01-25 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-01-25 07:22 . 2012-01-27 22:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-25 07:15 . 2012-01-27 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-01-25 07:14 . 2012-01-25 15:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-24 07:29 . 2012-01-24 07:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\PeerNetworking
2012-01-24 07:29 . 2012-01-24 07:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PeerNetworking
2012-01-24 07:28 . 2012-01-24 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\crowsoft
2012-01-24 07:28 . 2012-01-24 07:38 -------- d-----w- c:\program files\LAN On Internet Pro
2012-01-24 07:28 . 2009-12-31 21:21 153088 ----a-w- c:\windows\system32\LOILSP.dll
2012-01-24 07:28 . 2009-12-31 21:21 32768 ----a-w- c:\windows\system32\ilannsp.dll
2012-01-15 17:43 . 2012-01-19 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-15 17:33 . 2012-01-15 17:35 -------- d-----w- c:\documents and settings\Adas\Application Data\PerformerSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2004-08-19 20:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 18:01 . 2011-07-22 08:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-08-19 20:49 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-19 20:49 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-19 20:49 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-19 20:49 152064 ----a-w- c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_20.31.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-06 03:55 . 2012-02-06 03:55 16384 c:\windows\Temp\Perflib_Perfdata_3a4.dat
+ 2011-06-11 09:58 . 2011-06-11 09:58 51024 c:\windows\system32\vcomp100.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 81744 c:\windows\system32\mfcm100u.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 81744 c:\windows\system32\mfcm100.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 60752 c:\windows\system32\mfc100rus.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 43344 c:\windows\system32\mfc100kor.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 62288 c:\windows\system32\mfc100ita.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 64336 c:\windows\system32\mfc100fra.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 63824 c:\windows\system32\mfc100esn.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 55120 c:\windows\system32\mfc100enu.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 64336 c:\windows\system32\mfc100deu.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 36176 c:\windows\system32\mfc100cht.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 36176 c:\windows\system32\mfc100chs.dll
+ 2012-02-01 23:46 . 2012-02-01 23:46 22016 c:\windows\Installer\be2d72.msi
+ 2012-01-27 22:26 . 2012-01-27 22:26 24576 c:\windows\Installer\3b202.msi
+ 2011-06-11 09:58 . 2011-06-11 09:58 773968 c:\windows\system32\msvcr100.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 421200 c:\windows\system32\msvcp100.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 138056 c:\windows\system32\atl100.dll
+ 2012-01-31 18:10 . 2012-01-31 18:10 160768 c:\windows\Installer\52c2da.msi
+ 2011-06-11 09:58 . 2011-06-11 09:58 4422992 c:\windows\system32\mfc100u.dll
+ 2011-06-11 09:58 . 2011-06-11 09:58 4397384 c:\windows\system32\mfc100.dll
+ 2012-01-31 20:19 . 2012-01-31 20:19 4698112 c:\windows\Installer\728a8.msi
+ 2012-02-02 02:07 . 2012-02-02 02:07 2186240 c:\windows\Installer\13f57dc.msi
+ 2011-06-29 05:27 . 2011-06-29 05:27 4028928 c:\windows\Installer\1253ae.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Medialink Utilty"="c:\program files\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2170904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2009-09-26 518040]
.
c:\documents and settings\Adas\Start Menu\Programs\Startup\
TClock2.lnk - c:\documents and settings\Adas\Desktop\tclock2_120\tclock2.exe [2003-8-3 90624]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Adas^Start Menu^Programs^Startup^santa.bat]
path=c:\documents and settings\Adas\Start Menu\Programs\Startup\santa.bat
backup=c:\windows\pss\santa.batStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Adas^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Adas\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=c:\windows\pss\LaunchU3.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 04:57 395776 ----a-w- c:\progra~1\DELLSU~1\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2009-09-26 14:39 518040 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C86 Series]
2003-11-25 11:00 99840 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2R1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-05 01:12 136176 ----atw- c:\documents and settings\Adas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-08-24 17:29 206240 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 14:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-17 01:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 22:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor with AntiVirus]
2012-01-25 07:13 512992 ----a-w- c:\documents and settings\Adas\Desktop\sdasetup_revwire207.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 18:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"WMPNetworkSvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Adas\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55061:TCP"= 55061:TCP:uTorr
"55061:UDP"= 55061:UDP:uTorr
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 6:35 AM 819600]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/1/2012 12:28 PM 652360]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 2:04 PM 447832]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/1/2012 12:28 PM 20464]
R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 2:04 PM 543064]
R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 2:04 PM 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 2:05 PM 21864]
R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 2:04 PM 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 2:04 PM 203608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/29/2009 2:42 AM 135664]
S2 TLRecAgent;TLRecAgent;\??\c:\windows\system32\drivers\TLRecAgent.sys --> c:\windows\system32\drivers\TLRecAgent.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/29/2009 2:42 AM 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6D.tmp --> c:\windows\system32\6D.tmp [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 3:28 AM 4639136]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/3/2008 5:44 PM 47360]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [3/6/2010 4:57 PM 9472]
S3 UALFDrv2;UALFDrv2;c:\windows\system32\DRIVERS\UALFDrv2.sys --> c:\windows\system32\DRIVERS\UALFDrv2.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/19/2004 12:49 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 10:42]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 10:42]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083693124-1905285605-2234644732-1006Core.job
- c:\documents and settings\Adas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:12]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083693124-1905285605-2234644732-1006UA.job
- c:\documents and settings\Adas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:12]
.
2012-02-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
2012-02-05 c:\windows\Tasks\User_Feed_Synchronization-{91698C7F-12F0-4233-8367-1B419D53299C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2012-02-05 19:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6D.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\documents and settings\Adas\Desktop\tclock2_120\tc2dll.tclock
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\MsPMSPSv.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2012-02-05 20:04:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-06 04:04
ComboFix2.txt 2012-02-02 17:41
ComboFix3.txt 2012-01-26 20:36
.
Pre-Run: 105,026,727,936 bytes free
Post-Run: 105,135,157,248 bytes free
.
- - End Of File - - 61533BA0505C248B6D68076413513DC2
to forum · permalink · 2012-02-05 23:36:39 ·

Mark8g

join:2012-02-01

reply to LoPhatPhuud
Also - I did have 404 not found errors show up on another laptop connected to the wireless router.

Would resetting the router to factory specs take that out of the equation?

to forum · permalink · 2012-02-05 23:48:23 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to Mark8g

First:
Resetting the router certainly will not hurt. At least you can eliminate it as a source of the problem. At best, it will fix a few issues.


Second:
Instead of aswMBR, try this..

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.



 
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
http://ad13.geekstogo.com/MBRCheck.exe
http://www.kernelmode.info/MBRCheck.exe

  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.




Third:
1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

quote:
KillAll::

File::

Folder::

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Adas^Start Menu^Programs^Startup^santa.bat]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor with AntiVirus]

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum
to forum · permalink · 2012-02-06 11:43:24 ·
Forums > Broadband Tech > Security > Security Cleanup
page: 1 · 2

Wednesday, 22-May 22:19:01 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics