[Rootkit] I give up - redirect / Malware? virus? Trojan? Rootkit - Security Cleanup

Author	All Replies
Mark8g join:2012-02-01	[Rootkit] I give up - redirect / Malware? virus? Trojan? Rootkit For days now I've tried everything to clean up my Win-XP system. Nothing works. I get re-directs when I try to go to a website. 404 errors. 400 errors. Bookmarked sites work, and then re-direct or just stop. I made an online purchase and on the last page to complete the transaction get an SSL error. I've gone through every clean up trick I could find...still happens. ~ ~ ~ ~ MBAM log: Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.01.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Adas :: ADAS [administrator] Protection: Disabled 2/1/2012 12:29:02 PM mbam-log-2012-02-01 (12-29-02).txt Scan type: Full scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 519101 Time elapsed: 3 hour(s), 27 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ~ ~ ~ ~ ~ OTL.txt: OTL logfile created on: 2/1/2012 4:00:20 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Adas\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.00 Gb Total Physical Memory \| 2.37 Gb Available Physical Memory \| 79.14% Memory free 5.84 Gb Paging File \| 5.32 Gb Available in Paging File \| 91.05% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 228.13 Gb Total Space \| 97.61 Gb Free Space \| 42.79% Space Free \| Partition Type: NTFS Drive D: \| 465.76 Gb Total Space \| 58.86 Gb Free Space \| 12.64% Space Free \| Partition Type: NTFS Computer Name: ADAS \| User Name: Adas \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/02/01 13:26:44 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Adas\Desktop\OTL.exe PRC - [2012/01/24 17:24:26 \| 002,416,480 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe PRC - [2011/11/28 01:19:04 \| 001,229,664 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe PRC - [2011/10/12 05:25:22 \| 004,433,248 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe PRC - [2011/10/10 05:23:34 \| 000,973,664 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe PRC - [2011/09/08 19:53:26 \| 000,743,264 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2011/08/15 05:21:40 \| 000,337,760 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2011/08/02 05:09:08 \| 000,192,776 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2008/04/13 16:12:19 \| 001,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/11/03 07:28:36 \| 001,292,288 \| ---- \| M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2011/02/04 17:48:30 \| 000,291,840 \| ---- \| M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2008/04/13 16:11:59 \| 000,014,336 \| ---- \| M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/13 16:11:51 \| 000,059,904 \| ---- \| M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2007/09/20 17:34:58 \| 000,129,024 \| ---- \| M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2007/03/02 11:44:34 \| 000,073,728 \| ---- \| M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011/10/12 05:25:22 \| 004,433,248 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [Auto \| Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/08/02 05:09:08 \| 000,192,776 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [Auto \| Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2009/09/23 14:04:56 \| 000,203,608 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009/09/23 14:04:52 \| 000,447,832 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009/02/05 14:55:18 \| 000,655,624 \| ---- \| M] (Acresso Software Inc.) [On_Demand \| Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/04/13 16:12:02 \| 000,105,472 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc) SRV - [2006/11/03 18:19:58 \| 000,013,592 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2005/04/25 05:49:52 \| 000,086,142 \| ---- \| M] (Intel Corporation) [Auto \| Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2012/02/01 00:12:03 \| 000,023,624 \| ---- \| M] () [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35) DRV - [2011/12/10 15:24:06 \| 000,020,464 \| ---- \| M] (Malwarebytes Corporation) [File_System \| Disabled \| Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/10/07 05:23:48 \| 000,230,608 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2011/10/04 05:21:42 \| 000,016,720 \| ---- \| M] (AVG Technologies CZ, s.r.o. ) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011/09/13 05:30:10 \| 000,032,592 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [File_System \| Boot \| Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2011/08/08 05:08:58 \| 000,040,016 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [File_System \| System \| Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/07/11 00:14:38 \| 000,295,248 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011/07/11 00:14:28 \| 000,024,272 \| ---- \| M] (AVG Technologies CZ, s.r.o. ) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011/07/11 00:14:28 \| 000,023,120 \| ---- \| M] (AVG Technologies CZ, s.r.o. ) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2011/07/11 00:14:26 \| 000,134,608 \| ---- \| M] (AVG Technologies CZ, s.r.o. ) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2010/02/11 04:02:15 \| 000,226,880 \| ---- \| M] (Microsoft Corporation) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009/09/23 14:05:06 \| 000,021,864 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir) DRV - [2009/09/23 14:04:56 \| 000,014,680 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys -- (sftvol) DRV - [2009/09/23 14:04:54 \| 000,190,312 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys -- (sftplay) DRV - [2009/09/23 14:04:52 \| 000,543,064 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys -- (sftfs) DRV - [2009/03/04 17:30:14 \| 000,709,248 \| ---- \| M] (Ralink Technology, Corp.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2008/04/13 10:45:34 \| 000,046,592 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus) DRV - [2007/06/15 01:47:26 \| 001,127,936 \| ---- \| M] (Creative Technology Ltd.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17) DRV - [2007/04/09 08:56:22 \| 000,021,248 \| ---- \| M] (LG Electronics Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2007/04/09 08:55:08 \| 000,022,912 \| ---- \| M] (LG Electronics Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2007/04/09 08:53:24 \| 000,012,672 \| ---- \| M] (LG Electronics Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2006/11/02 07:00:08 \| 000,039,368 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2006/09/28 14:32:14 \| 000,009,472 \| ---- \| M] (June Fabrics Technology) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm) DRV - [2006/01/10 10:07:58 \| 000,004,864 \| ---- \| M] (GTek Technologies Ltd.) [Kernel \| On_Demand \| Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005/04/14 23:14:58 \| 001,130,496 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/01/10 09:15:30 \| 000,106,496 \| ---- \| M] (Creative Technology Ltd.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2005/01/10 09:15:24 \| 000,138,752 \| ---- \| M] (Creative Technology Ltd) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2004/12/22 10:58:14 \| 000,008,704 \| ---- \| M] (Creative Technology Ltd.) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT) DRV - [2004/11/02 12:12:14 \| 000,019,456 \| ---- \| M] (Intel Corporation ) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL) DRV - [2004/06/16 00:52:40 \| 000,061,157 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53) DRV - [2004/03/06 01:15:34 \| 000,647,929 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52) DRV - [2004/03/06 01:14:42 \| 001,233,525 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51) DRV - [2004/03/06 01:13:38 \| 000,037,048 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt) DRV - [2002/11/08 16:45:06 \| 000,017,217 \| ---- \| M] (Dell Computer Corporation) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.bing.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = »www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = »www.google.com/ie IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Adas\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Adas\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 12:19:25 \| 000,000,000 \| ---D \| M] [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Adas\Application Data\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Adas\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Entanglement = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\ CHR - Extension: AVG Safe Search = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\ CHR - Extension: Poppit = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ CHR - Extension: Classic Blue Theme for Google Chrome\u2122 = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oppbdedflbioggjkeneigjcmpomohajo\1.3_0\ O1 HOSTS File: ([2012/01/26 12:29:50 \| 000,000,027 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Medialink Utilty] C:\Program Files\Medialink\MWN-USB150N\UI.exe (MEDIALINK) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\Adas\Start Menu\Programs\Startup\TClock2.lnk = C:\Documents and Settings\Adas\Desktop\tclock2_120\tclock2.exe (Two_toNe) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM () O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM () O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites) O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} »codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} »support.att.net/sdccommon/downlo···tlcm.cab (Support.com Configuration Class) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} »support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class) O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} »housecall60.trendmicro.com/house···an60.cab (HouseCall Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} »fpdownload.macromedia.com/get/sh···r/sw.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} »download.microsoft.com/download/···trol.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} »www.trendsecure.com/framework/co···cmsX.CAB (TmHcmsX Control) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} »office.microsoft.com/officeupdat···puc3.cab (Office Update Installation Engine) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} »dlm.tools.akamai.com/dlmanager/v···.5.0.cab (DLM Control) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} »catalog.update.microsoft.com/v7/···22681802 (MUCatalogWebControl Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} »update.microsoft.com/windowsupda···71376303 (WUWebControl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} »download.divx.com/player/DivXBro···ugin.cab (Reg Error: Key error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} »update.microsoft.com/microsoftup···70480250 (MUWebControl Class) O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} »housecall65.trendmicro.com/house···Impl.cab (Trend Micro ActiveX Scan Agent 6.5) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} »fpdownload.macromedia.com/get/fl···shim.cab (Reg Error: Key error.) O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} »www.trendmicro.com/spyware-scan/as4web.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} »wwwimages.adobe.com/www.adobe.co···s/gp.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} »fpdownload2.macromedia.com/get/s···lash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F53F207-C041-46F9-B32C-35B8C03FEEE9}: DhcpNameServer = 192.168.1.1 68.238.64.12 O18 - Protocol\Handler\cf - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Adas/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Components:1 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Adas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/19 13:07:14 \| 000,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/02/01 15:56:41 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Adas\Desktop\ScanFiles [2012/02/01 13:26:43 \| 000,584,192 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Adas\Desktop\OTL.exe [2012/02/01 12:28:08 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/02/01 12:28:07 \| 000,020,464 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/02/01 12:28:07 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/02/01 12:27:03 \| 009,502,424 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Adas\Desktop\mbam--setup-1.60.1.1000.exe [2012/02/01 11:58:30 \| 000,446,464 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Adas\Desktop\TFC.exe [2012/01/31 23:57:44 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Hitman Pro 3.5 [2012/01/31 23:57:44 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5 [2012/01/31 23:56:21 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2012/01/31 22:22:28 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Adas\My Documents\[ www.TorrentDay.com ] - 400.Years.of.the.Telescope.HDTV.XviD-QCF [2012/01/31 14:50:42 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Sophos [2012/01/31 05:35:08 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Adas\Desktop\TrendHijackThis [2012/01/27 20:27:11 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET [2012/01/27 14:49:56 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Adas\Start Menu\Programs\Google Chrome [2012/01/27 14:34:14 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2012/01/26 17:58:07 \| 000,000,000 \| -HSD \| C] -- C:\RECYCLER [2012/01/26 12:10:32 \| 000,000,000 \| RHSD \| C] -- C:\cmdcons [2012/01/26 12:08:04 \| 000,518,144 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/01/26 12:08:04 \| 000,406,528 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/01/26 12:08:04 \| 000,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/01/26 12:08:04 \| 000,060,416 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/01/26 12:06:31 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2012/01/26 11:23:51 \| 000,000,000 \| ---D \| C] -- C:\Qoobox [2012/01/25 10:56:26 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2012/01/25 10:54:49 \| 000,000,000 \| ---D \| C] -- C:\Program Files\iTunes [2012/01/25 07:42:08 \| 000,200,976 \| ---- \| C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2012/01/25 00:29:58 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Adas\Desktop\pina [2012/01/24 23:58:34 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2012/01/24 23:39:05 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Adas\Desktop\HitmanPro [2012/01/24 23:22:22 \| 000,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2012/01/24 23:20:16 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Adas\Desktop\SupAntiSpy [2012/01/24 23:15:29 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\PC Tools [2012/01/24 23:14:51 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Adas\Desktop\spyDr [2012/01/24 23:14:17 \| 000,000,000 \| ---D \| C] -- C:\TDSSKiller_Quarantine [2012/01/24 23:11:41 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Adas\Desktop\tdsskiller [2012/01/23 23:29:32 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\LocalService\Application Data\PeerNetworking [2012/01/23 23:28:55 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\crowsoft [2012/01/23 23:28:54 \| 000,153,088 \| ---- \| C] (CrowSoft) -- C:\WINDOWS\System32\LOILSP.dll [2012/01/23 23:28:54 \| 000,032,768 \| ---- \| C] (CrowSoft) -- C:\WINDOWS\System32\ilannsp.dll [2012/01/23 23:28:54 \| 000,000,000 \| ---D \| C] -- C:\Program Files\LAN On Internet Pro [2012/01/15 09:43:50 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2012/01/15 09:33:20 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Adas\Application Data\PerformerSoft [2012/01/14 22:43:16 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Adas\Desktop\Tinker [2008/11/03 17:44:43 \| 000,047,360 \| ---- \| C] (VSO Software) -- C:\Documents and Settings\Adas\Application Data\pcouffin.sys [2005/09/28 03:21:24 \| 000,065,536 \| ---- \| C] ( ) -- C:\WINDOWS\System32\A3d.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/02/01 15:51:01 \| 000,000,882 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/02/01 15:51:00 \| 000,000,878 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/02/01 15:39:01 \| 000,000,974 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2083693124-1905285605-2234644732-1006UA.job [2012/02/01 13:39:01 \| 000,000,922 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2083693124-1905285605-2234644732-1006Core.job [2012/02/01 13:27:44 \| 000,869,194 \| ---- \| M] () -- C:\Documents and Settings\Adas\Desktop\SecurityCheck.exe [2012/02/01 13:26:44 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Adas\Desktop\OTL.exe [2012/02/01 12:27:19 \| 009,502,424 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Adas\Desktop\mbam--setup-1.60.1.1000.exe [2012/02/01 12:24:06 \| 000,000,325 \| RHS- \| M] () -- C:\boot.ini [2012/02/01 12:20:44 \| 000,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2012/02/01 12:19:05 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2012/02/01 12:18:59 \| 3219,296,256 \| -HS- \| M] () -- C:\hiberfil.sys [2012/02/01 11:58:32 \| 000,446,464 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Adas\Desktop\TFC.exe [2012/02/01 10:44:02 \| 000,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/02/01 08:13:56 \| 087,917,769 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/02/01 07:13:13 \| 000,000,420 \| -H-- \| M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{91698C7F-12F0-4233-8367-1B419D53299C}.job [2012/02/01 00:12:03 \| 000,023,624 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2012/02/01 00:07:45 \| 000,000,338 \| ---- \| M] () -- C:\WINDOWS\System32\.crusader [2012/01/31 23:57:45 \| 000,001,684 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk [2012/01/31 23:54:06 \| 000,000,171 \| ---- \| M] () -- C:\Documents and Settings\Adas\Desktop\Virus Redirects & prevents updates.url [2012/01/31 23:00:43 \| 000,076,800 \| ---- \| M] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/31 11:36:35 \| 000,000,195 \| ---- \| M] () -- C:\Documents and Settings\Adas\Desktop\Trojan Remover - Program Details.url [2012/01/31 11:20:09 \| 000,000,158 \| ---- \| M] () -- C:\Documents and Settings\Adas\Desktop\Internet browser redirecting [Solved] Kioskea.net.url [2012/01/31 07:00:08 \| 000,000,092 \| ---- \| M] () -- C:\Documents and Settings\Adas\Desktop\How To Easily Remove Google Redirect Virus.url [2012/01/30 17:42:27 \| 000,270,191 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012/01/30 11:40:50 \| 000,002,533 \| ---- \| M] () -- C:\Documents and Settings\Adas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk [2012/01/30 00:36:44 \| 000,002,491 \| ---- \| M] () -- C:\Documents and Settings\Adas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007 (2).lnk [2012/01/27 20:21:31 \| 000,000,113 \| ---- \| M] () -- C:\Documents and Settings\Adas\Desktop\How do I remove a Google Redirect Virus-- My TrendMicro and Windows Defender are not finding it. - Google Groups.url [2012/01/27 20:07:59 \| 000,000,134 \| ---- \| M] () -- C:\Documents and Settings\Adas\Desktop\How to fix Google results hijacker (Google redirect) virus problem- - easy2resolve.com.url [2012/01/27 14:50:02 \| 000,002,255 \| ---- \| M] () -- C:\Documents and Settings\Adas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/01/27 14:07:31 \| 000,000,017 \| ---- \| M] () -- C:\WINDOWS\System32\shortcut_ex.dat [2012/01/27 11:23:44 \| 000,139,114 \| ---- \| M] () -- C:\Documents and Settings\Adas\Desktop\bookmarks_1_27_12.html [2012/01/27 10:46:02 \| 000,001,044 \| ---- \| M] () -- C:\Documents and Settings\Adas\Application Data\vso_ts_preview.xml [2012/01/26 22:24:22 \| 000,000,098 \| ---- \| M] () -- C:\Documents and Settings\Adas\Desktop\ARKive - Bald eagle video - Haliaeetus leucocephalus - 09d.url [2012/01/26 12:29:50 \| 000,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/01/26 11:51:41 \| 000,000,209 \| ---- \| M] () -- C:\Boot.bak [2012/01/25 08:04:06 \| 000,001,324 \| ---- \| M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/01/25 07:58:57 \| 000,000,552 \| ---- \| M] () -- C:\WINDOWS\System32\d3d8caps.dat [2012/01/25 07:52:16 \| 000,499,746 \| ---- \| M] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\census.cache [2012/01/25 07:52:13 \| 000,226,416 \| ---- \| M] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\ars.cache [2012/01/24 23:59:01 \| 000,023,624 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys [2012/01/24 23:19:10 \| 000,727,250 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\Cat.DB [2012/01/24 23:13:22 \| 000,512,992 \| ---- \| M] () -- C:\Documents and Settings\Adas\Desktop\sdasetup_revwire207.exe [2012/01/24 17:41:08 \| 000,007,017 \| ---- \| M] () -- C:\Documents and Settings\Adas\Desktop\images.jpg [2012/01/23 23:28:57 \| 000,486,406 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2012/01/23 23:28:57 \| 000,081,492 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2012/01/22 20:35:48 \| 734,013,440 \| ---- \| M] () -- C:\Documents and Settings\Adas\Desktop\Rogue Trader - The story of Nick Leeson.avi [2012/01/18 16:09:38 \| 000,000,148 \| ---- \| M] () -- C:\Documents and Settings\Adas\Desktop\rossmckitrick.url [2012/01/18 15:53:41 \| 000,001,374 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2012/01/15 09:33:21 \| 000,001,016 \| ---- \| M] () -- C:\Documents and Settings\All Users\Application Data\repository.xml [2012/01/09 20:07:44 \| 000,000,297 \| ---- \| M] () -- C:\Documents and Settings\Adas\Desktop\Greek Meatza with Creamy Feta, Kalamata Olives and Red Onion Mark's Daily Apple.url [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/02/01 13:27:40 \| 000,869,194 \| ---- \| C] () -- C:\Documents and Settings\Adas\Desktop\SecurityCheck.exe [2012/02/01 00:07:45 \| 000,000,338 \| ---- \| C] () -- C:\WINDOWS\System32\.crusader [2012/01/31 23:57:46 \| 000,023,624 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2012/01/31 23:57:45 \| 000,001,684 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk [2012/01/31 14:46:59 \| 000,000,171 \| ---- \| C] () -- C:\Documents and Settings\Adas\Desktop\Virus Redirects & prevents updates.url [2012/01/31 11:28:01 \| 000,000,195 \| ---- \| C] () -- C:\Documents and Settings\Adas\Desktop\Trojan Remover - Program Details.url [2012/01/31 11:20:09 \| 000,000,158 \| ---- \| C] () -- C:\Documents and Settings\Adas\Desktop\Internet browser redirecting [Solved] Kioskea.net.url [2012/01/31 06:59:12 \| 000,000,092 \| ---- \| C] () -- C:\Documents and Settings\Adas\Desktop\How To Easily Remove Google Redirect Virus.url [2012/01/27 20:21:31 \| 000,000,113 \| ---- \| C] () -- C:\Documents and Settings\Adas\Desktop\How do I remove a Google Redirect Virus-- My TrendMicro and Windows Defender are not finding it. - Google Groups.url [2012/01/27 20:07:59 \| 000,000,134 \| ---- \| C] () -- C:\Documents and Settings\Adas\Desktop\How to fix Google results hijacker (Google redirect) virus problem- - easy2resolve.com.url [2012/01/27 14:50:02 \| 000,002,255 \| ---- \| C] () -- C:\Documents and Settings\Adas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/01/27 14:07:31 \| 000,000,017 \| ---- \| C] () -- C:\WINDOWS\System32\shortcut_ex.dat [2012/01/27 11:23:44 \| 000,139,114 \| ---- \| C] () -- C:\Documents and Settings\Adas\Desktop\bookmarks_1_27_12.html [2012/01/26 22:24:22 \| 000,000,098 \| ---- \| C] () -- C:\Documents and Settings\Adas\Desktop\ARKive - Bald eagle video - Haliaeetus leucocephalus - 09d.url [2012/01/26 21:51:55 \| 000,001,044 \| ---- \| C] () -- C:\Documents and Settings\Adas\Application Data\vso_ts_preview.xml [2012/01/26 12:10:41 \| 000,000,209 \| ---- \| C] () -- C:\Boot.bak [2012/01/26 12:10:37 \| 000,260,272 \| RHS- \| C] () -- C:\cmldr [2012/01/26 12:08:04 \| 000,256,000 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2012/01/26 12:08:04 \| 000,208,896 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2012/01/26 12:08:04 \| 000,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2012/01/26 12:08:04 \| 000,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2012/01/26 12:08:04 \| 000,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2012/01/25 08:09:57 \| 3219,296,256 \| -HS- \| C] () -- C:\hiberfil.sys [2012/01/25 07:58:57 \| 000,000,552 \| ---- \| C] () -- C:\WINDOWS\System32\d3d8caps.dat [2012/01/24 23:59:01 \| 000,023,624 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys [2012/01/24 23:18:38 \| 000,727,250 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\Cat.DB [2012/01/24 23:15:29 \| 000,512,992 \| ---- \| C] () -- C:\Documents and Settings\Adas\Desktop\sdasetup_revwire207.exe [2012/01/24 17:41:15 \| 000,007,017 \| ---- \| C] () -- C:\Documents and Settings\Adas\Desktop\images.jpg [2012/01/23 18:11:47 \| 734,013,440 \| ---- \| C] () -- C:\Documents and Settings\Adas\Desktop\Rogue Trader - The story of Nick Leeson.avi [2012/01/15 09:33:21 \| 000,001,016 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml [2011/10/21 16:56:09 \| 000,118,870 \| ---- \| C] () -- C:\WINDOWS\hpoins30.dat [2011/10/21 16:56:09 \| 000,000,449 \| ---- \| C] () -- C:\WINDOWS\hpomdl30.dat [2011/09/15 20:00:22 \| 000,000,033 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2011/08/02 13:09:34 \| 000,499,746 \| ---- \| C] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\census.cache [2011/08/02 13:09:12 \| 000,226,416 \| ---- \| C] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\ars.cache [2011/02/24 00:50:44 \| 000,013,931 \| ---- \| C] () -- C:\WINDOWS\System32\RaCoInst.dat [2011/02/24 00:50:44 \| 000,013,931 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\RaCoInst.dat [2011/02/13 00:26:25 \| 000,442,528 \| ---- \| C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/08/27 09:50:40 \| 000,001,324 \| ---- \| C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/11/04 14:12:47 \| 000,000,770 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini [2009/10/08 02:09:57 \| 000,000,036 \| ---- \| C] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\housecall.guid.cache [2009/01/15 05:00:03 \| 000,066,544 \| -H-- \| C] () -- C:\WINDOWS\System32\mlfcache.dat [2008/11/03 17:44:43 \| 000,007,887 \| ---- \| C] () -- C:\Documents and Settings\Adas\Application Data\pcouffin.cat [2008/11/03 17:44:43 \| 000,001,144 \| ---- \| C] () -- C:\Documents and Settings\Adas\Application Data\pcouffin.inf [2008/08/27 09:04:59 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\PROTOCOL.INI [2008/08/27 09:00:53 \| 000,000,142 \| ---- \| C] () -- C:\WINDOWS\RealFlight.INI [2008/03/13 14:12:46 \| 000,000,077 \| ---- \| C] () -- C:\WINDOWS\slsetup.ini [2008/03/08 06:41:07 \| 000,000,032 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2008/01/22 23:16:28 \| 000,009,119 \| ---- \| C] () -- C:\Documents and Settings\Adas\Application Data\.googlewebacchosts [2007/11/10 23:11:32 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\ativpsrm.bin [2007/11/10 23:06:55 \| 000,593,920 \| ---- \| C] () -- C:\WINDOWS\System32\ati2sgag.exe [2007/11/08 10:12:18 \| 000,000,038 \| ---- \| C] () -- C:\WINDOWS\AviSplitter.INI [2007/10/01 07:28:15 \| 000,000,085 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2007/09/28 18:36:05 \| 003,107,788 \| ---- \| C] () -- C:\WINDOWS\System32\ativvaxx.dat [2007/09/28 18:36:05 \| 003,107,788 \| ---- \| C] () -- C:\WINDOWS\System32\ativva5x.dat [2007/09/28 18:36:05 \| 000,972,072 \| ---- \| C] () -- C:\WINDOWS\System32\ativva6x.dat [2007/09/24 07:39:58 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\graphedit.INI [2007/09/19 06:10:47 \| 000,067,584 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007/09/16 07:12:32 \| 000,000,067 \| ---- \| C] () -- C:\WINDOWS\Easy Video to DVD.INI [2007/08/30 23:16:42 \| 000,001,359 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/06/25 11:13:38 \| 000,000,116 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2006/05/04 23:34:05 \| 000,000,726 \| ---- \| C] () -- C:\WINDOWS\cdPlayer.ini [2006/01/17 14:47:13 \| 000,027,136 \| ---- \| C] () -- C:\WINDOWS\toFront.dll [2006/01/17 14:47:13 \| 000,026,624 \| ---- \| C] () -- C:\WINDOWS\GetIe.dll [2006/01/12 12:44:03 \| 000,076,800 \| ---- \| C] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/12/07 15:49:58 \| 000,000,026 \| ---- \| C] () -- C:\WINDOWS\FPKPMSV.INI [2005/11/30 16:01:26 \| 000,000,004 \| ---- \| C] () -- C:\WINDOWS\RM_RESULT.DAT [2005/11/30 16:01:16 \| 000,000,170 \| ---- \| C] () -- C:\WINDOWS\GetServer.ini [2005/10/20 17:44:34 \| 000,000,488 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2005/10/11 19:31:49 \| 000,000,002 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2005/10/11 19:09:34 \| 000,000,127 \| ---- \| C] () -- C:\Documents and Settings\Adas\Local Settings\Application Data\fusioncache.dat [2005/09/28 03:55:31 \| 000,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2005/09/28 03:50:37 \| 000,000,140 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2005/09/28 03:48:28 \| 000,000,335 \| ---- \| C] () -- C:\WINDOWS\nsreg.dat [2005/09/28 03:44:30 \| 000,000,231 \| ---- \| C] () -- C:\WINDOWS\AC3API.INI [2005/09/28 03:44:29 \| 001,048,576 \| ---- \| C] () -- C:\WINDOWS\System32\SFMAN.DAT [2005/09/28 03:44:22 \| 000,003,278 \| ---- \| C] () -- C:\WINDOWS\System32\LudaP17.ini [2005/09/28 03:44:22 \| 000,000,029 \| ---- \| C] () -- C:\WINDOWS\System32\ctzapxx.ini [2005/09/28 03:44:17 \| 000,000,072 \| ---- \| C] () -- C:\WINDOWS\SBWIN.INI [2005/09/28 03:21:24 \| 000,064,512 \| ---- \| C] () -- C:\WINDOWS\System32\P17.dll [2005/09/28 03:21:24 \| 000,053,248 \| ---- \| C] () -- C:\WINDOWS\System32\P17CPI.dll [2005/09/28 03:21:14 \| 000,049,152 \| ---- \| C] () -- C:\WINDOWS\setpwrcg.exe [2005/09/28 03:21:10 \| 000,087,540 \| ---- \| C] () -- C:\WINDOWS\System32\atiicdxx.dat [2005/09/28 03:20:42 \| 000,000,394 \| ---- \| C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/08/05 13:01:54 \| 000,235,008 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/05/03 11:44:44 \| 000,025,157 \| ---- \| C] () -- C:\WINDOWS\RMAgentOutput.dll [2005/05/03 11:43:44 \| 000,126,976 \| ---- \| C] () -- C:\WINDOWS\dllTSCLIBMT.dll [2005/04/09 14:04:54 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [2005/03/03 16:16:42 \| 000,000,256 \| ---- \| C] () -- C:\WINDOWS\aucfg.ini [2005/02/03 19:59:48 \| 000,118,784 \| ---- \| C] () -- C:\WINDOWS\System32\metaflac.exe [2005/02/03 19:59:44 \| 000,217,088 \| ---- \| C] () -- C:\WINDOWS\System32\flac.exe [2004/10/01 17:33:46 \| 000,000,679 \| ---- \| C] () -- C:\WINDOWS\TSC.ini [2004/08/19 13:20:39 \| 000,000,791 \| ---- \| C] () -- C:\WINDOWS\orun32.ini [2004/08/19 13:12:27 \| 000,002,048 \| --S- \| C] () -- C:\WINDOWS\bootstat.dat [2004/08/19 13:03:04 \| 000,021,640 \| ---- \| C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/19 13:01:43 \| 000,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/19 12:57:50 \| 000,004,161 \| ---- \| C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/19 12:57:07 \| 000,329,888 \| ---- \| C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/19 12:49:51 \| 000,004,569 \| ---- \| C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/19 12:49:47 \| 000,486,406 \| ---- \| C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/19 12:49:47 \| 000,272,128 \| ---- \| C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/19 12:49:47 \| 000,081,492 \| ---- \| C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/19 12:49:47 \| 000,028,626 \| ---- \| C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/19 12:49:47 \| 000,004,627 \| ---- \| C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/19 12:49:44 \| 013,107,200 \| ---- \| C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/19 12:49:43 \| 000,000,741 \| ---- \| C] () -- C:\WINDOWS\System32\noise.dat [2004/08/19 12:49:38 \| 000,673,088 \| ---- \| C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/19 12:49:38 \| 000,046,258 \| ---- \| C] () -- C:\WINDOWS\System32\mib.bin [2004/08/19 12:49:30 \| 000,218,003 \| ---- \| C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/19 12:49:22 \| 000,001,804 \| ---- \| C] () -- C:\WINDOWS\System32\dcache.bin [2002/10/15 14:54:04 \| 000,153,088 \| ---- \| C] () -- C:\WINDOWS\System32\unrar.dll [2002/07/04 15:05:34 \| 000,000,269 \| ---- \| C] () -- C:\WINDOWS\tmupdate.ini [2002/05/17 14:18:30 \| 000,124,928 \| ---- \| C] () -- C:\WINDOWS\System32\mp4fil32.dll [2001/12/14 13:34:46 \| 000,164,864 \| ---- \| C] () -- C:\WINDOWS\patchw32.dll [1999/07/23 13:46:48 \| 000,000,116 \| ---- \| C] () -- C:\WINDOWS\AuHCcup1.ini [1999/07/23 10:53:20 \| 000,129,536 \| ---- \| C] () -- C:\WINDOWS\AuHCcup1.dll [color=#E56717]========== LOP Check ==========[/color] [2010/04/07 21:32:55 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\AnvSoft [2011/09/29 08:15:29 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\AVG2012 [2007/12/24 07:36:00 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\Azureus [2010/04/08 07:07:57 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\CocoonSoftware [2010/01/25 08:16:59 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/02/24 22:56:33 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\HandBrake [2010/03/01 12:57:50 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\ieSpell [2007/11/16 15:24:45 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\ImgBurn [2012/01/31 11:42:22 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\IObit [2009/03/01 17:44:32 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\LaCie [2006/02/25 07:49:19 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\Leadertech [2011/10/05 06:17:47 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\M8 Software [2007/10/22 13:36:33 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\MSNInstaller [2010/05/10 05:42:14 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\NVD [2007/09/26 07:23:39 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\OverDrive [2012/01/15 09:35:24 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\PerformerSoft [2007/11/08 09:30:21 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\Seven Zip [2011/08/18 02:15:13 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\SoftGrid Client [2009/01/28 16:45:10 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\Softland [2010/05/10 05:42:03 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\TP [2008/12/10 05:09:23 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\TuneUp Software [2009/04/30 05:52:51 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1 [2012/02/01 11:40:07 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\uTorrent [2012/01/27 10:46:04 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\Vso [2008/07/29 14:52:01 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Adas\Application Data\Windows Search [2009/06/25 11:57:12 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2011/09/29 08:25:00 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2011/04/30 23:15:10 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2011/03/02 18:48:54 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool [2010/11/17 06:15:17 \| 000,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2011/03/14 07:23:45 \| 000,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/01/23 23:28:56 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\crowsoft [2007/10/01 07:28:24 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes [2009/11/04 14:12:44 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP [2012/02/01 00:07:55 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2012/01/24 23:59:02 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2012/02/01 08:13:59 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2010/04/08 07:08:40 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter [2010/04/30 18:06:39 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone [2012/01/27 14:35:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/12/10 05:08:50 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010/05/10 07:54:23 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications [2008/11/21 18:19:26 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\vsosdk [2007/07/09 06:10:36 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Yahoo [2009/03/14 04:56:49 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2010/04/11 08:45:48 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2008/12/10 05:07:37 \| 000,000,000 \| -HSD \| M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} [2009/09/17 19:56:13 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/04/16 19:50:48 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2011/04/30 23:22:53 \| 000,000,330 \| -H-- \| M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2012/02/01 07:13:13 \| 000,000,420 \| -H-- \| M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{91698C7F-12F0-4233-8367-1B419D53299C}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\Adas\Desktop\ThrillerWalnutCreek.mp4:SummaryInformation @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 Any help would be greatly appreciated.
	to forum · permalink · 2012-02-01 23:03:55 ·
Mark8g join:2012-02-01	Re: [Rootkit] I give up - redirect / Malware? virus? Trojan? Roo ~ ~ ~ checkup.txt Results of screen317's Security Check version 0.99.24 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` [u]Antivirus/Firewall Check:[/u] Windows Firewall Enabled! AVG 2012 Antivirus up to date! ``````````````````````````````` [u]Anti-malware/Other Utilities Check:[/u] Java(TM) 6 Update 20 [color=red]Out of date Java installed![/color] Adobe Flash Player ( 10.0.45.2) [color=red]Flash Player Out of Date![/color] ```````````````````````````````` Process Check: [u]objlist.exe by Laurent[/u] AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe ``````````End of Log```````````` ~ ~ ~ ~ Extras.log OTL Extras logfile created on: 2/1/2012 4:00:20 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Adas\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.00 Gb Total Physical Memory \| 2.37 Gb Available Physical Memory \| 79.14% Memory free 5.84 Gb Paging File \| 5.32 Gb Available in Paging File \| 91.05% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 228.13 Gb Total Space \| 97.61 Gb Free Space \| 42.79% Space Free \| Partition Type: NTFS Drive D: \| 465.76 Gb Total Space \| 58.86 Gb Free Space \| 12.64% Space Free \| Partition Type: NTFS Computer Name: ADAS \| User Name: Adas \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP "3587:TCP" = 3587:TCP::Enabled:Windows Peer-to-Peer Grouping "3540:UDP" = 3540:UDP::Enabled:Peer Name Resolution Protocol (PNRP) "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "55061:TCP" = 55061:TCP::Enabled:uTorr "55061:UDP" = 55061:UDP::Enabled:uTorr "5985:TCP" = 5985:TCP::Disabled:Windows Remote Management "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP "3587:TCP" = 3587:TCP::Disabled:Windows Peer-to-Peer Grouping "3540:UDP" = 3540:UDP::Enabled:Peer Name Resolution Protocol (PNRP) "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Documents and Settings\Adas\Local Settings\Temp\7zS2913\setup\hpznui01.exe" = C:\Documents and Settings\Adas\Local Settings\Temp\7zS2913\setup\hpznui01.exe::Enabled:hpznui01.exe "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe::Enabled:hpqtra08.exe "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe::Enabled:hpqste08.exe "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe::Enabled:hposid01.exe "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe::Enabled:hpoews01.exe "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe::Enabled:hpqphotocrm.exe "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe::Enabled:hpqpsapp.exe "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe::Enabled:hpqcopy2.exe "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe::Enabled:hpqpse.exe "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe::Enabled:hpqsudi.exe "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe::Enabled:hpqgplgtupl.exe "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe::Enabled:hpqgpc01.exe "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe::Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe::Enabled:hpiscnapp.exe -- (Hewlett-Packard) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe::Enabled:Google Talk Plugin -- (Google) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe::Enabled:ÂµTorrent -- (BitTorrent, Inc.) "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe::Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe::Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe::Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe::Enabled:WebKit -- (Apple Inc.) "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe::Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe::Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe::Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver 12.0 Rel .4 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition "{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta) "{20140062-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - English "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}" = Medialink MWN-USB150N "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer "{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012 "{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193j "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" = "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007 "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007 "{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "AC3Filter" = AC3Filter (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = ATI - Software Uninstall Utility "AoA Audio Extractor_is1" = AoA Audio Extractor 1.0 "ATI Display Driver" = ATI Display Driver "AVG" = AVG 2012 "AviSynth" = AviSynth 2.5 "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DirectVobSub" = DirectVobSub (remove only) "doPDF 6 printer_is1" = doPDF 6.1 printer "DS-Monkey Audio Source" = DS-Monkey Audio Source 1.00 "DVD Flick_is1" = DVD Flick "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON Printer Software "ffdshow_is1" = ffdshow [rev 2792] [2009-03-20] "Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight "HandBrake" = HandBrake 0.9.3 "HitmanPro35" = Hitman Pro 3.5 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "ieSpell" = ieSpell "ImgBurn" = ImgBurn "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem "KLiteCodecPack_is1" = K-Lite Codec Pack 3.3.0 Full "M8 Free Clipboard" = M8 Free Clipboard "M8 Free Multi Clipboard" = M8 Free Multi Clipboard "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta) "Picasa 3" = Picasa 3 "PokerStars.net" = PokerStars.net "PRJPRO" = Microsoft Office Project Professional 2007 "PROSetDX" = Intel(R) PRO Network Connections Software v9.2.4.11 "Qlock" = Qlock Lite "Series 7 Exam For Dummies" = Series 7 Exam For Dummies "SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1 "TagScanner_is1" = TagScanner 4.9 build 497b Beta "uTorrent" = ÂµTorrent "VLC media player" = VLC media player 1.1.11 "VobSub" = VobSub v2.23 (Remove Only) "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "winusb0100" = Microsoft WinUsb 1.0 "WMCSetup" = Windows Media Connect "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "TWS Beta (Build 8841)" = TWS Beta (Build 8841) [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ OSession Events ] Error - 11/23/2008 8:33:06 PM \| Computer Name = ADAS \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8065 seconds with 1080 seconds of active time. This session ended with a crash. Error - 12/19/2008 3:29:31 PM \| Computer Name = ADAS \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8105 seconds with 960 seconds of active time. This session ended with a crash. Error - 1/17/2009 1:44:38 PM \| Computer Name = ADAS \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3011 seconds with 540 seconds of active time. This session ended with a crash. Error - 1/17/2009 1:50:54 PM \| Computer Name = ADAS \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 362 seconds with 300 seconds of active time. This session ended with a crash. Error - 1/17/2009 1:51:15 PM \| Computer Name = ADAS \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash. Error - 1/25/2009 4:38:50 PM \| Computer Name = ADAS \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19975 seconds with 120 seconds of active time. This session ended with a crash. Error - 5/5/2009 3:44:45 AM \| Computer Name = ADAS \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28 seconds with 0 seconds of active time. This session ended with a crash. Error - 5/6/2009 11:54:35 PM \| Computer Name = ADAS \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3850 seconds with 60 seconds of active time. This session ended with a crash. Error - 5/21/2009 11:25:45 AM \| Computer Name = ADAS \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 64241 seconds with 420 seconds of active time. This session ended with a crash. Error - 8/21/2009 12:55:09 PM \| Computer Name = ADAS \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 144 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 2/1/2012 4:19:15 PM \| Computer Name = ADAS \| Source = Service Control Manager \| ID = 7000 Description = The TLRecAgent service failed to start due to the following error: %%2 Error - 2/1/2012 4:24:19 PM \| Computer Name = ADAS \| Source = Service Control Manager \| ID = 7034 Description = The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s). Error - 2/1/2012 4:24:19 PM \| Computer Name = ADAS \| Source = Service Control Manager \| ID = 7034 Description = The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). Error - 2/1/2012 4:24:19 PM \| Computer Name = ADAS \| Source = Service Control Manager \| ID = 7034 Description = The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s). Error - 2/1/2012 4:24:19 PM \| Computer Name = ADAS \| Source = Service Control Manager \| ID = 7034 Description = The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error - 2/1/2012 4:24:19 PM \| Computer Name = ADAS \| Source = Service Control Manager \| ID = 7034 Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 2/1/2012 4:24:19 PM \| Computer Name = ADAS \| Source = Service Control Manager \| ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 2/1/2012 4:24:19 PM \| Computer Name = ADAS \| Source = Service Control Manager \| ID = 7034 Description = The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s). Error - 2/1/2012 4:24:19 PM \| Computer Name = ADAS \| Source = Service Control Manager \| ID = 7034 Description = The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s). Error - 2/1/2012 4:24:24 PM \| Computer Name = ADAS \| Source = Service Control Manager \| ID = 7034 Description = The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
	to forum · permalink · 2012-02-01 23:09:58 ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:51 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Team Discovery	In addition to those logs, can you also run: (you can try safe mode with networking if needed) Try to download and run TDSS Killer (#4), posting the log in your next reply - is there another accessible known good pc to download it to? We'll need the entire log, even if you 'think/see' nothing detected. »Security Cleanup FAQ »Rootkit Detection Applications -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	to forum · permalink · 2012-02-01 23:14:00 ·
Mark8g join:2012-02-01	Step 4 is Download Security Check, saving it to your Desktop This is the log. Results of screen317's Security Check version 0.99.24 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` [u]Antivirus/Firewall Check:[/u] Windows Firewall Enabled! AVG 2012 Antivirus up to date! ``````````````````````````````` [u]Anti-malware/Other Utilities Check:[/u] Java(TM) 6 Update 20 [color=red]Out of date Java installed![/color] Adobe Flash Player ( 10.0.45.2) [color=red]Flash Player Out of Date![/color] ```````````````````````````````` Process Check: [u]objlist.exe by Laurent[/u] AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe ``````````End of Log````````````
	to forum · permalink · 2012-02-01 23:23:14 ·
Mark8g join:2012-02-01	reply to lilhurricane TDSSKiller report 20:24:49.0478 0656 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49 20:24:50.0228 0656 ============================================================ 20:24:50.0228 0656 Current date / time: 2012/02/01 20:24:50.0228 20:24:50.0228 0656 SystemInfo: 20:24:50.0228 0656 20:24:50.0228 0656 OS Version: 5.1.2600 ServicePack: 3.0 20:24:50.0228 0656 Product type: Workstation 20:24:50.0228 0656 ComputerName: ADAS 20:24:50.0228 0656 UserName: Adas 20:24:50.0228 0656 Windows directory: C:\WINDOWS 20:24:50.0228 0656 System windows directory: C:\WINDOWS 20:24:50.0228 0656 Processor architecture: Intel x86 20:24:50.0228 0656 Number of processors: 2 20:24:50.0228 0656 Page size: 0x1000 20:24:50.0228 0656 Boot type: Normal boot 20:24:50.0228 0656 ============================================================ 20:24:52.0666 0656 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:24:52.0682 0656 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:24:52.0728 0656 \Device\Harddisk0\DR0: 20:24:52.0728 0656 MBR used 20:24:52.0728 0656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1C844A15 20:24:52.0728 0656 \Device\Harddisk1\DR1: 20:24:52.0744 0656 MBR used 20:24:52.0744 0656 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02 20:24:53.0119 0656 Initialize success 20:24:53.0119 0656 ============================================================ 20:25:05.0307 4068 ============================================================ 20:25:05.0307 4068 Scan started 20:25:05.0307 4068 Mode: Manual; SigCheck; TDLFS; 20:25:05.0307 4068 ============================================================ 20:25:05.0807 4068 Abiosdsk - ok 20:25:05.0900 4068 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 20:25:08.0275 4068 abp480n5 - ok 20:25:08.0353 4068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:25:08.0635 4068 ACPI - ok 20:25:08.0728 4068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:25:08.0900 4068 ACPIEC - ok 20:25:09.0010 4068 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 20:25:09.0150 4068 adpu160m - ok 20:25:09.0244 4068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:25:09.0432 4068 aec - ok 20:25:09.0510 4068 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys 20:25:09.0557 4068 AegisP ( UnsignedFile.Multi.Generic ) - warning 20:25:09.0557 4068 AegisP - detected UnsignedFile.Multi.Generic (1) 20:25:09.0635 4068 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 20:25:09.0697 4068 AFD - ok 20:25:09.0760 4068 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 20:25:09.0916 4068 agp440 - ok 20:25:10.0057 4068 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 20:25:10.0228 4068 agpCPQ - ok 20:25:10.0275 4068 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 20:25:10.0385 4068 Aha154x - ok 20:25:10.0432 4068 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 20:25:10.0603 4068 aic78u2 - ok 20:25:10.0650 4068 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 20:25:10.0791 4068 aic78xx - ok 20:25:10.0885 4068 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 20:25:11.0057 4068 AliIde - ok 20:25:11.0182 4068 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 20:25:11.0353 4068 alim1541 - ok 20:25:11.0400 4068 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 20:25:11.0572 4068 amdagp - ok 20:25:11.0603 4068 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 20:25:11.0682 4068 amsint - ok 20:25:11.0807 4068 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 20:25:11.0963 4068 asc - ok 20:25:12.0041 4068 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 20:25:12.0119 4068 asc3350p - ok 20:25:12.0197 4068 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 20:25:12.0369 4068 asc3550 - ok 20:25:12.0432 4068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:25:12.0603 4068 AsyncMac - ok 20:25:12.0635 4068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:25:12.0791 4068 atapi - ok 20:25:12.0807 4068 Atdisk - ok 20:25:12.0932 4068 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 20:25:13.0166 4068 ati2mtag - ok 20:25:13.0322 4068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:25:13.0463 4068 Atmarpc - ok 20:25:13.0603 4068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:25:13.0760 4068 audstub - ok 20:25:13.0838 4068 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 20:25:14.0088 4068 AVGIDSDriver - ok 20:25:14.0166 4068 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 20:25:14.0197 4068 AVGIDSEH - ok 20:25:14.0260 4068 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20:25:14.0275 4068 AVGIDSFilter - ok 20:25:14.0635 4068 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20:25:14.0869 4068 AVGIDSShim - ok 20:25:15.0166 4068 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 20:25:15.0182 4068 Avgldx86 - ok 20:25:15.0228 4068 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 20:25:15.0244 4068 Avgmfx86 - ok 20:25:15.0307 4068 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 20:25:15.0322 4068 Avgrkx86 - ok 20:25:15.0385 4068 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 20:25:15.0400 4068 Avgtdix - ok 20:25:15.0432 4068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:25:15.0588 4068 Beep - ok 20:25:15.0603 4068 bvrp_pci - ok 20:25:15.0822 4068 catchme - ok 20:25:15.0916 4068 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 20:25:16.0057 4068 cbidf - ok 20:25:16.0088 4068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:25:16.0228 4068 cbidf2k - ok 20:25:16.0275 4068 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 20:25:16.0369 4068 cd20xrnt - ok 20:25:16.0400 4068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:25:16.0557 4068 Cdaudio - ok 20:25:16.0775 4068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:25:16.0963 4068 Cdfs - ok 20:25:17.0119 4068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:25:17.0275 4068 Cdrom - ok 20:25:17.0338 4068 Changer - ok 20:25:17.0400 4068 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 20:25:17.0572 4068 CmdIde - ok 20:25:17.0619 4068 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 20:25:17.0760 4068 Cpqarray - ok 20:25:17.0885 4068 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 20:25:17.0978 4068 ctsfm2k - ok 20:25:18.0135 4068 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 20:25:18.0307 4068 dac2w2k - ok 20:25:18.0400 4068 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 20:25:18.0572 4068 dac960nt - ok 20:25:18.0713 4068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 20:25:18.0853 4068 Disk - ok 20:25:18.0932 4068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 20:25:19.0213 4068 dmboot - ok 20:25:19.0244 4068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 20:25:19.0400 4068 dmio - ok 20:25:19.0478 4068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:25:19.0635 4068 dmload - ok 20:25:19.0713 4068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:25:19.0853 4068 DMusic - ok 20:25:19.0932 4068 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 20:25:20.0103 4068 dpti2o - ok 20:25:20.0150 4068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:25:20.0291 4068 drmkaud - ok 20:25:20.0416 4068 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys 20:25:20.0447 4068 drvmcdb ( UnsignedFile.Multi.Generic ) - warning 20:25:20.0447 4068 drvmcdb - detected UnsignedFile.Multi.Generic (1) 20:25:20.0478 4068 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys 20:25:20.0510 4068 drvnddm ( UnsignedFile.Multi.Generic ) - warning 20:25:20.0510 4068 drvnddm - detected UnsignedFile.Multi.Generic (1) 20:25:20.0635 4068 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 20:25:20.0682 4068 DSproct ( UnsignedFile.Multi.Generic ) - warning 20:25:20.0682 4068 DSproct - detected UnsignedFile.Multi.Generic (1) 20:25:20.0775 4068 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys 20:25:20.0838 4068 E100B - ok 20:25:20.0963 4068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:25:21.0166 4068 Fastfat - ok 20:25:21.0275 4068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 20:25:21.0447 4068 Fdc - ok 20:25:21.0525 4068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 20:25:21.0666 4068 Fips - ok 20:25:21.0728 4068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20:25:21.0853 4068 Flpydisk - ok 20:25:21.0963 4068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 20:25:22.0197 4068 FltMgr - ok 20:25:22.0228 4068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:25:22.0369 4068 Fs_Rec - ok 20:25:22.0494 4068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:25:22.0650 4068 Ftdisk - ok 20:25:22.0713 4068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 20:25:22.0728 4068 GEARAspiWDM - ok 20:25:22.0775 4068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:25:22.0916 4068 Gpc - ok 20:25:23.0025 4068 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys 20:25:23.0197 4068 HidIr - ok 20:25:23.0307 4068 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:25:23.0447 4068 HidUsb - ok 20:25:23.0541 4068 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\WINDOWS\system32\drivers\hitmanpro35.sys 20:25:23.0557 4068 hitmanpro35 - ok 20:25:23.0635 4068 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 20:25:23.0775 4068 hpn - ok 20:25:23.0822 4068 HTCAND32 - ok 20:25:23.0916 4068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 20:25:24.0010 4068 HTTP - ok 20:25:24.0119 4068 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 20:25:24.0260 4068 i2omgmt - ok 20:25:24.0307 4068 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 20:25:24.0478 4068 i2omp - ok 20:25:24.0572 4068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:25:24.0744 4068 i8042prt - ok 20:25:24.0791 4068 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys 20:25:24.0994 4068 iastor - ok 20:25:25.0072 4068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:25:25.0197 4068 Imapi - ok 20:25:25.0307 4068 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 20:25:25.0478 4068 ini910u - ok 20:25:25.0603 4068 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys 20:25:25.0760 4068 IntelC51 - ok 20:25:25.0807 4068 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys 20:25:25.0916 4068 IntelC52 - ok 20:25:25.0947 4068 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys 20:25:25.0978 4068 IntelC53 - ok 20:25:26.0119 4068 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 20:25:26.0275 4068 IntelIde - ok 20:25:26.0338 4068 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:25:26.0478 4068 intelppm - ok 20:25:26.0525 4068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 20:25:26.0682 4068 Ip6Fw - ok 20:25:26.0963 4068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:25:27.0182 4068 IpFilterDriver - ok 20:25:27.0291 4068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:25:27.0432 4068 IpInIp - ok 20:25:27.0525 4068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:25:27.0682 4068 IpNat - ok 20:25:27.0775 4068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:25:27.0916 4068 IPSec - ok 20:25:27.0994 4068 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys 20:25:28.0228 4068 IrBus - ok 20:25:28.0322 4068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:25:28.0463 4068 IRENUM - ok 20:25:28.0541 4068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:25:28.0682 4068 isapnp - ok 20:25:28.0744 4068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:25:28.0885 4068 Kbdclass - ok 20:25:28.0916 4068 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 20:25:29.0057 4068 kbdhid - ok 20:25:29.0182 4068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:25:29.0322 4068 kmixer - ok 20:25:29.0400 4068 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 20:25:29.0541 4068 KSecDD - ok 20:25:29.0619 4068 lbrtfdc - ok 20:25:29.0713 4068 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 20:25:29.0728 4068 MBAMProtector - ok 20:25:29.0838 4068 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 20:25:29.0900 4068 MHNDRV ( UnsignedFile.Multi.Generic ) - warning 20:25:29.0900 4068 MHNDRV - detected UnsignedFile.Multi.Generic (1) 20:25:29.0963 4068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:25:30.0119 4068 mnmdd - ok 20:25:30.0213 4068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 20:25:30.0369 4068 Modem - ok 20:25:30.0494 4068 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 20:25:30.0635 4068 MODEMCSA - ok 20:25:30.0713 4068 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys 20:25:30.0744 4068 mohfilt - ok 20:25:30.0822 4068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:25:30.0978 4068 Mouclass - ok 20:25:31.0166 4068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:25:31.0322 4068 mouhid - ok 20:25:31.0400 4068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:25:31.0557 4068 MountMgr - ok 20:25:31.0666 4068 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 20:25:31.0838 4068 mraid35x - ok 20:25:31.0885 4068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:25:32.0057 4068 MRxDAV - ok 20:25:32.0166 4068 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:25:32.0353 4068 MRxSmb - ok 20:25:32.0400 4068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:25:32.0557 4068 Msfs - ok 20:25:32.0666 4068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:25:32.0807 4068 MSKSSRV - ok 20:25:32.0869 4068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:25:33.0057 4068 MSPCLOCK - ok 20:25:33.0135 4068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:25:33.0307 4068 MSPQM - ok 20:25:33.0432 4068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:25:33.0572 4068 mssmbios - ok 20:25:33.0697 4068 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 20:25:33.0760 4068 Mup - ok 20:25:33.0853 4068 NAL (9121d8ffff773c66bbf4955e4f7aac23) C:\WINDOWS\system32\Drivers\iqvw32.sys 20:25:33.0900 4068 NAL ( UnsignedFile.Multi.Generic ) - warning 20:25:33.0900 4068 NAL - detected UnsignedFile.Multi.Generic (1) 20:25:33.0978 4068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 20:25:34.0260 4068 NDIS - ok 20:25:34.0385 4068 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:25:34.0447 4068 NdisTapi - ok 20:25:34.0525 4068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:25:34.0666 4068 Ndisuio - ok 20:25:34.0744 4068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:25:34.0916 4068 NdisWan - ok 20:25:35.0150 4068 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 20:25:35.0213 4068 NDProxy - ok 20:25:35.0260 4068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:25:35.0400 4068 NetBIOS - ok 20:25:35.0463 4068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:25:35.0619 4068 NetBT - ok 20:25:35.0697 4068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:25:35.0838 4068 Npfs - ok 20:25:35.0916 4068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 20:25:36.0103 4068 Ntfs - ok 20:25:36.0182 4068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:25:36.0322 4068 Null - ok 20:25:36.0400 4068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:25:36.0572 4068 NwlnkFlt - ok 20:25:36.0697 4068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:25:36.0869 4068 NwlnkFwd - ok 20:25:36.0963 4068 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys 20:25:36.0978 4068 omci ( UnsignedFile.Multi.Generic ) - warning 20:25:36.0978 4068 omci - detected UnsignedFile.Multi.Generic (1) 20:25:37.0119 4068 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 20:25:37.0135 4068 ossrv - ok 20:25:37.0228 4068 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys 20:25:37.0338 4068 P17 - ok 20:25:37.0416 4068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 20:25:37.0588 4068 Parport - ok 20:25:37.0650 4068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:25:37.0807 4068 PartMgr - ok 20:25:37.0900 4068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 20:25:38.0150 4068 ParVdm - ok 20:25:38.0291 4068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 20:25:38.0494 4068 PCI - ok 20:25:38.0541 4068 PCIDump - ok 20:25:38.0557 4068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:25:38.0713 4068 PCIIde - ok 20:25:38.0760 4068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 20:25:38.0916 4068 Pcmcia - ok 20:25:39.0041 4068 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys 20:25:39.0072 4068 pcouffin ( UnsignedFile.Multi.Generic ) - warning 20:25:39.0072 4068 pcouffin - detected UnsignedFile.Multi.Generic (1) 20:25:39.0119 4068 PDCOMP - ok 20:25:39.0228 4068 PDFRAME - ok 20:25:39.0307 4068 PDRELI - ok 20:25:39.0353 4068 PDRFRAME - ok 20:25:39.0400 4068 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 20:25:39.0525 4068 perc2 - ok 20:25:39.0619 4068 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 20:25:39.0775 4068 perc2hib - ok 20:25:39.0869 4068 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys 20:25:39.0885 4068 PfModNT - ok 20:25:39.0963 4068 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys 20:25:40.0072 4068 pnetmdm ( UnsignedFile.Multi.Generic ) - warning 20:25:40.0072 4068 pnetmdm - detected UnsignedFile.Multi.Generic (1) 20:25:40.0213 4068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:25:40.0353 4068 PptpMiniport - ok 20:25:40.0385 4068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:25:40.0525 4068 PSched - ok 20:25:40.0635 4068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:25:40.0791 4068 Ptilink - ok 20:25:40.0869 4068 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 20:25:40.0885 4068 PxHelp20 - ok 20:25:40.0932 4068 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 20:25:41.0072 4068 ql1080 - ok 20:25:41.0166 4068 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 20:25:41.0307 4068 Ql10wnt - ok 20:25:41.0385 4068 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 20:25:41.0557 4068 ql12160 - ok 20:25:41.0650 4068 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 20:25:41.0807 4068 ql1240 - ok 20:25:41.0885 4068 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 20:25:42.0057 4068 ql1280 - ok 20:25:42.0135 4068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:25:42.0275 4068 RasAcd - ok 20:25:42.0353 4068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:25:42.0510 4068 Rasl2tp - ok 20:25:42.0588 4068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:25:42.0713 4068 RasPppoe - ok 20:25:42.0744 4068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:25:42.0885 4068 Raspti - ok 20:25:42.0978 4068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:25:43.0275 4068 Rdbss - ok 20:25:43.0369 4068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:25:43.0510 4068 RDPCDD - ok 20:25:43.0635 4068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:25:43.0807 4068 rdpdr - ok 20:25:43.0963 4068 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 20:25:44.0057 4068 RDPWD - ok 20:25:44.0135 4068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:25:44.0291 4068 redbook - ok 20:25:44.0369 4068 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 20:25:44.0510 4068 ROOTMODEM - ok 20:25:44.0650 4068 rt2870 (ee5ad71a1f576d4d58d8d014560eb856) C:\WINDOWS\system32\DRIVERS\rt2870.sys 20:25:44.0791 4068 rt2870 - ok 20:25:44.0900 4068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:25:45.0057 4068 Secdrv - ok 20:25:45.0166 4068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 20:25:45.0338 4068 serenum - ok 20:25:45.0432 4068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 20:25:45.0572 4068 Serial - ok 20:25:45.0666 4068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:25:45.0807 4068 Sfloppy - ok 20:25:46.0057 4068 sftfs (21fd68e11d15ac0c4b3a0846e39be565) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfsXP.sys 20:25:46.0103 4068 sftfs - ok 20:25:46.0150 4068 sftplay (38fd811e7f58250916548031bd9308d0) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayXP.sys 20:25:46.0182 4068 sftplay - ok 20:25:46.0275 4068 Sftredir (1f13f3c7907588d017299b008eeed06c) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys 20:25:46.0291 4068 Sftredir - ok 20:25:46.0307 4068 sftvol (634274439e8701799f6fce42933cdb06) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvolXP.sys 20:25:46.0322 4068 sftvol - ok 20:25:46.0369 4068 Simbad - ok 20:25:46.0432 4068 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 20:25:46.0603 4068 sisagp - ok 20:25:46.0775 4068 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 20:25:46.0963 4068 Sparrow - ok 20:25:47.0150 4068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:25:47.0307 4068 splitter - ok 20:25:47.0353 4068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 20:25:47.0510 4068 sr - ok 20:25:47.0557 4068 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 20:25:47.0666 4068 Srv - ok 20:25:47.0760 4068 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 20:25:47.0775 4068 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning 20:25:47.0775 4068 sscdbhk5 - detected UnsignedFile.Multi.Generic (1) 20:25:47.0822 4068 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 20:25:47.0838 4068 ssrtln ( UnsignedFile.Multi.Generic ) - warning 20:25:47.0838 4068 ssrtln - detected UnsignedFile.Multi.Generic (1) 20:25:47.0916 4068 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 20:25:48.0041 4068 StillCam - ok 20:25:48.0275 4068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:25:48.0447 4068 swenum - ok 20:25:48.0525 4068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:25:48.0666 4068 swmidi - ok 20:25:48.0807 4068 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 20:25:48.0978 4068 symc810 - ok 20:25:49.0150 4068 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 20:25:49.0291 4068 symc8xx - ok 20:25:49.0385 4068 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 20:25:49.0557 4068 sym_hi - ok 20:25:49.0650 4068 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 20:25:49.0791 4068 sym_u3 - ok 20:25:49.0900 4068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:25:50.0041 4068 sysaudio - ok 20:25:50.0182 4068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:25:50.0369 4068 Tcpip - ok 20:25:50.0432 4068 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 20:25:50.0478 4068 Tcpip6 - ok 20:25:50.0541 4068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:25:50.0713 4068 TDPIPE - ok 20:25:50.0838 4068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:25:51.0010 4068 TDTCP - ok 20:25:51.0135 4068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:25:51.0275 4068 TermDD - ok 20:25:51.0432 4068 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys 20:25:51.0447 4068 tfsnboio ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0447 4068 tfsnboio - detected UnsignedFile.Multi.Generic (1) 20:25:51.0478 4068 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys 20:25:51.0510 4068 tfsncofs ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0510 4068 tfsncofs - detected UnsignedFile.Multi.Generic (1) 20:25:51.0541 4068 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys 20:25:51.0557 4068 tfsndrct ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0557 4068 tfsndrct - detected UnsignedFile.Multi.Generic (1) 20:25:51.0603 4068 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys 20:25:51.0619 4068 tfsndres ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0619 4068 tfsndres - detected UnsignedFile.Multi.Generic (1) 20:25:51.0650 4068 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys 20:25:51.0666 4068 tfsnifs ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0666 4068 tfsnifs - detected UnsignedFile.Multi.Generic (1) 20:25:51.0682 4068 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys 20:25:51.0713 4068 tfsnopio ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0713 4068 tfsnopio - detected UnsignedFile.Multi.Generic (1) 20:25:51.0744 4068 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys 20:25:51.0760 4068 tfsnpool ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0760 4068 tfsnpool - detected UnsignedFile.Multi.Generic (1) 20:25:51.0791 4068 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys 20:25:51.0822 4068 tfsnudf ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0822 4068 tfsnudf - detected UnsignedFile.Multi.Generic (1) 20:25:51.0853 4068 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys 20:25:51.0869 4068 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0869 4068 tfsnudfa - detected UnsignedFile.Multi.Generic (1) 20:25:51.0900 4068 TLRecAgent - ok 20:25:51.0963 4068 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 20:25:52.0088 4068 TosIde - ok 20:25:52.0135 4068 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 20:25:52.0291 4068 tunmp - ok 20:25:52.0322 4068 UALFDrv2 - ok 20:25:52.0400 4068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:25:52.0572 4068 Udfs - ok 20:25:52.0713 4068 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 20:25:52.0807 4068 ultra - ok 20:25:52.0869 4068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:25:53.0025 4068 Update - ok 20:25:53.0119 4068 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 20:25:53.0228 4068 USBAAPL - ok 20:25:53.0307 4068 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 20:25:53.0447 4068 usbaudio - ok 20:25:53.0541 4068 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys 20:25:53.0603 4068 usbbus - ok 20:25:53.0713 4068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:25:53.0853 4068 usbccgp - ok 20:25:53.0932 4068 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys 20:25:53.0978 4068 UsbDiag - ok 20:25:54.0103 4068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:25:54.0322 4068 usbehci - ok 20:25:54.0432 4068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:25:54.0588 4068 usbhub - ok 20:25:54.0666 4068 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys 20:25:54.0728 4068 USBModem - ok 20:25:54.0807 4068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 20:25:54.0963 4068 usbprint - ok 20:25:55.0103 4068 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:25:55.0244 4068 usbscan - ok 20:25:55.0353 4068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:25:55.0494 4068 USBSTOR - ok 20:25:55.0525 4068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:25:55.0666 4068 usbuhci - ok 20:25:55.0728 4068 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 20:25:55.0900 4068 usb_rndisx - ok 20:25:56.0103 4068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:25:56.0260 4068 VgaSave - ok 20:25:56.0353 4068 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 20:25:56.0494 4068 viaagp - ok 20:25:56.0588 4068 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 20:25:56.0760 4068 ViaIde - ok 20:25:56.0869 4068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 20:25:57.0010 4068 VolSnap - ok 20:25:57.0057 4068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:25:57.0213 4068 Wanarp - ok 20:25:57.0244 4068 wanatw - ok 20:25:57.0338 4068 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 20:25:57.0385 4068 Wdf01000 - ok 20:25:57.0432 4068 WDICA - ok 20:25:57.0478 4068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:25:57.0635 4068 wdmaud - ok 20:25:57.0728 4068 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 20:25:57.0744 4068 WinUSB - ok 20:25:57.0853 4068 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 20:25:57.0963 4068 WpdUsb - ok 20:25:58.0072 4068 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 20:25:58.0213 4068 WS2IFSL - ok 20:25:58.0275 4068 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:25:58.0307 4068 WudfPf - ok 20:25:58.0400 4068 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:25:58.0432 4068 WudfRd - ok 20:25:58.0463 4068 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0 20:25:58.0572 4068 \Device\Harddisk0\DR0 - ok 20:25:58.0572 4068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 20:25:58.0619 4068 \Device\Harddisk1\DR1 - ok 20:25:58.0666 4068 Boot (0x1200) (8f40cdef114d27cfc3267cbb77ba0a73) \Device\Harddisk0\DR0\Partition0 20:25:58.0666 4068 \Device\Harddisk0\DR0\Partition0 - ok 20:25:58.0666 4068 Boot (0x1200) (dc580cdbd9d56fc8813c7df2a07adcab) \Device\Harddisk1\DR1\Partition0 20:25:58.0666 4068 \Device\Harddisk1\DR1\Partition0 - ok 20:25:58.0666 4068 ============================================================ 20:25:58.0666 4068 Scan finished 20:25:58.0666 4068 ============================================================ 20:25:58.0807 0828 Detected object count: 20 20:25:58.0807 0828 Actual detected object count: 20 20:26:20.0353 0828 C:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine 20:26:20.0353 0828 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:20.0478 0828 C:\WINDOWS\system32\drivers\drvmcdb.sys - copied to quarantine 20:26:20.0478 0828 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:20.0572 0828 C:\WINDOWS\system32\drivers\drvnddm.sys - copied to quarantine 20:26:20.0588 0828 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:20.0713 0828 C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys - copied to quarantine 20:26:20.0713 0828 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:20.0869 0828 C:\WINDOWS\system32\DRIVERS\mhndrv.sys - copied to quarantine 20:26:20.0869 0828 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0010 0828 C:\WINDOWS\system32\Drivers\iqvw32.sys - copied to quarantine 20:26:21.0010 0828 NAL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0197 0828 C:\WINDOWS\system32\DRIVERS\omci.sys - copied to quarantine 20:26:21.0197 0828 omci ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0353 0828 C:\WINDOWS\system32\Drivers\pcouffin.sys - copied to quarantine 20:26:21.0353 0828 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0478 0828 C:\WINDOWS\system32\DRIVERS\pnetmdm.sys - copied to quarantine 20:26:21.0478 0828 pnetmdm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0603 0828 C:\WINDOWS\system32\drivers\sscdbhk5.sys - copied to quarantine 20:26:21.0603 0828 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0682 0828 C:\WINDOWS\system32\drivers\ssrtln.sys - copied to quarantine 20:26:21.0682 0828 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0775 0828 C:\WINDOWS\system32\dla\tfsnboio.sys - copied to quarantine 20:26:21.0775 0828 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0838 0828 C:\WINDOWS\system32\dla\tfsncofs.sys - copied to quarantine 20:26:21.0838 0828 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0994 0828 C:\WINDOWS\system32\dla\tfsndrct.sys - copied to quarantine 20:26:21.0994 0828 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:22.0072 0828 C:\WINDOWS\system32\dla\tfsndres.sys - copied to quarantine 20:26:22.0072 0828 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:22.0166 0828 C:\WINDOWS\system32\dla\tfsnifs.sys - copied to quarantine 20:26:22.0166 0828 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:22.0228 0828 C:\WINDOWS\system32\dla\tfsnopio.sys - copied to quarantine 20:26:22.0228 0828 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:22.0385 0828 C:\WINDOWS\system32\dla\tfsnpool.sys - copied to quarantine 20:26:22.0385 0828 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:22.0463 0828 C:\WINDOWS\system32\dla\tfsnudf.sys - copied to quarantine 20:26:22.0463 0828 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:22.0557 0828 C:\WINDOWS\system32\dla\tfsnudfa.sys - copied to quarantine 20:26:22.0557 0828 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
	to forum · permalink · 2012-02-01 23:28:34 ·
Mark8g join:2012-02-01	reply to lilhurricane TDSS report 20:24:49.0478 0656 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49 20:24:50.0228 0656 ============================================================ 20:24:50.0228 0656 Current date / time: 2012/02/01 20:24:50.0228 20:24:50.0228 0656 SystemInfo: 20:24:50.0228 0656 20:24:50.0228 0656 OS Version: 5.1.2600 ServicePack: 3.0 20:24:50.0228 0656 Product type: Workstation 20:24:50.0228 0656 ComputerName: ADAS 20:24:50.0228 0656 UserName: Adas 20:24:50.0228 0656 Windows directory: C:\WINDOWS 20:24:50.0228 0656 System windows directory: C:\WINDOWS 20:24:50.0228 0656 Processor architecture: Intel x86 20:24:50.0228 0656 Number of processors: 2 20:24:50.0228 0656 Page size: 0x1000 20:24:50.0228 0656 Boot type: Normal boot 20:24:50.0228 0656 ============================================================ 20:24:52.0666 0656 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:24:52.0682 0656 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:24:52.0728 0656 \Device\Harddisk0\DR0: 20:24:52.0728 0656 MBR used 20:24:52.0728 0656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1C844A15 20:24:52.0728 0656 \Device\Harddisk1\DR1: 20:24:52.0744 0656 MBR used 20:24:52.0744 0656 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02 20:24:53.0119 0656 Initialize success 20:24:53.0119 0656 ============================================================ 20:25:05.0307 4068 ============================================================ 20:25:05.0307 4068 Scan started 20:25:05.0307 4068 Mode: Manual; SigCheck; TDLFS; 20:25:05.0307 4068 ============================================================ 20:25:05.0807 4068 Abiosdsk - ok 20:25:05.0900 4068 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 20:25:08.0275 4068 abp480n5 - ok 20:25:08.0353 4068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:25:08.0635 4068 ACPI - ok 20:25:08.0728 4068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:25:08.0900 4068 ACPIEC - ok 20:25:09.0010 4068 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 20:25:09.0150 4068 adpu160m - ok 20:25:09.0244 4068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:25:09.0432 4068 aec - ok 20:25:09.0510 4068 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys 20:25:09.0557 4068 AegisP ( UnsignedFile.Multi.Generic ) - warning 20:25:09.0557 4068 AegisP - detected UnsignedFile.Multi.Generic (1) 20:25:09.0635 4068 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 20:25:09.0697 4068 AFD - ok 20:25:09.0760 4068 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 20:25:09.0916 4068 agp440 - ok 20:25:10.0057 4068 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 20:25:10.0228 4068 agpCPQ - ok 20:25:10.0275 4068 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 20:25:10.0385 4068 Aha154x - ok 20:25:10.0432 4068 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 20:25:10.0603 4068 aic78u2 - ok 20:25:10.0650 4068 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 20:25:10.0791 4068 aic78xx - ok 20:25:10.0885 4068 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 20:25:11.0057 4068 AliIde - ok 20:25:11.0182 4068 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 20:25:11.0353 4068 alim1541 - ok 20:25:11.0400 4068 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 20:25:11.0572 4068 amdagp - ok 20:25:11.0603 4068 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 20:25:11.0682 4068 amsint - ok 20:25:11.0807 4068 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 20:25:11.0963 4068 asc - ok 20:25:12.0041 4068 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 20:25:12.0119 4068 asc3350p - ok 20:25:12.0197 4068 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 20:25:12.0369 4068 asc3550 - ok 20:25:12.0432 4068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:25:12.0603 4068 AsyncMac - ok 20:25:12.0635 4068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:25:12.0791 4068 atapi - ok 20:25:12.0807 4068 Atdisk - ok 20:25:12.0932 4068 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 20:25:13.0166 4068 ati2mtag - ok 20:25:13.0322 4068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:25:13.0463 4068 Atmarpc - ok 20:25:13.0603 4068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:25:13.0760 4068 audstub - ok 20:25:13.0838 4068 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 20:25:14.0088 4068 AVGIDSDriver - ok 20:25:14.0166 4068 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 20:25:14.0197 4068 AVGIDSEH - ok 20:25:14.0260 4068 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20:25:14.0275 4068 AVGIDSFilter - ok 20:25:14.0635 4068 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20:25:14.0869 4068 AVGIDSShim - ok 20:25:15.0166 4068 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 20:25:15.0182 4068 Avgldx86 - ok 20:25:15.0228 4068 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 20:25:15.0244 4068 Avgmfx86 - ok 20:25:15.0307 4068 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 20:25:15.0322 4068 Avgrkx86 - ok 20:25:15.0385 4068 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 20:25:15.0400 4068 Avgtdix - ok 20:25:15.0432 4068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:25:15.0588 4068 Beep - ok 20:25:15.0603 4068 bvrp_pci - ok 20:25:15.0822 4068 catchme - ok 20:25:15.0916 4068 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 20:25:16.0057 4068 cbidf - ok 20:25:16.0088 4068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:25:16.0228 4068 cbidf2k - ok 20:25:16.0275 4068 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 20:25:16.0369 4068 cd20xrnt - ok 20:25:16.0400 4068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:25:16.0557 4068 Cdaudio - ok 20:25:16.0775 4068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:25:16.0963 4068 Cdfs - ok 20:25:17.0119 4068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:25:17.0275 4068 Cdrom - ok 20:25:17.0338 4068 Changer - ok 20:25:17.0400 4068 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 20:25:17.0572 4068 CmdIde - ok 20:25:17.0619 4068 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 20:25:17.0760 4068 Cpqarray - ok 20:25:17.0885 4068 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 20:25:17.0978 4068 ctsfm2k - ok 20:25:18.0135 4068 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 20:25:18.0307 4068 dac2w2k - ok 20:25:18.0400 4068 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 20:25:18.0572 4068 dac960nt - ok 20:25:18.0713 4068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 20:25:18.0853 4068 Disk - ok 20:25:18.0932 4068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 20:25:19.0213 4068 dmboot - ok 20:25:19.0244 4068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 20:25:19.0400 4068 dmio - ok 20:25:19.0478 4068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:25:19.0635 4068 dmload - ok 20:25:19.0713 4068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:25:19.0853 4068 DMusic - ok 20:25:19.0932 4068 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 20:25:20.0103 4068 dpti2o - ok 20:25:20.0150 4068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:25:20.0291 4068 drmkaud - ok 20:25:20.0416 4068 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys 20:25:20.0447 4068 drvmcdb ( UnsignedFile.Multi.Generic ) - warning 20:25:20.0447 4068 drvmcdb - detected UnsignedFile.Multi.Generic (1) 20:25:20.0478 4068 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys 20:25:20.0510 4068 drvnddm ( UnsignedFile.Multi.Generic ) - warning 20:25:20.0510 4068 drvnddm - detected UnsignedFile.Multi.Generic (1) 20:25:20.0635 4068 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 20:25:20.0682 4068 DSproct ( UnsignedFile.Multi.Generic ) - warning 20:25:20.0682 4068 DSproct - detected UnsignedFile.Multi.Generic (1) 20:25:20.0775 4068 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys 20:25:20.0838 4068 E100B - ok 20:25:20.0963 4068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:25:21.0166 4068 Fastfat - ok 20:25:21.0275 4068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 20:25:21.0447 4068 Fdc - ok 20:25:21.0525 4068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 20:25:21.0666 4068 Fips - ok 20:25:21.0728 4068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20:25:21.0853 4068 Flpydisk - ok 20:25:21.0963 4068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 20:25:22.0197 4068 FltMgr - ok 20:25:22.0228 4068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:25:22.0369 4068 Fs_Rec - ok 20:25:22.0494 4068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:25:22.0650 4068 Ftdisk - ok 20:25:22.0713 4068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 20:25:22.0728 4068 GEARAspiWDM - ok 20:25:22.0775 4068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:25:22.0916 4068 Gpc - ok 20:25:23.0025 4068 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys 20:25:23.0197 4068 HidIr - ok 20:25:23.0307 4068 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:25:23.0447 4068 HidUsb - ok 20:25:23.0541 4068 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\WINDOWS\system32\drivers\hitmanpro35.sys 20:25:23.0557 4068 hitmanpro35 - ok 20:25:23.0635 4068 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 20:25:23.0775 4068 hpn - ok 20:25:23.0822 4068 HTCAND32 - ok 20:25:23.0916 4068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 20:25:24.0010 4068 HTTP - ok 20:25:24.0119 4068 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 20:25:24.0260 4068 i2omgmt - ok 20:25:24.0307 4068 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 20:25:24.0478 4068 i2omp - ok 20:25:24.0572 4068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:25:24.0744 4068 i8042prt - ok 20:25:24.0791 4068 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys 20:25:24.0994 4068 iastor - ok 20:25:25.0072 4068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:25:25.0197 4068 Imapi - ok 20:25:25.0307 4068 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 20:25:25.0478 4068 ini910u - ok 20:25:25.0603 4068 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys 20:25:25.0760 4068 IntelC51 - ok 20:25:25.0807 4068 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys 20:25:25.0916 4068 IntelC52 - ok 20:25:25.0947 4068 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys 20:25:25.0978 4068 IntelC53 - ok 20:25:26.0119 4068 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 20:25:26.0275 4068 IntelIde - ok 20:25:26.0338 4068 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:25:26.0478 4068 intelppm - ok 20:25:26.0525 4068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 20:25:26.0682 4068 Ip6Fw - ok 20:25:26.0963 4068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:25:27.0182 4068 IpFilterDriver - ok 20:25:27.0291 4068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:25:27.0432 4068 IpInIp - ok 20:25:27.0525 4068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:25:27.0682 4068 IpNat - ok 20:25:27.0775 4068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:25:27.0916 4068 IPSec - ok 20:25:27.0994 4068 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys 20:25:28.0228 4068 IrBus - ok 20:25:28.0322 4068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:25:28.0463 4068 IRENUM - ok 20:25:28.0541 4068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:25:28.0682 4068 isapnp - ok 20:25:28.0744 4068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:25:28.0885 4068 Kbdclass - ok 20:25:28.0916 4068 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 20:25:29.0057 4068 kbdhid - ok 20:25:29.0182 4068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:25:29.0322 4068 kmixer - ok 20:25:29.0400 4068 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 20:25:29.0541 4068 KSecDD - ok 20:25:29.0619 4068 lbrtfdc - ok 20:25:29.0713 4068 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 20:25:29.0728 4068 MBAMProtector - ok 20:25:29.0838 4068 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 20:25:29.0900 4068 MHNDRV ( UnsignedFile.Multi.Generic ) - warning 20:25:29.0900 4068 MHNDRV - detected UnsignedFile.Multi.Generic (1) 20:25:29.0963 4068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:25:30.0119 4068 mnmdd - ok 20:25:30.0213 4068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 20:25:30.0369 4068 Modem - ok 20:25:30.0494 4068 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 20:25:30.0635 4068 MODEMCSA - ok 20:25:30.0713 4068 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys 20:25:30.0744 4068 mohfilt - ok 20:25:30.0822 4068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:25:30.0978 4068 Mouclass - ok 20:25:31.0166 4068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:25:31.0322 4068 mouhid - ok 20:25:31.0400 4068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:25:31.0557 4068 MountMgr - ok 20:25:31.0666 4068 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 20:25:31.0838 4068 mraid35x - ok 20:25:31.0885 4068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:25:32.0057 4068 MRxDAV - ok 20:25:32.0166 4068 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:25:32.0353 4068 MRxSmb - ok 20:25:32.0400 4068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:25:32.0557 4068 Msfs - ok 20:25:32.0666 4068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:25:32.0807 4068 MSKSSRV - ok 20:25:32.0869 4068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:25:33.0057 4068 MSPCLOCK - ok 20:25:33.0135 4068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:25:33.0307 4068 MSPQM - ok 20:25:33.0432 4068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:25:33.0572 4068 mssmbios - ok 20:25:33.0697 4068 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 20:25:33.0760 4068 Mup - ok 20:25:33.0853 4068 NAL (9121d8ffff773c66bbf4955e4f7aac23) C:\WINDOWS\system32\Drivers\iqvw32.sys 20:25:33.0900 4068 NAL ( UnsignedFile.Multi.Generic ) - warning 20:25:33.0900 4068 NAL - detected UnsignedFile.Multi.Generic (1) 20:25:33.0978 4068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 20:25:34.0260 4068 NDIS - ok 20:25:34.0385 4068 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:25:34.0447 4068 NdisTapi - ok 20:25:34.0525 4068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:25:34.0666 4068 Ndisuio - ok 20:25:34.0744 4068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:25:34.0916 4068 NdisWan - ok 20:25:35.0150 4068 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 20:25:35.0213 4068 NDProxy - ok 20:25:35.0260 4068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:25:35.0400 4068 NetBIOS - ok 20:25:35.0463 4068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:25:35.0619 4068 NetBT - ok 20:25:35.0697 4068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:25:35.0838 4068 Npfs - ok 20:25:35.0916 4068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 20:25:36.0103 4068 Ntfs - ok 20:25:36.0182 4068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:25:36.0322 4068 Null - ok 20:25:36.0400 4068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:25:36.0572 4068 NwlnkFlt - ok 20:25:36.0697 4068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:25:36.0869 4068 NwlnkFwd - ok 20:25:36.0963 4068 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys 20:25:36.0978 4068 omci ( UnsignedFile.Multi.Generic ) - warning 20:25:36.0978 4068 omci - detected UnsignedFile.Multi.Generic (1) 20:25:37.0119 4068 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 20:25:37.0135 4068 ossrv - ok 20:25:37.0228 4068 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys 20:25:37.0338 4068 P17 - ok 20:25:37.0416 4068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 20:25:37.0588 4068 Parport - ok 20:25:37.0650 4068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:25:37.0807 4068 PartMgr - ok 20:25:37.0900 4068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 20:25:38.0150 4068 ParVdm - ok 20:25:38.0291 4068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 20:25:38.0494 4068 PCI - ok 20:25:38.0541 4068 PCIDump - ok 20:25:38.0557 4068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:25:38.0713 4068 PCIIde - ok 20:25:38.0760 4068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 20:25:38.0916 4068 Pcmcia - ok 20:25:39.0041 4068 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys 20:25:39.0072 4068 pcouffin ( UnsignedFile.Multi.Generic ) - warning 20:25:39.0072 4068 pcouffin - detected UnsignedFile.Multi.Generic (1) 20:25:39.0119 4068 PDCOMP - ok 20:25:39.0228 4068 PDFRAME - ok 20:25:39.0307 4068 PDRELI - ok 20:25:39.0353 4068 PDRFRAME - ok 20:25:39.0400 4068 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 20:25:39.0525 4068 perc2 - ok 20:25:39.0619 4068 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 20:25:39.0775 4068 perc2hib - ok 20:25:39.0869 4068 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys 20:25:39.0885 4068 PfModNT - ok 20:25:39.0963 4068 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys 20:25:40.0072 4068 pnetmdm ( UnsignedFile.Multi.Generic ) - warning 20:25:40.0072 4068 pnetmdm - detected UnsignedFile.Multi.Generic (1) 20:25:40.0213 4068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:25:40.0353 4068 PptpMiniport - ok 20:25:40.0385 4068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:25:40.0525 4068 PSched - ok 20:25:40.0635 4068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:25:40.0791 4068 Ptilink - ok 20:25:40.0869 4068 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 20:25:40.0885 4068 PxHelp20 - ok 20:25:40.0932 4068 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 20:25:41.0072 4068 ql1080 - ok 20:25:41.0166 4068 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 20:25:41.0307 4068 Ql10wnt - ok 20:25:41.0385 4068 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 20:25:41.0557 4068 ql12160 - ok 20:25:41.0650 4068 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 20:25:41.0807 4068 ql1240 - ok 20:25:41.0885 4068 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 20:25:42.0057 4068 ql1280 - ok 20:25:42.0135 4068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:25:42.0275 4068 RasAcd - ok 20:25:42.0353 4068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:25:42.0510 4068 Rasl2tp - ok 20:25:42.0588 4068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:25:42.0713 4068 RasPppoe - ok 20:25:42.0744 4068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:25:42.0885 4068 Raspti - ok 20:25:42.0978 4068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:25:43.0275 4068 Rdbss - ok 20:25:43.0369 4068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:25:43.0510 4068 RDPCDD - ok 20:25:43.0635 4068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:25:43.0807 4068 rdpdr - ok 20:25:43.0963 4068 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 20:25:44.0057 4068 RDPWD - ok 20:25:44.0135 4068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:25:44.0291 4068 redbook - ok 20:25:44.0369 4068 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 20:25:44.0510 4068 ROOTMODEM - ok 20:25:44.0650 4068 rt2870 (ee5ad71a1f576d4d58d8d014560eb856) C:\WINDOWS\system32\DRIVERS\rt2870.sys 20:25:44.0791 4068 rt2870 - ok 20:25:44.0900 4068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:25:45.0057 4068 Secdrv - ok 20:25:45.0166 4068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 20:25:45.0338 4068 serenum - ok 20:25:45.0432 4068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 20:25:45.0572 4068 Serial - ok 20:25:45.0666 4068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:25:45.0807 4068 Sfloppy - ok 20:25:46.0057 4068 sftfs (21fd68e11d15ac0c4b3a0846e39be565) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfsXP.sys 20:25:46.0103 4068 sftfs - ok 20:25:46.0150 4068 sftplay (38fd811e7f58250916548031bd9308d0) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayXP.sys 20:25:46.0182 4068 sftplay - ok 20:25:46.0275 4068 Sftredir (1f13f3c7907588d017299b008eeed06c) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys 20:25:46.0291 4068 Sftredir - ok 20:25:46.0307 4068 sftvol (634274439e8701799f6fce42933cdb06) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvolXP.sys 20:25:46.0322 4068 sftvol - ok 20:25:46.0369 4068 Simbad - ok 20:25:46.0432 4068 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 20:25:46.0603 4068 sisagp - ok 20:25:46.0775 4068 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 20:25:46.0963 4068 Sparrow - ok 20:25:47.0150 4068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:25:47.0307 4068 splitter - ok 20:25:47.0353 4068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 20:25:47.0510 4068 sr - ok 20:25:47.0557 4068 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 20:25:47.0666 4068 Srv - ok 20:25:47.0760 4068 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 20:25:47.0775 4068 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning 20:25:47.0775 4068 sscdbhk5 - detected UnsignedFile.Multi.Generic (1) 20:25:47.0822 4068 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 20:25:47.0838 4068 ssrtln ( UnsignedFile.Multi.Generic ) - warning 20:25:47.0838 4068 ssrtln - detected UnsignedFile.Multi.Generic (1) 20:25:47.0916 4068 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 20:25:48.0041 4068 StillCam - ok 20:25:48.0275 4068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:25:48.0447 4068 swenum - ok 20:25:48.0525 4068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:25:48.0666 4068 swmidi - ok 20:25:48.0807 4068 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 20:25:48.0978 4068 symc810 - ok 20:25:49.0150 4068 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 20:25:49.0291 4068 symc8xx - ok 20:25:49.0385 4068 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 20:25:49.0557 4068 sym_hi - ok 20:25:49.0650 4068 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 20:25:49.0791 4068 sym_u3 - ok 20:25:49.0900 4068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:25:50.0041 4068 sysaudio - ok 20:25:50.0182 4068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:25:50.0369 4068 Tcpip - ok 20:25:50.0432 4068 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 20:25:50.0478 4068 Tcpip6 - ok 20:25:50.0541 4068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:25:50.0713 4068 TDPIPE - ok 20:25:50.0838 4068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:25:51.0010 4068 TDTCP - ok 20:25:51.0135 4068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:25:51.0275 4068 TermDD - ok 20:25:51.0432 4068 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys 20:25:51.0447 4068 tfsnboio ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0447 4068 tfsnboio - detected UnsignedFile.Multi.Generic (1) 20:25:51.0478 4068 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys 20:25:51.0510 4068 tfsncofs ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0510 4068 tfsncofs - detected UnsignedFile.Multi.Generic (1) 20:25:51.0541 4068 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys 20:25:51.0557 4068 tfsndrct ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0557 4068 tfsndrct - detected UnsignedFile.Multi.Generic (1) 20:25:51.0603 4068 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys 20:25:51.0619 4068 tfsndres ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0619 4068 tfsndres - detected UnsignedFile.Multi.Generic (1) 20:25:51.0650 4068 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys 20:25:51.0666 4068 tfsnifs ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0666 4068 tfsnifs - detected UnsignedFile.Multi.Generic (1) 20:25:51.0682 4068 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys 20:25:51.0713 4068 tfsnopio ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0713 4068 tfsnopio - detected UnsignedFile.Multi.Generic (1) 20:25:51.0744 4068 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys 20:25:51.0760 4068 tfsnpool ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0760 4068 tfsnpool - detected UnsignedFile.Multi.Generic (1) 20:25:51.0791 4068 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys 20:25:51.0822 4068 tfsnudf ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0822 4068 tfsnudf - detected UnsignedFile.Multi.Generic (1) 20:25:51.0853 4068 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys 20:25:51.0869 4068 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning 20:25:51.0869 4068 tfsnudfa - detected UnsignedFile.Multi.Generic (1) 20:25:51.0900 4068 TLRecAgent - ok 20:25:51.0963 4068 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 20:25:52.0088 4068 TosIde - ok 20:25:52.0135 4068 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 20:25:52.0291 4068 tunmp - ok 20:25:52.0322 4068 UALFDrv2 - ok 20:25:52.0400 4068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:25:52.0572 4068 Udfs - ok 20:25:52.0713 4068 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 20:25:52.0807 4068 ultra - ok 20:25:52.0869 4068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:25:53.0025 4068 Update - ok 20:25:53.0119 4068 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 20:25:53.0228 4068 USBAAPL - ok 20:25:53.0307 4068 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 20:25:53.0447 4068 usbaudio - ok 20:25:53.0541 4068 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys 20:25:53.0603 4068 usbbus - ok 20:25:53.0713 4068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:25:53.0853 4068 usbccgp - ok 20:25:53.0932 4068 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys 20:25:53.0978 4068 UsbDiag - ok 20:25:54.0103 4068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:25:54.0322 4068 usbehci - ok 20:25:54.0432 4068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:25:54.0588 4068 usbhub - ok 20:25:54.0666 4068 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys 20:25:54.0728 4068 USBModem - ok 20:25:54.0807 4068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 20:25:54.0963 4068 usbprint - ok 20:25:55.0103 4068 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:25:55.0244 4068 usbscan - ok 20:25:55.0353 4068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:25:55.0494 4068 USBSTOR - ok 20:25:55.0525 4068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:25:55.0666 4068 usbuhci - ok 20:25:55.0728 4068 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 20:25:55.0900 4068 usb_rndisx - ok 20:25:56.0103 4068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:25:56.0260 4068 VgaSave - ok 20:25:56.0353 4068 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 20:25:56.0494 4068 viaagp - ok 20:25:56.0588 4068 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 20:25:56.0760 4068 ViaIde - ok 20:25:56.0869 4068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 20:25:57.0010 4068 VolSnap - ok 20:25:57.0057 4068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:25:57.0213 4068 Wanarp - ok 20:25:57.0244 4068 wanatw - ok 20:25:57.0338 4068 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 20:25:57.0385 4068 Wdf01000 - ok 20:25:57.0432 4068 WDICA - ok 20:25:57.0478 4068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:25:57.0635 4068 wdmaud - ok 20:25:57.0728 4068 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 20:25:57.0744 4068 WinUSB - ok 20:25:57.0853 4068 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 20:25:57.0963 4068 WpdUsb - ok 20:25:58.0072 4068 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 20:25:58.0213 4068 WS2IFSL - ok 20:25:58.0275 4068 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:25:58.0307 4068 WudfPf - ok 20:25:58.0400 4068 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:25:58.0432 4068 WudfRd - ok 20:25:58.0463 4068 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0 20:25:58.0572 4068 \Device\Harddisk0\DR0 - ok 20:25:58.0572 4068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 20:25:58.0619 4068 \Device\Harddisk1\DR1 - ok 20:25:58.0666 4068 Boot (0x1200) (8f40cdef114d27cfc3267cbb77ba0a73) \Device\Harddisk0\DR0\Partition0 20:25:58.0666 4068 \Device\Harddisk0\DR0\Partition0 - ok 20:25:58.0666 4068 Boot (0x1200) (dc580cdbd9d56fc8813c7df2a07adcab) \Device\Harddisk1\DR1\Partition0 20:25:58.0666 4068 \Device\Harddisk1\DR1\Partition0 - ok 20:25:58.0666 4068 ============================================================ 20:25:58.0666 4068 Scan finished 20:25:58.0666 4068 ============================================================ 20:25:58.0807 0828 Detected object count: 20 20:25:58.0807 0828 Actual detected object count: 20 20:26:20.0353 0828 C:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine 20:26:20.0353 0828 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:20.0478 0828 C:\WINDOWS\system32\drivers\drvmcdb.sys - copied to quarantine 20:26:20.0478 0828 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:20.0572 0828 C:\WINDOWS\system32\drivers\drvnddm.sys - copied to quarantine 20:26:20.0588 0828 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:20.0713 0828 C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys - copied to quarantine 20:26:20.0713 0828 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:20.0869 0828 C:\WINDOWS\system32\DRIVERS\mhndrv.sys - copied to quarantine 20:26:20.0869 0828 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0010 0828 C:\WINDOWS\system32\Drivers\iqvw32.sys - copied to quarantine 20:26:21.0010 0828 NAL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0197 0828 C:\WINDOWS\system32\DRIVERS\omci.sys - copied to quarantine 20:26:21.0197 0828 omci ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0353 0828 C:\WINDOWS\system32\Drivers\pcouffin.sys - copied to quarantine 20:26:21.0353 0828 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0478 0828 C:\WINDOWS\system32\DRIVERS\pnetmdm.sys - copied to quarantine 20:26:21.0478 0828 pnetmdm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0603 0828 C:\WINDOWS\system32\drivers\sscdbhk5.sys - copied to quarantine 20:26:21.0603 0828 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0682 0828 C:\WINDOWS\system32\drivers\ssrtln.sys - copied to quarantine 20:26:21.0682 0828 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0775 0828 C:\WINDOWS\system32\dla\tfsnboio.sys - copied to quarantine 20:26:21.0775 0828 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0838 0828 C:\WINDOWS\system32\dla\tfsncofs.sys - copied to quarantine 20:26:21.0838 0828 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:21.0994 0828 C:\WINDOWS\system32\dla\tfsndrct.sys - copied to quarantine 20:26:21.0994 0828 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:22.0072 0828 C:\WINDOWS\system32\dla\tfsndres.sys - copied to quarantine 20:26:22.0072 0828 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:22.0166 0828 C:\WINDOWS\system32\dla\tfsnifs.sys - copied to quarantine 20:26:22.0166 0828 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:22.0228 0828 C:\WINDOWS\system32\dla\tfsnopio.sys - copied to quarantine 20:26:22.0228 0828 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:22.0385 0828 C:\WINDOWS\system32\dla\tfsnpool.sys - copied to quarantine 20:26:22.0385 0828 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:22.0463 0828 C:\WINDOWS\system32\dla\tfsnudf.sys - copied to quarantine 20:26:22.0463 0828 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 20:26:22.0557 0828 C:\WINDOWS\system32\dla\tfsnudfa.sys - copied to quarantine 20:26:22.0557 0828 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
	to forum · permalink · 2012-02-01 23:29:20 ·
Mark8g join:2012-02-01	reply to Mark8g TDSSKiller report 20:33:48.0322 1696 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49 20:33:48.0775 1696 ============================================================ 20:33:48.0775 1696 Current date / time: 2012/02/01 20:33:48.0775 20:33:48.0775 1696 SystemInfo: 20:33:48.0775 1696 20:33:48.0775 1696 OS Version: 5.1.2600 ServicePack: 3.0 20:33:48.0775 1696 Product type: Workstation 20:33:48.0775 1696 ComputerName: ADAS 20:33:48.0775 1696 UserName: Adas 20:33:48.0775 1696 Windows directory: C:\WINDOWS 20:33:48.0775 1696 System windows directory: C:\WINDOWS 20:33:48.0775 1696 Processor architecture: Intel x86 20:33:48.0775 1696 Number of processors: 2 20:33:48.0775 1696 Page size: 0x1000 20:33:48.0775 1696 Boot type: Normal boot 20:33:48.0775 1696 ============================================================ 20:33:51.0916 1696 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:33:51.0932 1696 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:33:51.0978 1696 \Device\Harddisk0\DR0: 20:33:51.0978 1696 MBR used 20:33:51.0978 1696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1C844A15 20:33:51.0978 1696 \Device\Harddisk1\DR1: 20:33:51.0978 1696 MBR used 20:33:51.0978 1696 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02 20:33:52.0432 1696 Initialize success 20:33:52.0432 1696 ============================================================ 20:33:54.0322 3112 ============================================================ 20:33:54.0322 3112 Scan started 20:33:54.0322 3112 Mode: Manual; 20:33:54.0322 3112 ============================================================ 20:33:55.0791 3112 Abiosdsk - ok 20:33:55.0869 3112 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 20:33:55.0869 3112 abp480n5 - ok 20:33:55.0978 3112 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:33:55.0978 3112 ACPI - ok 20:33:56.0041 3112 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:33:56.0041 3112 ACPIEC - ok 20:33:56.0119 3112 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 20:33:56.0135 3112 adpu160m - ok 20:33:56.0182 3112 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:33:56.0182 3112 aec - ok 20:33:56.0260 3112 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys 20:33:56.0260 3112 AegisP - ok 20:33:56.0338 3112 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 20:33:56.0338 3112 AFD - ok 20:33:56.0385 3112 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 20:33:56.0385 3112 agp440 - ok 20:33:56.0447 3112 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 20:33:56.0447 3112 agpCPQ - ok 20:33:56.0885 3112 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 20:33:56.0885 3112 Aha154x - ok 20:33:57.0041 3112 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 20:33:57.0041 3112 aic78u2 - ok 20:33:57.0103 3112 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 20:33:57.0103 3112 aic78xx - ok 20:33:57.0166 3112 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 20:33:57.0166 3112 AliIde - ok 20:33:57.0228 3112 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 20:33:57.0228 3112 alim1541 - ok 20:33:57.0291 3112 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 20:33:57.0291 3112 amdagp - ok 20:33:57.0353 3112 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 20:33:57.0353 3112 amsint - ok 20:33:57.0400 3112 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 20:33:57.0416 3112 asc - ok 20:33:57.0447 3112 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 20:33:57.0447 3112 asc3350p - ok 20:33:57.0619 3112 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 20:33:57.0619 3112 asc3550 - ok 20:33:57.0728 3112 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:33:57.0728 3112 AsyncMac - ok 20:33:57.0807 3112 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:33:57.0807 3112 atapi - ok 20:33:57.0869 3112 Atdisk - ok 20:33:57.0994 3112 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 20:33:58.0010 3112 ati2mtag - ok 20:33:58.0072 3112 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:33:58.0072 3112 Atmarpc - ok 20:33:58.0119 3112 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:33:58.0119 3112 audstub - ok 20:33:58.0197 3112 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 20:33:58.0213 3112 AVGIDSDriver - ok 20:33:58.0275 3112 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 20:33:58.0275 3112 AVGIDSEH - ok 20:33:58.0338 3112 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20:33:58.0353 3112 AVGIDSFilter - ok 20:33:58.0432 3112 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20:33:58.0432 3112 AVGIDSShim - ok 20:33:58.0603 3112 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 20:33:58.0603 3112 Avgldx86 - ok 20:33:58.0650 3112 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 20:33:58.0650 3112 Avgmfx86 - ok 20:33:58.0713 3112 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 20:33:58.0713 3112 Avgrkx86 - ok 20:33:58.0760 3112 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 20:33:58.0775 3112 Avgtdix - ok 20:33:58.0807 3112 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:33:58.0807 3112 Beep - ok 20:33:58.0838 3112 bvrp_pci - ok 20:33:59.0041 3112 catchme - ok 20:33:59.0135 3112 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 20:33:59.0135 3112 cbidf - ok 20:33:59.0166 3112 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:33:59.0166 3112 cbidf2k - ok 20:33:59.0228 3112 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 20:33:59.0228 3112 cd20xrnt - ok 20:33:59.0275 3112 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:33:59.0275 3112 Cdaudio - ok 20:33:59.0291 3112 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:33:59.0291 3112 Cdfs - ok 20:33:59.0322 3112 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:33:59.0322 3112 Cdrom - ok 20:33:59.0353 3112 Changer - ok 20:33:59.0416 3112 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 20:33:59.0432 3112 CmdIde - ok 20:33:59.0525 3112 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 20:33:59.0525 3112 Cpqarray - ok 20:33:59.0635 3112 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 20:33:59.0635 3112 ctsfm2k - ok 20:33:59.0682 3112 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 20:33:59.0682 3112 dac2w2k - ok 20:33:59.0744 3112 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 20:33:59.0744 3112 dac960nt - ok 20:33:59.0822 3112 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 20:33:59.0822 3112 Disk - ok 20:33:59.0916 3112 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 20:33:59.0916 3112 dmboot - ok 20:33:59.0963 3112 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 20:33:59.0963 3112 dmio - ok 20:33:59.0994 3112 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:33:59.0994 3112 dmload - ok 20:34:00.0025 3112 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:34:00.0025 3112 DMusic - ok 20:34:00.0072 3112 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 20:34:00.0088 3112 dpti2o - ok 20:34:00.0135 3112 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:34:00.0135 3112 drmkaud - ok 20:34:00.0182 3112 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys 20:34:00.0197 3112 drvmcdb - ok 20:34:00.0228 3112 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys 20:34:00.0228 3112 drvnddm - ok 20:34:00.0369 3112 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 20:34:00.0369 3112 DSproct - ok 20:34:00.0478 3112 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys 20:34:00.0478 3112 E100B - ok 20:34:00.0557 3112 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:34:00.0557 3112 Fastfat - ok 20:34:00.0619 3112 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 20:34:00.0635 3112 Fdc - ok 20:34:00.0682 3112 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 20:34:00.0682 3112 Fips - ok 20:34:00.0728 3112 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20:34:00.0728 3112 Flpydisk - ok 20:34:00.0791 3112 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 20:34:00.0791 3112 FltMgr - ok 20:34:00.0869 3112 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:34:00.0869 3112 Fs_Rec - ok 20:34:00.0916 3112 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:34:00.0916 3112 Ftdisk - ok 20:34:00.0963 3112 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 20:34:00.0963 3112 GEARAspiWDM - ok 20:34:01.0010 3112 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:34:01.0010 3112 Gpc - ok 20:34:01.0072 3112 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys 20:34:01.0072 3112 HidIr - ok 20:34:01.0197 3112 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:34:01.0197 3112 HidUsb - ok 20:34:01.0260 3112 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\WINDOWS\system32\drivers\hitmanpro35.sys 20:34:01.0260 3112 hitmanpro35 - ok 20:34:01.0322 3112 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 20:34:01.0322 3112 hpn - ok 20:34:01.0369 3112 HTCAND32 - ok 20:34:01.0463 3112 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 20:34:01.0463 3112 HTTP - ok 20:34:01.0525 3112 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 20:34:01.0541 3112 i2omgmt - ok 20:34:01.0588 3112 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 20:34:01.0588 3112 i2omp - ok 20:34:01.0650 3112 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:34:01.0650 3112 i8042prt - ok 20:34:01.0713 3112 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys 20:34:01.0713 3112 iastor - ok 20:34:01.0744 3112 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:34:01.0744 3112 Imapi - ok 20:34:01.0807 3112 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 20:34:01.0807 3112 ini910u - ok 20:34:01.0916 3112 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys 20:34:01.0932 3112 IntelC51 - ok 20:34:01.0963 3112 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys 20:34:01.0963 3112 IntelC52 - ok 20:34:01.0978 3112 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys 20:34:01.0994 3112 IntelC53 - ok 20:34:02.0041 3112 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 20:34:02.0041 3112 IntelIde - ok 20:34:02.0088 3112 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:34:02.0088 3112 intelppm - ok 20:34:02.0119 3112 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 20:34:02.0119 3112 Ip6Fw - ok 20:34:02.0150 3112 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:34:02.0150 3112 IpFilterDriver - ok 20:34:02.0213 3112 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:34:02.0213 3112 IpInIp - ok 20:34:02.0291 3112 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:34:02.0291 3112 IpNat - ok 20:34:02.0322 3112 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:34:02.0322 3112 IPSec - ok 20:34:02.0400 3112 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys 20:34:02.0400 3112 IrBus - ok 20:34:02.0557 3112 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:34:02.0557 3112 IRENUM - ok 20:34:02.0635 3112 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:34:02.0635 3112 isapnp - ok 20:34:02.0666 3112 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:34:02.0666 3112 Kbdclass - ok 20:34:02.0697 3112 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 20:34:02.0697 3112 kbdhid - ok 20:34:02.0728 3112 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:34:02.0728 3112 kmixer - ok 20:34:02.0775 3112 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 20:34:02.0775 3112 KSecDD - ok 20:34:02.0822 3112 lbrtfdc - ok 20:34:02.0900 3112 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 20:34:02.0900 3112 MBAMProtector - ok 20:34:02.0994 3112 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 20:34:02.0994 3112 MHNDRV - ok 20:34:03.0041 3112 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:34:03.0041 3112 mnmdd - ok 20:34:03.0088 3112 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 20:34:03.0088 3112 Modem - ok 20:34:03.0119 3112 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 20:34:03.0119 3112 MODEMCSA - ok 20:34:03.0135 3112 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys 20:34:03.0135 3112 mohfilt - ok 20:34:03.0166 3112 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:34:03.0166 3112 Mouclass - ok 20:34:03.0260 3112 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:34:03.0260 3112 mouhid - ok 20:34:03.0291 3112 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:34:03.0291 3112 MountMgr - ok 20:34:03.0338 3112 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 20:34:03.0338 3112 mraid35x - ok 20:34:03.0432 3112 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:34:03.0432 3112 MRxDAV - ok 20:34:03.0603 3112 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:34:03.0603 3112 MRxSmb - ok 20:34:03.0682 3112 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:34:03.0682 3112 Msfs - ok 20:34:03.0791 3112 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:34:03.0791 3112 MSKSSRV - ok 20:34:03.0869 3112 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:34:03.0869 3112 MSPCLOCK - ok 20:34:03.0963 3112 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:34:03.0963 3112 MSPQM - ok 20:34:04.0057 3112 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:34:04.0057 3112 mssmbios - ok 20:34:04.0103 3112 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 20:34:04.0103 3112 Mup - ok 20:34:04.0197 3112 NAL (9121d8ffff773c66bbf4955e4f7aac23) C:\WINDOWS\system32\Drivers\iqvw32.sys 20:34:04.0197 3112 NAL - ok 20:34:04.0244 3112 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 20:34:04.0244 3112 NDIS - ok 20:34:04.0322 3112 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:34:04.0322 3112 NdisTapi - ok 20:34:04.0369 3112 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:34:04.0369 3112 Ndisuio - ok 20:34:04.0416 3112 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:34:04.0416 3112 NdisWan - ok 20:34:04.0463 3112 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 20:34:04.0463 3112 NDProxy - ok 20:34:04.0541 3112 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:34:04.0541 3112 NetBIOS - ok 20:34:04.0572 3112 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:34:04.0572 3112 NetBT - ok 20:34:04.0619 3112 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:34:04.0619 3112 Npfs - ok 20:34:04.0666 3112 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 20:34:04.0666 3112 Ntfs - ok 20:34:04.0713 3112 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:34:04.0713 3112 Null - ok 20:34:04.0760 3112 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:34:04.0760 3112 NwlnkFlt - ok 20:34:04.0853 3112 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:34:04.0853 3112 NwlnkFwd - ok 20:34:04.0932 3112 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys 20:34:04.0932 3112 omci - ok 20:34:05.0041 3112 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 20:34:05.0041 3112 ossrv - ok 20:34:05.0166 3112 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys 20:34:05.0182 3112 P17 - ok 20:34:05.0275 3112 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 20:34:05.0275 3112 Parport - ok 20:34:05.0353 3112 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:34:05.0353 3112 PartMgr - ok 20:34:05.0432 3112 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 20:34:05.0432 3112 ParVdm - ok 20:34:05.0478 3112 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 20:34:05.0478 3112 PCI - ok 20:34:05.0572 3112 PCIDump - ok 20:34:05.0588 3112 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:34:05.0603 3112 PCIIde - ok 20:34:05.0650 3112 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 20:34:05.0666 3112 Pcmcia - ok 20:34:05.0760 3112 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys 20:34:05.0760 3112 pcouffin - ok 20:34:05.0807 3112 PDCOMP - ok 20:34:05.0822 3112 PDFRAME - ok 20:34:05.0853 3112 PDRELI - ok 20:34:05.0885 3112 PDRFRAME - ok 20:34:05.0932 3112 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 20:34:05.0932 3112 perc2 - ok 20:34:06.0010 3112 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 20:34:06.0025 3112 perc2hib - ok 20:34:06.0088 3112 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys 20:34:06.0088 3112 PfModNT - ok 20:34:06.0182 3112 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys 20:34:06.0182 3112 pnetmdm - ok 20:34:06.0244 3112 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:34:06.0244 3112 PptpMiniport - ok 20:34:06.0275 3112 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:34:06.0275 3112 PSched - ok 20:34:06.0291 3112 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:34:06.0291 3112 Ptilink - ok 20:34:06.0369 3112 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 20:34:06.0369 3112 PxHelp20 - ok 20:34:06.0432 3112 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 20:34:06.0432 3112 ql1080 - ok 20:34:06.0525 3112 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 20:34:06.0525 3112 Ql10wnt - ok 20:34:06.0603 3112 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 20:34:06.0603 3112 ql12160 - ok 20:34:06.0697 3112 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 20:34:06.0697 3112 ql1240 - ok 20:34:06.0744 3112 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 20:34:06.0744 3112 ql1280 - ok 20:34:06.0775 3112 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:34:06.0775 3112 RasAcd - ok 20:34:06.0822 3112 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:34:06.0822 3112 Rasl2tp - ok 20:34:06.0838 3112 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:34:06.0853 3112 RasPppoe - ok 20:34:06.0869 3112 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:34:06.0869 3112 Raspti - ok 20:34:06.0900 3112 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:34:06.0900 3112 Rdbss - ok 20:34:06.0932 3112 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:34:06.0932 3112 RDPCDD - ok 20:34:06.0947 3112 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:34:06.0963 3112 rdpdr - ok 20:34:07.0025 3112 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 20:34:07.0041 3112 RDPWD - ok 20:34:07.0119 3112 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:34:07.0119 3112 redbook - ok 20:34:07.0166 3112 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 20:34:07.0166 3112 ROOTMODEM - ok 20:34:07.0291 3112 rt2870 (ee5ad71a1f576d4d58d8d014560eb856) C:\WINDOWS\system32\DRIVERS\rt2870.sys 20:34:07.0291 3112 rt2870 - ok 20:34:07.0385 3112 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:34:07.0385 3112 Secdrv - ok 20:34:07.0463 3112 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 20:34:07.0463 3112 serenum - ok 20:34:07.0541 3112 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 20:34:07.0541 3112 Serial - ok 20:34:07.0588 3112 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:34:07.0588 3112 Sfloppy - ok 20:34:07.0775 3112 sftfs (21fd68e11d15ac0c4b3a0846e39be565) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfsXP.sys 20:34:07.0775 3112 sftfs - ok 20:34:07.0807 3112 sftplay (38fd811e7f58250916548031bd9308d0) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayXP.sys 20:34:07.0807 3112 sftplay - ok 20:34:07.0822 3112 Sftredir (1f13f3c7907588d017299b008eeed06c) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys 20:34:07.0822 3112 Sftredir - ok 20:34:07.0838 3112 sftvol (634274439e8701799f6fce42933cdb06) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvolXP.sys 20:34:07.0838 3112 sftvol - ok 20:34:07.0869 3112 Simbad - ok 20:34:07.0947 3112 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 20:34:07.0947 3112 sisagp - ok 20:34:08.0025 3112 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 20:34:08.0025 3112 Sparrow - ok 20:34:08.0088 3112 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:34:08.0088 3112 splitter - ok 20:34:08.0182 3112 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 20:34:08.0182 3112 sr - ok 20:34:08.0619 3112 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 20:34:08.0619 3112 Srv - ok 20:34:08.0791 3112 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 20:34:08.0791 3112 sscdbhk5 - ok 20:34:08.0853 3112 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 20:34:08.0869 3112 ssrtln - ok 20:34:08.0947 3112 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 20:34:08.0947 3112 StillCam - ok 20:34:09.0041 3112 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:34:09.0041 3112 swenum - ok 20:34:09.0072 3112 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:34:09.0072 3112 swmidi - ok 20:34:09.0119 3112 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 20:34:09.0119 3112 symc810 - ok 20:34:09.0182 3112 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 20:34:09.0182 3112 symc8xx - ok 20:34:09.0228 3112 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 20:34:09.0228 3112 sym_hi - ok 20:34:09.0322 3112 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 20:34:09.0322 3112 sym_u3 - ok 20:34:09.0385 3112 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:34:09.0385 3112 sysaudio - ok 20:34:09.0541 3112 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:34:09.0557 3112 Tcpip - ok 20:34:09.0603 3112 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 20:34:09.0603 3112 Tcpip6 - ok 20:34:09.0775 3112 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:34:09.0775 3112 TDPIPE - ok 20:34:09.0869 3112 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:34:09.0869 3112 TDTCP - ok 20:34:09.0978 3112 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:34:09.0978 3112 TermDD - ok 20:34:10.0057 3112 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys 20:34:10.0057 3112 tfsnboio - ok 20:34:10.0072 3112 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys 20:34:10.0072 3112 tfsncofs - ok 20:34:10.0103 3112 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys 20:34:10.0103 3112 tfsndrct - ok 20:34:10.0135 3112 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys 20:34:10.0135 3112 tfsndres - ok 20:34:10.0166 3112 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys 20:34:10.0166 3112 tfsnifs - ok 20:34:10.0182 3112 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys 20:34:10.0182 3112 tfsnopio - ok 20:34:10.0213 3112 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys 20:34:10.0213 3112 tfsnpool - ok 20:34:10.0228 3112 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys 20:34:10.0244 3112 tfsnudf - ok 20:34:10.0275 3112 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys 20:34:10.0275 3112 tfsnudfa - ok 20:34:10.0291 3112 TLRecAgent - ok 20:34:10.0369 3112 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 20:34:10.0369 3112 TosIde - ok 20:34:10.0416 3112 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 20:34:10.0416 3112 tunmp - ok 20:34:10.0447 3112 UALFDrv2 - ok 20:34:10.0541 3112 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:34:10.0541 3112 Udfs - ok 20:34:10.0603 3112 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 20:34:10.0603 3112 ultra - ok 20:34:10.0666 3112 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:34:10.0682 3112 Update - ok 20:34:10.0744 3112 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 20:34:10.0744 3112 USBAAPL - ok 20:34:10.0822 3112 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 20:34:10.0822 3112 usbaudio - ok 20:34:10.0916 3112 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys 20:34:10.0916 3112 usbbus - ok 20:34:10.0978 3112 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:34:10.0978 3112 usbccgp - ok 20:34:11.0041 3112 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys 20:34:11.0041 3112 UsbDiag - ok 20:34:11.0119 3112 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:34:11.0119 3112 usbehci - ok 20:34:11.0213 3112 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:34:11.0213 3112 usbhub - ok 20:34:11.0307 3112 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys 20:34:11.0307 3112 USBModem - ok 20:34:11.0463 3112 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 20:34:11.0463 3112 usbprint - ok 20:34:11.0572 3112 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:34:11.0572 3112 usbscan - ok 20:34:11.0619 3112 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:34:11.0619 3112 USBSTOR - ok 20:34:11.0650 3112 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:34:11.0650 3112 usbuhci - ok 20:34:11.0697 3112 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 20:34:11.0697 3112 usb_rndisx - ok 20:34:11.0760 3112 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:34:11.0760 3112 VgaSave - ok 20:34:11.0807 3112 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 20:34:11.0807 3112 viaagp - ok 20:34:11.0885 3112 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 20:34:11.0885 3112 ViaIde - ok 20:34:11.0978 3112 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 20:34:11.0978 3112 VolSnap - ok 20:34:12.0025 3112 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:34:12.0025 3112 Wanarp - ok 20:34:12.0041 3112 wanatw - ok 20:34:12.0119 3112 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 20:34:12.0135 3112 Wdf01000 - ok 20:34:12.0166 3112 WDICA - ok 20:34:12.0197 3112 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:34:12.0197 3112 wdmaud - ok 20:34:12.0291 3112 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 20:34:12.0291 3112 WinUSB - ok 20:34:12.0400 3112 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 20:34:12.0400 3112 WpdUsb - ok 20:34:12.0572 3112 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 20:34:12.0572 3112 WS2IFSL - ok 20:34:12.0650 3112 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:34:12.0650 3112 WudfPf - ok 20:34:12.0728 3112 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:34:12.0728 3112 WudfRd - ok 20:34:12.0760 3112 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0 20:34:12.0807 3112 \Device\Harddisk0\DR0 - ok 20:34:12.0822 3112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 20:34:12.0822 3112 \Device\Harddisk1\DR1 - ok 20:34:12.0853 3112 Boot (0x1200) (8f40cdef114d27cfc3267cbb77ba0a73) \Device\Harddisk0\DR0\Partition0 20:34:12.0853 3112 \Device\Harddisk0\DR0\Partition0 - ok 20:34:12.0869 3112 Boot (0x1200) (dc580cdbd9d56fc8813c7df2a07adcab) \Device\Harddisk1\DR1\Partition0 20:34:12.0869 3112 \Device\Harddisk1\DR1\Partition0 - ok 20:34:12.0869 3112 ============================================================ 20:34:12.0869 3112 Scan finished 20:34:12.0869 3112 ============================================================ 20:34:12.0885 2332 Detected object count: 0 20:34:12.0885 2332 Actual detected object count: 0
	to forum · permalink · 2012-02-01 23:35:18 ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:51 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Team Discovery	Thanks for adding that We ask for your patience till LoPhatPhuud has time to review. Please do not make any changes to your system at this time
	to forum · permalink · 2012-02-01 23:51:04 ·
Mark8g join:2012-02-01	I await LoPhatPhuud.........
	to forum · permalink · 2012-02-02 00:30:32 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23	reply to Mark8g The OTL log shows both HitMan Pro and Combofix installed. If still available, post the logs from both programs please.
	to forum · permalink · 2012-02-02 12:06:42 ·
Mark8g join:2012-02-01	Hitmanlog saved as xml and couldn't post.
	to forum · permalink · 2012-02-02 12:53:25 ·
Mark8g join:2012-02-01	reply to LoPhatPhuud ~ ~ ~ ComboFix: ComboFix 12-01-26.03 - Adas 02/02/2012 9:33.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2411 [GMT -8:00] Running from: c:\documents and settings\Adas\My Documents\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 Disabled/Updated {17DDD097-36FF-435F-9E1B-52D74245D6BF} . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Adas\Application Data\vso_ts_preview.xml c:\documents and settings\All Users\Application Data\TEMP . . ((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 ))))))))))))))))))))))))))))))) . . 2012-02-02 00:21 . 2012-02-02 00:21 -------- d-----w- c:\program files\ESET 2012-02-02 00:15 . 2012-02-02 00:15 -------- d-----w- c:\documents and settings\Adas\Application Data\QuickScan 2012-02-01 20:28 . 2012-02-01 20:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-01 20:28 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-01 07:57 . 2012-02-02 17:21 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2012-02-01 07:57 . 2012-02-01 07:57 -------- d-----w- c:\program files\Hitman Pro 3.5 2012-02-01 07:56 . 2012-02-01 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2012-01-31 22:50 . 2012-01-31 22:50 -------- d-----w- c:\program files\Sophos 2012-01-28 04:27 . 2012-01-28 04:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2012-01-25 18:54 . 2012-01-25 18:56 -------- d-----w- c:\program files\iTunes 2012-01-25 15:42 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-01-25 07:59 . 2012-01-25 07:59 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys 2012-01-25 07:58 . 2012-01-25 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2012-01-25 07:22 . 2012-01-27 22:33 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-01-25 07:15 . 2012-01-27 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2012-01-25 07:14 . 2012-01-25 15:39 -------- d-----w- C:\TDSSKiller_Quarantine 2012-01-24 07:29 . 2012-01-24 07:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\PeerNetworking 2012-01-24 07:29 . 2012-01-24 07:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PeerNetworking 2012-01-24 07:28 . 2012-01-24 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\crowsoft 2012-01-24 07:28 . 2012-01-24 07:38 -------- d-----w- c:\program files\LAN On Internet Pro 2012-01-24 07:28 . 2009-12-31 21:21 153088 ----a-w- c:\windows\system32\LOILSP.dll 2012-01-24 07:28 . 2009-12-31 21:21 32768 ----a-w- c:\windows\system32\ilannsp.dll 2012-01-15 17:43 . 2012-01-19 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-01-15 17:33 . 2012-01-15 17:35 -------- d-----w- c:\documents and settings\Adas\Application Data\PerformerSoft . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 21:57 . 2004-08-19 20:49 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-25 18:01 . 2011-07-22 08:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 13:25 . 2004-08-19 20:49 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2004-08-19 20:49 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:21 . 2004-08-19 20:49 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2004-08-19 20:49 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-04 19:20 . 2004-08-19 20:49 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2004-08-19 20:49 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2004-08-19 20:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Medialink Utilty"="c:\program files\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2170904] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2009-09-26 518040] . c:\documents and settings\Adas\Start Menu\Programs\Startup\ TClock2.lnk - c:\documents and settings\Adas\Desktop\tclock2_120\tclock2.exe [2003-8-3 90624] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^Adas^Start Menu^Programs^Startup^santa.bat] path=c:\documents and settings\Adas\Start Menu\Programs\Startup\santa.bat backup=c:\windows\pss\santa.batStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Adas^Start Menu^Programs^Startup^Secunia PSI.lnk] path=c:\documents and settings\Adas\Start Menu\Programs\Startup\Secunia PSI.lnk backup=c:\windows\pss\Secunia PSI.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk backup=c:\windows\pss\LaunchU3.exe.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] 2009-09-26 14:39 518040 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C86 Series] 2003-11-25 11:00 99840 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2R1.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-06-05 01:12 136176 ----atw- c:\documents and settings\Adas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility] 2010-08-24 17:29 206240 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-08-09 14:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-01-17 01:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-01-13 22:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor with AntiVirus] 2012-01-25 07:13 512992 ----a-w- c:\documents and settings\Adas\Desktop\sdasetup_revwire207.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 18:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-19 03:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Microsoft Office Groove Audit Service"=3 (0x3) "WMPNetworkSvc"=2 (0x2) "Apple Mobile Device"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Adas\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "55061:TCP"= 55061:TCP:uTorr "55061:UDP"= 55061:UDP:uTorr "5985:TCP"= 5985:TCP::Disabled:Windows Remote Management "3587:TCP"= 3587:TCP::Disabled:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 3:32 AM 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 6:54 AM 295248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776] R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 6:35 AM 819600] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/1/2012 12:28 PM 652360] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 2:04 PM 447832] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3/30/2011 4:17 PM 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/1/2012 12:28 PM 20464] R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 2:04 PM 543064] R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 2:04 PM 190312] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 2:05 PM 21864] R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 2:04 PM 14680] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 2:04 PM 203608] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/29/2009 2:42 AM 135664] S2 TLRecAgent;TLRecAgent;\??\c:\windows\system32\drivers\TLRecAgent.sys --> c:\windows\system32\drivers\TLRecAgent.sys [?] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/29/2009 2:42 AM 135664] S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 3:28 AM 4639136] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/3/2008 5:44 PM 47360] S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [3/6/2010 4:57 PM 9472] S3 UALFDrv2;UALFDrv2;c:\windows\system32\DRIVERS\UALFDrv2.sys --> c:\windows\system32\DRIVERS\UALFDrv2.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/19/2004 12:49 PM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504] . --- Other Services/Drivers In Memory --- . Deregistered - hitmanpro35 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Contents of the 'Scheduled Tasks' folder . 2012-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 10:42] . 2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 10:42] . 2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083693124-1905285605-2234644732-1006Core.job - c:\documents and settings\Adas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:12] . 2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083693124-1905285605-2234644732-1006UA.job - c:\documents and settings\Adas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:12] . 2011-05-01 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20] . 2012-02-02 c:\windows\Tasks\User_Feed_Synchronization-{91698C7F-12F0-4233-8367-1B419D53299C}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/ uInternet Settings,ProxyOverride = .local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM Trusted Zone: google.com\mail TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net Rootkit scan 2012-02-02 09:37 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . Completion time: 2012-02-02 09:41:07 ComboFix-quarantined-files.txt 2012-02-02 17:40 ComboFix2.txt 2012-01-26 20:36 . Pre-Run: 105,129,107,456 bytes free Post-Run: 105,107,849,216 bytes free . - - End Of File - - 50474C8AAB7B9B6483F73D1B47D2DB4A ~ ~ ~ ~ Hitman
	to forum · permalink · 2012-02-02 12:54:12 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to Mark8g This shows in the Combofix log, any idea what it is? c:\documents and settings\Adas\Start Menu\Programs\Startup\santa.bat Also... Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found. You find link(s) and instructions here: »Security Cleanup FAQ »Rootkit Detection Applications -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-02-02 13:12:29 ·
Mark8g join:2012-02-01	Took a while to get to sophos…kept getting SSL errors …like: [ This is probably not the site you are looking for! You attempted to reach www.google.com, but instead you actually reached a server identifying itself as.addthis.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of www.google.com. You should not proceed.] and [You attempted to reach www.intrade.com, but instead you actually reached a server identifying itself as.googleapis.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of www.intrade.com. You should not proceed.] Btw – I try Chrome and IE..got to site by going through a cached snapshot…and then I only got unformatted text version. Also if I do manage to get to a website – often time lots of empty placeholders with Invalid URL. [The requested URL "/udm/img.fetch?sid=4105;tid=2;ev=1;dt=1;", is invalid. Reference #9.58f4c541.1328209278.552bd0b0] Don’t know what santa.bat is – don’t see it when I look in c:\documents and settings\Adas\Start Menu\Programs\Startup\. Also – have one laptop and two ipads and two smart phones connected to my router – none show issues so I am discounting any potential router virus/issues. ~ ~ ~ Sophos log Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc Started logging on 2/2/2012 at 10:25:11 AM User "Adas" on computer "ADAS" Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32 Info: Starting process scan. Info: Starting registry scan. Info: Starting disk scan of C: (NTFS). Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet108-109man.exe Hidden: file C:\dell\Utilities\Driver Reset Tool\Driver Reset.exe Hidden: file C:\dell\mmkey.exe Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf108-109man.exe Hidden: file C:\Program Files\VideoLAN\vlc-1.1.11-win32.exe Hidden: file C:\Program Files\Dell Support\BrowserPlugins\LicValidate.dll Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet111-112man.exe Hidden: file C:\Program Files\Sonic\MyDVD\MyDVD.EXE Hidden: file C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Paint Shop Pro Studio.exe Hidden: file C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acssetup.exe Hidden: file C:\Program Files\Common Files\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll Hidden: file C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\HTML\MakeDesktopShortcut.EXE Hidden: file C:\Documents and Settings\Adas\Desktop\MOTIVATION\BT\BT Etc\Winning Secrets\youtubedownloader.exe Hidden: file C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0000ec Hidden: file C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch7\HTML\MakeDesktopShortcut.EXE Hidden: file C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch8\HTML\MakeDesktopShortcut.EXE Hidden: file C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1517\A0230201.exe Hidden: file C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1517\A0230215.exe Hidden: file C:\WINDOWS\PEV.exe Hidden: file C:\Documents and Settings\Adas\.housecall\tsc.exe Hidden: file C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1517\A0230289.exe Hidden: file C:\dell\WBDBU32I.DLL Hidden: file C:\Program Files\YouTube Downloader\Uninstall.exe Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet110-111man.exe Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf110-111man.exe Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet114-115man.exe Hidden: file C:\Program Files\VirtualDub\VirtualDub.exe Hidden: file C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE Hidden: file C:\Documents and Settings\Adas\My Documents\Bohuslav Martinu\Piano Concertos\Piano Concertos - Czech Philharmonic Orchestra Leichner Belohlavek Neumann\Martinu - Concerto Piano, Timpani & Double String Orchestra 3. Czech Philharmonic Orchestra. Saroun. Mazacek. Belohlavek..mp3 Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet113-114man.exe Hidden: file C:\Program Files\Azureus\Uninstall.exe Hidden: file C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\Uninstall.exe Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf112-113man.exe Hidden: file C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000401 Hidden: file C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1525\A0236333.exe Hidden: file C:\Documents and Settings\Adas\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000483 Hidden: file C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1525\A0236393.exe Hidden: file C:\Program Files\Essentials Codec Pack\mplayerc.exe Hidden: file C:\Documents and Settings\Adas\.housecall6.6\tsc.exe Hidden: file C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1519\A0230747.exe Hidden: file C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet109-110man.exe Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf109-110man.exe Hidden: file C:\Documents and Settings\Adas\Local Settings\Application Data\Trend Micro\HCMS\checkup\en-US\components\TSC.EXE Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet112-113man.exe Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf111-112man.exe Hidden: file C:\Program Files\DVD Flick\imgburn\ImgBurnPreview.exe Hidden: file C:\Program Files\VideoLAN\VLC\uninstall.exe Hidden: file C:\epson\epson11350\SETUP\SETUP.EXE Hidden: file C:\Documents and Settings\Adas\My Documents\videoraipodconverter_Installer.exe Hidden: file C:\Program Files\AviSynth 2.5\Uninstall.exe Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet116-117man.exe Hidden: file C:\Program Files\DVD Flick\imgburn\imgburn.exe Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf114-115man.exe Hidden: file C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet115-116man.exe Hidden: file C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf113-114man.exe Hidden: file C:\Program Files\Microsoft Games\Flight Simulator 9\fs9_org.exe Hidden: file C:\Documents and Settings\Adas\My Documents\Bohuslav Martinu\Piano Concertos\Piano Concertos - Czech Philharmonic Orchestra Leichner Belohlavek Neumann\Martinu - Concerto Piano, Timpani & Double String Orchestra 1. Czech Philharmonic Orchestra. Saroun. Mazacek. Belohlavek..mp3 Hidden: file C:\Documents and Settings\Adas\My Documents\Bohuslav Martinu\Piano Concertos\Piano Concertos - Czech Philharmonic Orchestra Leichner Belohlavek Neumann\Martinu - Concerto Piano, Timpani & Double String Orchestra 2. Czech Philharmonic Orchestra. Saroun. Mazacek. Belohlavek..mp3 Hidden: file C:\Program Files\Series7_Exam_FD\PracticeTest1.exe Hidden: file C:\Program Files\Series7_Exam_FD\PracticeTest2.exe Hidden: file C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe Hidden: file C:\Program Files\K-Lite Codec Pack\filters\bass_aac.dll Hidden: file C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll Hidden: file C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll Hidden: file C:\Program Files\AoA Audio Extractor\avcodec-51.dll Hidden: file C:\Program Files\AoA Audio Extractor\avformat-50.dll Hidden: file C:\Documents and Settings\Adas\Desktop\Series 7\Start.exe Hidden: file C:\Documents and Settings\Adas\Desktop\Series 7\tests\PracticeTest1.exe Hidden: file C:\Documents and Settings\Adas\Desktop\Series 7\tests\PracticeTest2.exe Hidden: file C:\Documents and Settings\Adas\Desktop\Series 7\tests\installTests.EXE Hidden: file C:\Documents and Settings\Adas\Desktop\MOTIVATION\Winning Secrets\youtubedownloader.exe Hidden: file C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll Hidden: file C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1515\A0229722.exe Info: Starting disk scan of D: (NTFS). Hidden: file D:\~Music\Kronos quartet - Pieces of Africa\flac112a.exe Hidden: file D:\Rosetta.Stone\Rosetta Stone v3.3.5 for Windows\Rosetta Stone v3.3.5 for Windows\RosettaStoneSetup.exe Hidden: file D:\~High Performance Selling\High Performance Selling [Robert Kiyosaki, Tony robbins, T Harv Eker, Bonnie Holscher, Bob Proctor]\Free Texas Holdem Poker Bot\HoldemIndicatorSetup.exe Hidden: file D:\Ringtones_Deluxe\Ringtones4DLX_MP3_PALM\Ringtone Browser.exe Stopped logging on 2/2/2012 at 12:37:22 PM
	to forum · permalink · 2012-02-02 16:38:19 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to Mark8g Thanks for the info. The router was on my list of things to question. This is a puzzler. Nothing glaring so far to indicate what is the cause. The santa.bat, by name alone is suspicious so that's out next target. Also, I am going to ask someone else to take a look at this thread for a second opinion. Sometimes it's starting at you and you don't see it. For Now... 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quotebox below into it: quote: KillAll:: File:: c:\documents and settings\Adas\Start Menu\Programs\Startup\santa.bat Folder:: Registry:: Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Let me know if this makes a difference. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-02-04 11:37:13 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to Mark8g One other check.. Please download http://public.avast.com/~gmerek/aswMBR.exe aswMBR ( 511KB ) to your desktop. []Double click the aswMBR.exe* icon to run it []Click the Scanbutton to start the scan []On completion of the scan, click the save logbutton, save it to your desktop and post it in your next reply. Note: Do not install Avast anti virus when offered. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-02-05 10:24:17 ·
Mark8g join:2012-02-01 1 edit	reply to LoPhatPhuud Ran Combofix as instructed.... Cobofix log below. Searched registry and found the following after running Combofix: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Adas^Start Menu^Programs^Startup^santa.bat Unsuccessful downloading : http://public.avast.com/~gmerek/aswMBR.exe It's a matter of principal now - need to fix this old girl. ~ ~ Combofix log ComboFix 12-02-02.02 - Adas 02/05/2012 19:40:38.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2561 [GMT -8:00] Running from: c:\documents and settings\Adas\Desktop\ComboFix\ComboFix.exe Command switches used :: c:\documents and settings\Adas\Desktop\ComboFix\CFScript.txt . FILE :: "c:\documents and settings\Adas\Start Menu\Programs\Startup\santa.bat" . . ((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 ))))))))))))))))))))))))))))))) . . 2012-02-03 04:13 . 2012-02-03 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2012-02-03 04:13 . 2012-02-03 04:13 -------- d-----w- c:\program files\iolo 2012-02-03 04:13 . 2012-02-03 04:13 -------- d-----w- c:\documents and settings\Adas\Application Data\iolo 2012-02-02 00:21 . 2012-02-02 00:21 -------- d-----w- c:\program files\ESET 2012-02-02 00:15 . 2012-02-02 00:15 -------- d-----w- c:\documents and settings\Adas\Application Data\QuickScan 2012-02-01 20:28 . 2012-02-01 20:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-01 20:28 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-01 07:57 . 2012-02-02 17:21 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2012-02-01 07:57 . 2012-02-01 07:57 -------- d-----w- c:\program files\Hitman Pro 3.5 2012-02-01 07:56 . 2012-02-01 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2012-01-31 22:50 . 2012-01-31 22:50 -------- d-----w- c:\program files\Sophos 2012-01-28 04:27 . 2012-01-28 04:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2012-01-25 18:54 . 2012-01-25 18:56 -------- d-----w- c:\program files\iTunes 2012-01-25 15:42 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-01-25 07:59 . 2012-01-25 07:59 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys 2012-01-25 07:58 . 2012-01-25 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2012-01-25 07:22 . 2012-01-27 22:33 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-01-25 07:15 . 2012-01-27 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2012-01-25 07:14 . 2012-01-25 15:39 -------- d-----w- C:\TDSSKiller_Quarantine 2012-01-24 07:29 . 2012-01-24 07:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\PeerNetworking 2012-01-24 07:29 . 2012-01-24 07:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PeerNetworking 2012-01-24 07:28 . 2012-01-24 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\crowsoft 2012-01-24 07:28 . 2012-01-24 07:38 -------- d-----w- c:\program files\LAN On Internet Pro 2012-01-24 07:28 . 2009-12-31 21:21 153088 ----a-w- c:\windows\system32\LOILSP.dll 2012-01-24 07:28 . 2009-12-31 21:21 32768 ----a-w- c:\windows\system32\ilannsp.dll 2012-01-15 17:43 . 2012-01-19 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-01-15 17:33 . 2012-01-15 17:35 -------- d-----w- c:\documents and settings\Adas\Application Data\PerformerSoft . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 21:57 . 2004-08-19 20:49 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-25 18:01 . 2011-07-22 08:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 13:25 . 2004-08-19 20:49 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2004-08-19 20:49 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:21 . 2004-08-19 20:49 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2004-08-19 20:49 152064 ----a-w- c:\windows\system32\schannel.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-26_20.31.05 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-06 03:55 . 2012-02-06 03:55 16384 c:\windows\Temp\Perflib_Perfdata_3a4.dat + 2011-06-11 09:58 . 2011-06-11 09:58 51024 c:\windows\system32\vcomp100.dll + 2011-06-11 09:58 . 2011-06-11 09:58 81744 c:\windows\system32\mfcm100u.dll + 2011-06-11 09:58 . 2011-06-11 09:58 81744 c:\windows\system32\mfcm100.dll + 2011-06-11 09:58 . 2011-06-11 09:58 60752 c:\windows\system32\mfc100rus.dll + 2011-06-11 09:58 . 2011-06-11 09:58 43344 c:\windows\system32\mfc100kor.dll + 2011-06-11 09:58 . 2011-06-11 09:58 43856 c:\windows\system32\mfc100jpn.dll + 2011-06-11 09:58 . 2011-06-11 09:58 62288 c:\windows\system32\mfc100ita.dll + 2011-06-11 09:58 . 2011-06-11 09:58 64336 c:\windows\system32\mfc100fra.dll + 2011-06-11 09:58 . 2011-06-11 09:58 63824 c:\windows\system32\mfc100esn.dll + 2011-06-11 09:58 . 2011-06-11 09:58 55120 c:\windows\system32\mfc100enu.dll + 2011-06-11 09:58 . 2011-06-11 09:58 64336 c:\windows\system32\mfc100deu.dll + 2011-06-11 09:58 . 2011-06-11 09:58 36176 c:\windows\system32\mfc100cht.dll + 2011-06-11 09:58 . 2011-06-11 09:58 36176 c:\windows\system32\mfc100chs.dll + 2012-02-01 23:46 . 2012-02-01 23:46 22016 c:\windows\Installer\be2d72.msi + 2012-01-27 22:26 . 2012-01-27 22:26 24576 c:\windows\Installer\3b202.msi + 2011-06-11 09:58 . 2011-06-11 09:58 773968 c:\windows\system32\msvcr100.dll + 2011-06-11 09:58 . 2011-06-11 09:58 421200 c:\windows\system32\msvcp100.dll + 2011-06-11 09:58 . 2011-06-11 09:58 138056 c:\windows\system32\atl100.dll + 2012-01-31 18:10 . 2012-01-31 18:10 160768 c:\windows\Installer\52c2da.msi + 2011-06-11 09:58 . 2011-06-11 09:58 4422992 c:\windows\system32\mfc100u.dll + 2011-06-11 09:58 . 2011-06-11 09:58 4397384 c:\windows\system32\mfc100.dll + 2012-01-31 20:19 . 2012-01-31 20:19 4698112 c:\windows\Installer\728a8.msi + 2012-02-02 02:07 . 2012-02-02 02:07 2186240 c:\windows\Installer\13f57dc.msi + 2011-06-29 05:27 . 2011-06-29 05:27 4028928 c:\windows\Installer\1253ae.msp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Medialink Utilty"="c:\program files\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2170904] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2009-09-26 518040] . c:\documents and settings\Adas\Start Menu\Programs\Startup\ TClock2.lnk - c:\documents and settings\Adas\Desktop\tclock2_120\tclock2.exe [2003-8-3 90624] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^Adas^Start Menu^Programs^Startup^santa.bat] path=c:\documents and settings\Adas\Start Menu\Programs\Startup\santa.bat backup=c:\windows\pss\santa.batStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Adas^Start Menu^Programs^Startup^Secunia PSI.lnk] path=c:\documents and settings\Adas\Start Menu\Programs\Startup\Secunia PSI.lnk backup=c:\windows\pss\Secunia PSI.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk backup=c:\windows\pss\LaunchU3.exe.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2006-08-29 04:57 395776 ----a-w- c:\progra~1\DELLSU~1\DSAgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] 2009-09-26 14:39 518040 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C86 Series] 2003-11-25 11:00 99840 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2R1.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-06-05 01:12 136176 ----atw- c:\documents and settings\Adas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility] 2010-08-24 17:29 206240 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-08-09 14:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-01-17 01:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-01-13 22:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor with AntiVirus] 2012-01-25 07:13 512992 ----a-w- c:\documents and settings\Adas\Desktop\sdasetup_revwire207.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 18:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-19 03:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Microsoft Office Groove Audit Service"=3 (0x3) "WMPNetworkSvc"=2 (0x2) "Apple Mobile Device"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Adas\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "55061:TCP"= 55061:TCP:uTorr "55061:UDP"= 55061:UDP:uTorr "5985:TCP"= 5985:TCP::Disabled:Windows Remote Management "3587:TCP"= 3587:TCP::Disabled:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 6:35 AM 819600] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/1/2012 12:28 PM 652360] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 2:04 PM 447832] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/1/2012 12:28 PM 20464] R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 2:04 PM 543064] R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 2:04 PM 190312] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 2:05 PM 21864] R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 2:04 PM 14680] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 2:04 PM 203608] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/29/2009 2:42 AM 135664] S2 TLRecAgent;TLRecAgent;\??\c:\windows\system32\drivers\TLRecAgent.sys --> c:\windows\system32\drivers\TLRecAgent.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/29/2009 2:42 AM 135664] S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6D.tmp --> c:\windows\system32\6D.tmp [?] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 3:28 AM 4639136] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/3/2008 5:44 PM 47360] S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [3/6/2010 4:57 PM 9472] S3 UALFDrv2;UALFDrv2;c:\windows\system32\DRIVERS\UALFDrv2.sys --> c:\windows\system32\DRIVERS\UALFDrv2.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/19/2004 12:49 PM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Contents of the 'Scheduled Tasks' folder . 2012-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 10:42] . 2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 10:42] . 2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083693124-1905285605-2234644732-1006Core.job - c:\documents and settings\Adas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:12] . 2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083693124-1905285605-2234644732-1006UA.job - c:\documents and settings\Adas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:12] . 2012-02-06 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20] . 2012-02-05 c:\windows\Tasks\User_Feed_Synchronization-{91698C7F-12F0-4233-8367-1B419D53299C}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/ uInternet Settings,ProxyOverride = .local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM Trusted Zone: google.com\mail TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net Rootkit scan 2012-02-05 19:56 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ********************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\6D.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3512) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\documents and settings\Adas\Desktop\tclock2_120\tc2dll.tclock c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.EXE c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\MsPMSPSv.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\system32\taskmgr.exe . ************************************************************************ . Completion time: 2012-02-05 20:04:32 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-06 04:04 ComboFix2.txt 2012-02-02 17:41 ComboFix3.txt 2012-01-26 20:36 . Pre-Run: 105,026,727,936 bytes free Post-Run: 105,135,157,248 bytes free . - - End Of File - - 61533BA0505C248B6D68076413513DC2
	to forum · permalink · 2012-02-05 23:36:39 ·
Mark8g join:2012-02-01	reply to LoPhatPhuud Also - I did have 404 not found errors show up on another laptop connected to the wireless router. Would resetting the router to factory specs take that out of the equation?
	to forum · permalink · 2012-02-05 23:48:23 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to Mark8g First: Resetting the router certainly will not hurt. At least you can eliminate it as a source of the problem. At best, it will fix a few issues. Second: Instead of aswMBR, try this.. Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop. http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe http://ad13.geekstogo.com/MBRCheck.exe http://www.kernelmode.info/MBRCheck.exe Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator. It will open a black screen with some data on it...please do not fix anything (if it gives you an option). When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard. A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop. Copy and paste the contents of that log in your next reply. Third: 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quotebox below into it: quote: KillAll:: File:: Folder:: Registry:: [-HKLM\~\startupfolder\C:^Documents and Settings^Adas^Start Menu^Programs^Startup^santa.bat] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor with AntiVirus] Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-02-06 11:43:24 ·

Broadband Tech > Security > Security Cleanup > [Rootkit] I give up - redirect / Malware? virus? Trojan? Rootkit

[Rootkit] I give up - redirect / Malware? virus? Trojan? Rootkit

Re: [Rootkit] I give up - redirect / Malware? virus? Trojan? Roo