Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

/Boo.sinowal.F

Started by strykerofchaos , Aug 14 2010 08:52 AM

  • This topic is locked This topic is locked

#1
strykerofchaos
Posted 14 August 2010 - 08:52 AM

strykerofchaos

    Member

  • Member
  • PipPip
  • 56 posts
Today, while browsing my usual sites, my Avira began to go crazy. I run a scan, and it found /Boo.Sinowal.F
After I tried to delete it, it told me I had to download some root kit boot sector repair tool, and it failed miserably.

Edit: Operating System is Windows 7

I followed the Malware Removal Guide found right here and ran all of the recommended logs.

One issue I ran into before I post all the logs, is that when I ran GMER I got "C:\Windows\systems\config\system: The system cannot find the file specified" and then it did not allow me to check/uncheck anything besides the "Services" "Registry" "Files" "ADS" and "C:\" options. Everything else was grayed out and unselectable, so I was unable to get this log.


Here is my MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4427

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/14/2010 10:21:53 AM
mbam-log-2010-08-14 (10-21-53).txt

Scan type: Quick scan
Objects scanned: 142281
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997} (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome (Adware.ResultDns) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome.manifest (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\contents.rdf (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\install.rdf (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome\resultdns.jar (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Users\Cody\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Cody\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


After Running MBAM, Avira still found the infection, so I ran MBAM again and it was clean. I then ran GMER (see issues above) and then OTL (found below)
OTL File
OTL logfile created on: 8/14/2010 10:38:22 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Cody\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 296.94 Gb Free Space | 63.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNIHILATION
Current User Name: Cody
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/14 10:37:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cody\Desktop\OTL.exe
PRC - [2010/07/21 20:40:35 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/08 14:10:56 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
PRC - [2010/02/26 01:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Cody\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/12/27 23:25:28 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/12 15:43:30 | 002,158,592 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
PRC - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2010/08/14 10:37:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cody\Desktop\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 10:41:00 | 051,456,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV:64bit: - [2010/01/09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/02 23:27:37 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/12/07 13:10:38 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/10/07 04:49:27 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 250(UVC)
DRV:64bit: - [2009/10/07 04:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 04:45:37 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/11 15:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/09/11 15:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/09/11 15:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/11 15:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/27 18:32:20 | 000,603,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/04/22 11:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV - [2007/03/16 10:11:20 | 000,015,648 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)
DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 FD 1E 98 EE 1A CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://highergroundp...m=hghellsgroup"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.7.1.3
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/21 20:40:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/21 20:40:36 | 000,000,000 | ---D | M]

[2009/12/27 23:26:08 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\Mozilla\Extensions
[2009/12/27 23:26:08 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/08/14 10:36:01 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\5c9a9ypy.default\extensions
[2010/07/03 16:40:00 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\5c9a9ypy.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/03/20 21:01:46 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\5c9a9ypy.default\extensions\[email protected]
[2010/08/14 10:36:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - Startup: C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Cody\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O4 - Startup: C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{80f7e005-2229-11df-b797-00241dd79bff}\Shell - "" = AutoRun
O33 - MountPoints2\{80f7e005-2229-11df-b797-00241dd79bff}\Shell\AutoRun\command - "" = E:\Launcher.exe -- File not found
O33 - MountPoints2\{80f7e024-2229-11df-b797-00241dd79bff}\Shell - "" = AutoRun
O33 - MountPoints2\{80f7e024-2229-11df-b797-00241dd79bff}\Shell\AutoRun\command - "" = F:\Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/14 10:37:24 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Cody\Desktop\OTL.exe
[2010/08/14 10:32:19 | 000,000,000 | ---D | C] -- C:\Users\Cody\Desktop\gmer
[2010/08/14 10:18:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/14 10:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/14 10:17:04 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Cody\Desktop\erunt_setup.exe
[2010/08/14 10:10:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Cody\Desktop\TFC.exe
[2010/08/14 09:27:46 | 000,000,000 | ---D | C] -- C:\Users\Cody\AppData\Local\Windows Server
[2010/08/14 09:27:10 | 000,000,000 | ---D | C] -- C:\Users\Cody\AppData\Roaming\183C23F30C9C94C3DC7302BA6093E339
[2010/08/04 11:01:19 | 000,000,000 | ---D | C] -- C:\Users\Cody\Documents\My Digital Editions
[2010/08/04 11:01:08 | 000,000,000 | ---D | C] -- C:\Users\Cody\Documents\My Barnes & Noble eBooks
[2010/08/04 11:00:54 | 000,000,000 | ---D | C] -- C:\Users\Cody\AppData\Roaming\Barnes & Noble
[2010/08/04 11:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Barnes & Noble
[2010/08/04 11:00:10 | 020,428,216 | ---- | C] (Barnes & Noble, Inc.) -- C:\Users\Cody\Desktop\NOOKstudy.exe
[2010/07/29 13:26:17 | 000,000,000 | ---D | C] -- C:\Users\Cody\Documents\Guild Wars
[2010/07/29 13:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/07/29 13:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars
[2010/07/29 13:25:24 | 000,165,248 | ---- | C] (ArenaNet) -- C:\Users\Cody\Desktop\GwSetup.exe
[2010/07/27 08:48:38 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2010/07/23 18:54:49 | 000,000,000 | ---D | C] -- C:\Users\Cody\Documents\Dungeons and Dragons Online
[2010/07/23 18:50:48 | 000,000,000 | ---D | C] -- C:\Users\Cody\AppData\Roaming\Turbine
[2010/07/23 18:50:31 | 000,000,000 | ---D | C] -- C:\Users\Cody\AppData\Local\Turbine
[2010/07/23 18:44:33 | 000,000,000 | ---D | C] -- C:\Users\Cody\AppData\Local\ApplicationHistory
[2010/07/23 18:43:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2010/07/23 18:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine
[2010/07/23 17:06:32 | 000,000,000 | ---D | C] -- C:\Users\Cody\Desktop\DDO standard res install files
[2010/07/23 17:04:00 | 000,000,000 | ---D | C] -- C:\Users\Cody\AppData\Local\PMB Files
[2010/07/23 17:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/07/23 17:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2010/07/20 14:50:05 | 000,000,000 | ---D | C] -- C:\Users\Cody\Documents\CodeBlock
[2010/07/20 14:47:35 | 000,000,000 | ---D | C] -- C:\Users\Cody\AppData\Roaming\codeblocks
[2010/07/20 14:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CodeBlocks
[2010/07/20 14:44:50 | 074,027,949 | ---- | C] (The Code::Blocks Team) -- C:\Users\Cody\Desktop\codeblocks-10.05mingw-setup.exe
[2010/07/19 23:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
[2010/07/19 23:20:47 | 000,000,000 | ---D | C] -- C:\UDK
[2010/07/19 22:46:12 | 815,446,104 | ---- | C] (Epic Games, Inc.) -- C:\Users\Cody\Desktop\UDKInstall-2010-07-BETA.exe
[2010/07/19 20:08:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2010/07/19 20:06:03 | 006,238,105 | ---- | C] (CCCP Project ) -- C:\Users\Cody\Desktop\Combined-Community-Codec-Pack-2009-09-09.exe
[2010/07/15 15:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/07/15 15:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/07/15 15:27:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/15 15:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/07/15 15:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/07/15 15:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/07/15 15:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/07/15 15:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/07/15 15:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/07/15 15:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/07/15 15:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/15 15:25:27 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/07/15 14:20:01 | 000,000,000 | ---D | C] -- C:\Users\Cody\AppData\Roaming\Ubisoft
[2010/07/15 14:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2010/07/08 14:07:22 | 000,027,136 | ---- | C] (CPUID) -- C:\Windows\SysWow64\PCWizard.cpl
[2010/07/08 14:07:22 | 000,000,000 | ---D | C] -- C:\Windows\Java
[2010/07/08 14:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CPUID
[2010/07/06 12:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/07/06 12:32:16 | 000,000,000 | ---D | C] -- C:\Users\Cody\AppData\Roaming\uTorrent
[2010/07/03 16:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XfireXO
[2010/07/03 16:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/07/03 16:39:56 | 000,000,000 | ---D | C] -- C:\Users\Cody\AppData\Roaming\Xfire
[2010/07/03 16:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2010/07/03 16:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire
[2010/07/03 00:52:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010/07/03 00:52:47 | 000,000,000 | RH-D | C] -- C:\Users\Cody\AppData\Roaming\SecuROM
[2010/07/01 18:09:31 | 000,000,000 | ---D | C] -- C:\Users\Cody\Desktop\HG Web
[2010/06/28 19:53:56 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/06/28 19:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010/06/28 19:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/06/28 19:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/06/28 19:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/06/28 17:59:18 | 000,000,000 | ---D | C] -- C:\IUware Online
[2010/06/28 16:41:26 | 000,000,000 | ---D | C] -- C:\Users\Cody\Desktop\Adobe CS5
[2010/06/25 19:47:00 | 000,000,000 | ---D | C] -- C:\Users\Cody\AppData\Local\Logitech
[2010/06/25 19:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/06/19 09:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/06/10 10:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/05/22 13:29:51 | 000,000,000 | ---D | C] -- C:\Users\Cody\AppData\Local\banxgcdjx

========== Files - Modified Within 90 Days ==========

[2010/08/14 10:39:33 | 003,670,016 | -HS- | M] () -- C:\Users\Cody\ntuser.dat
[2010/08/14 10:37:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cody\Desktop\OTL.exe
[2010/08/14 10:31:58 | 000,284,915 | ---- | M] () -- C:\Users\Cody\Desktop\gmer.zip
[2010/08/14 10:31:09 | 000,015,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/14 10:31:09 | 000,015,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/14 10:24:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/14 10:23:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/14 10:23:46 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/14 10:22:31 | 005,675,704 | -H-- | M] () -- C:\Users\Cody\AppData\Local\IconCache.db
[2010/08/14 10:18:26 | 000,727,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/14 10:18:26 | 000,623,890 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/14 10:18:26 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/14 10:17:27 | 000,000,924 | ---- | M] () -- C:\Users\Cody\Desktop\NTREGOPT.lnk
[2010/08/14 10:17:27 | 000,000,905 | ---- | M] () -- C:\Users\Cody\Desktop\ERUNT.lnk
[2010/08/14 10:17:09 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Cody\Desktop\erunt_setup.exe
[2010/08/14 10:10:49 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Cody\Desktop\TFC.exe
[2010/08/14 10:03:32 | 000,524,288 | -HS- | M] () -- C:\Users\Cody\ntuser.dat{b080b1a8-a7a3-11df-b7fc-00241dd79bff}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 10:03:32 | 000,524,288 | -HS- | M] () -- C:\Users\Cody\ntuser.dat{b080b1a8-a7a3-11df-b7fc-00241dd79bff}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 10:03:32 | 000,065,536 | -HS- | M] () -- C:\Users\Cody\ntuser.dat{b080b1a8-a7a3-11df-b7fc-00241dd79bff}.TM.blf
[2010/08/14 09:30:42 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/08/12 17:28:15 | 000,014,059 | ---- | M] () -- C:\Users\Cody\Documents\References.docx
[2010/08/11 19:02:06 | 000,019,513 | ---- | M] () -- C:\Users\Cody\Desktop\Chelsea%201edited[1].docx
[2010/08/11 18:23:57 | 000,020,238 | ---- | M] () -- C:\Users\Cody\Desktop\From Myth to Legend.docx
[2010/08/10 00:40:41 | 000,020,836 | ---- | M] () -- C:\Users\Cody\Desktop\TheSunAlsoRisespaperdraft.docx
[2010/08/04 11:00:56 | 000,001,206 | ---- | M] () -- C:\Users\Cody\Desktop\NOOKstudy.lnk
[2010/08/04 11:00:36 | 020,428,216 | ---- | M] (Barnes & Noble, Inc.) -- C:\Users\Cody\Desktop\NOOKstudy.exe
[2010/08/03 08:07:53 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/08/02 21:43:19 | 003,403,943 | ---- | M] () -- C:\Users\Cody\Desktop\chords,_capos,_charts_and_more_2.0.pdf
[2010/07/29 19:49:47 | 000,693,481 | ---- | M] () -- C:\Users\Cody\Desktop\Miracle, Cody IUPUI.pdf
[2010/07/29 13:25:25 | 000,165,248 | ---- | M] (ArenaNet) -- C:\Users\Cody\Desktop\GwSetup.exe
[2010/07/29 09:07:40 | 000,066,121 | ---- | M] () -- C:\Users\Cody\Desktop\m2000-s2300-30rebate-july2010.pdf
[2010/07/27 09:21:49 | 000,000,046 | ---- | M] () -- C:\Users\Cody\jagex_runescape_preferences.dat
[2010/07/27 09:20:08 | 000,000,099 | ---- | M] () -- C:\Users\Cody\jagex_runescape_preferences2.dat
[2010/07/27 08:50:29 | 000,000,000 | ---- | M] () -- C:\Users\Cody\jagex__preferences3.dat
[2010/07/26 23:50:03 | 182,740,992 | ---- | M] () -- C:\Users\Cody\Desktop\Cops S01E01.avi
[2010/07/25 06:32:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/07/23 18:50:32 | 000,000,092 | ---- | M] () -- C:\Users\Cody\AppData\Local\fusioncache.dat
[2010/07/23 18:44:25 | 000,743,126 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/22 21:23:56 | 000,018,676 | ---- | M] () -- C:\Users\Cody\Documents\JagJobResume.docx
[2010/07/20 16:46:08 | 000,000,220 | ---- | M] () -- C:\Users\Cody\Desktop\X-COM UFO Defense.url
[2010/07/20 14:46:28 | 074,027,949 | ---- | M] (The Code::Blocks Team) -- C:\Users\Cody\Desktop\codeblocks-10.05mingw-setup.exe
[2010/07/19 23:19:47 | 145,562,500 | ---- | M] () -- C:\Users\Cody\Desktop\WhizzleSourceFinal.zip
[2010/07/19 23:19:42 | 815,446,104 | ---- | M] (Epic Games, Inc.) -- C:\Users\Cody\Desktop\UDKInstall-2010-07-BETA.exe
[2010/07/19 22:41:41 | 000,000,196 | ---- | M] () -- C:\Users\Cody\Desktop\Alien Swarm - SDK.url
[2010/07/19 22:28:01 | 000,000,203 | ---- | M] () -- C:\Users\Cody\Desktop\Unreal Development Kit.url
[2010/07/19 22:25:07 | 000,000,219 | ---- | M] () -- C:\Users\Cody\Desktop\Alien Swarm.url
[2010/07/19 20:06:12 | 006,238,105 | ---- | M] (CCCP Project ) -- C:\Users\Cody\Desktop\Combined-Community-Codec-Pack-2009-09-09.exe
[2010/07/18 19:22:44 | 000,109,792 | ---- | M] () -- C:\Users\Cody\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/15 21:52:00 | 004,973,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/15 15:25:59 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/07/13 23:59:47 | 000,000,221 | ---- | M] () -- C:\Users\Cody\Desktop\Assassin's Creed.url
[2010/07/12 21:37:25 | 000,080,239 | ---- | M] () -- C:\Users\Cody\Desktop\Master Promissory Note.pdf
[2010/07/09 15:04:40 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/07/09 15:04:40 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/07/06 12:32:30 | 000,000,967 | ---- | M] () -- C:\Users\Cody\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/06 12:32:30 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/07/06 02:12:40 | 000,000,220 | ---- | M] () -- C:\Users\Cody\Desktop\Titan Quest Immortal Throne.url
[2010/07/03 16:39:55 | 000,000,999 | ---- | M] () -- C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2010/07/03 16:39:55 | 000,000,987 | ---- | M] () -- C:\Users\Cody\Application Data\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk
[2010/07/03 16:39:55 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010/06/28 21:02:49 | 000,171,230 | ---- | M] () -- C:\Users\Cody\Documents\Forums.gif
[2010/06/27 19:40:02 | 000,011,380 | ---- | M] () -- C:\Users\Cody\Documents\HGEmail.docx
[2010/06/24 19:19:17 | 000,042,163 | ---- | M] () -- C:\Users\Cody\Desktop\LOST_SEASON_6_Complete.5631856.TPB.torrent
[2010/06/07 21:06:38 | 000,011,603 | ---- | M] () -- C:\Users\Cody\Documents\Appeal.docx

========== Files Created - No Company Name ==========

[2010/08/14 10:31:57 | 000,284,915 | ---- | C] () -- C:\Users\Cody\Desktop\gmer.zip
[2010/08/14 10:17:27 | 000,000,924 | ---- | C] () -- C:\Users\Cody\Desktop\NTREGOPT.lnk
[2010/08/14 10:17:27 | 000,000,905 | ---- | C] () -- C:\Users\Cody\Desktop\ERUNT.lnk
[2010/08/14 09:57:01 | 000,524,288 | -HS- | C] () -- C:\Users\Cody\ntuser.dat{b080b1a8-a7a3-11df-b7fc-00241dd79bff}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 09:57:01 | 000,524,288 | -HS- | C] () -- C:\Users\Cody\ntuser.dat{b080b1a8-a7a3-11df-b7fc-00241dd79bff}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 09:57:01 | 000,065,536 | -HS- | C] () -- C:\Users\Cody\ntuser.dat{b080b1a8-a7a3-11df-b7fc-00241dd79bff}.TM.blf
[2010/08/14 09:30:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/12 17:28:15 | 000,014,059 | ---- | C] () -- C:\Users\Cody\Documents\References.docx
[2010/08/11 19:02:03 | 000,019,513 | ---- | C] () -- C:\Users\Cody\Desktop\Chelsea%201edited[1].docx
[2010/08/11 18:23:56 | 000,020,238 | ---- | C] () -- C:\Users\Cody\Desktop\From Myth to Legend.docx
[2010/08/10 00:40:39 | 000,020,836 | ---- | C] () -- C:\Users\Cody\Desktop\TheSunAlsoRisespaperdraft.docx
[2010/08/04 11:00:56 | 000,001,206 | ---- | C] () -- C:\Users\Cody\Desktop\NOOKstudy.lnk
[2010/08/02 21:43:19 | 003,403,943 | ---- | C] () -- C:\Users\Cody\Desktop\chords,_capos,_charts_and_more_2.0.pdf
[2010/07/29 19:49:47 | 000,693,481 | ---- | C] () -- C:\Users\Cody\Desktop\Miracle, Cody IUPUI.pdf
[2010/07/29 09:07:40 | 000,066,121 | ---- | C] () -- C:\Users\Cody\Desktop\m2000-s2300-30rebate-july2010.pdf
[2010/07/27 08:50:29 | 000,000,099 | ---- | C] () -- C:\Users\Cody\jagex_runescape_preferences2.dat
[2010/07/27 08:50:29 | 000,000,000 | ---- | C] () -- C:\Users\Cody\jagex__preferences3.dat
[2010/07/27 08:48:50 | 000,000,046 | ---- | C] () -- C:\Users\Cody\jagex_runescape_preferences.dat
[2010/07/26 23:46:26 | 182,740,992 | ---- | C] () -- C:\Users\Cody\Desktop\Cops S01E01.avi
[2010/07/23 18:50:32 | 000,000,092 | ---- | C] () -- C:\Users\Cody\AppData\Local\fusioncache.dat
[2010/07/23 18:43:35 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/22 21:23:56 | 000,018,676 | ---- | C] () -- C:\Users\Cody\Documents\JagJobResume.docx
[2010/07/20 16:46:08 | 000,000,220 | ---- | C] () -- C:\Users\Cody\Desktop\X-COM UFO Defense.url
[2010/07/19 23:10:36 | 145,562,500 | ---- | C] () -- C:\Users\Cody\Desktop\WhizzleSourceFinal.zip
[2010/07/19 22:41:41 | 000,000,196 | ---- | C] () -- C:\Users\Cody\Desktop\Alien Swarm - SDK.url
[2010/07/19 22:28:01 | 000,000,203 | ---- | C] () -- C:\Users\Cody\Desktop\Unreal Development Kit.url
[2010/07/19 22:24:29 | 000,000,219 | ---- | C] () -- C:\Users\Cody\Desktop\Alien Swarm.url
[2010/07/13 23:59:47 | 000,000,221 | ---- | C] () -- C:\Users\Cody\Desktop\Assassin's Creed.url
[2010/07/12 21:37:24 | 000,080,239 | ---- | C] () -- C:\Users\Cody\Desktop\Master Promissory Note.pdf
[2010/07/09 15:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/07/09 15:04:40 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/07/06 12:32:30 | 000,000,967 | ---- | C] () -- C:\Users\Cody\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/06 12:32:30 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/07/06 02:12:40 | 000,000,220 | ---- | C] () -- C:\Users\Cody\Desktop\Titan Quest Immortal Throne.url
[2010/07/03 16:39:55 | 000,000,999 | ---- | C] () -- C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2010/07/03 16:39:55 | 000,000,987 | ---- | C] () -- C:\Users\Cody\Application Data\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk
[2010/07/03 16:39:55 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010/06/28 21:02:40 | 000,171,230 | ---- | C] () -- C:\Users\Cody\Documents\Forums.gif
[2010/06/27 19:34:20 | 000,011,380 | ---- | C] () -- C:\Users\Cody\Documents\HGEmail.docx
[2010/06/24 19:19:16 | 000,042,163 | ---- | C] () -- C:\Users\Cody\Desktop\LOST_SEASON_6_Complete.5631856.TPB.torrent
[2010/06/07 21:06:37 | 000,011,603 | ---- | C] () -- C:\Users\Cody\Documents\Appeal.docx
[2010/01/08 00:34:21 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 03:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 03:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 03:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/05/04 12:02:48 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\1304DBD39881998EFC670503810B716A
[2010/08/14 09:27:43 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\183C23F30C9C94C3DC7302BA6093E339
[2010/07/06 12:35:05 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\Azureus
[2010/08/04 11:00:54 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\Barnes & Noble
[2010/01/18 11:33:38 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\Bioshock
[2010/03/08 14:11:04 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/08/14 10:26:19 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\Dropbox
[2010/03/07 12:17:54 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\GetRightToGo
[2009/12/02 20:35:33 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\Leadertech
[2010/08/14 10:24:11 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\LimeWire
[2010/01/08 02:50:29 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/07/23 18:50:48 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\Turbine
[2010/07/15 14:20:01 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\Ubisoft
[2010/08/03 12:41:00 | 000,000,000 | ---D | M] -- C:\Users\Cody\AppData\Roaming\uTorrent
[2010/07/09 09:48:37 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/14 10:23:46 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/08/14 10:23:50 | 4290,240,512 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

OTL Extras
OTL Extras logfile created on: 8/14/2010 10:38:22 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Cody\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 296.94 Gb Free Space | 63.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNIHILATION
Current User Name: Cody
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = jsfile] -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe (Adobe Systems, Inc.)
.txt [@ = txtfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3E4D62B-A496-4B18-8087-2589DAB25494}" =
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"UDK-f523935d-48c3-42aa-b78a-081f5a051daa" = Unreal Development Kit: 2010-07

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09F4655B-C804-4AD0-B7DF-078E338F8F85}" = League of Legends
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin N Wireless USB Adapter Setup
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}" = Adobe Creative Suite 5 Design Premium
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE12677C-F7D2-45A8-BBF9-0FC0B972EDC3}" = League of Legends
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E7DF4F40-A0CE-430E-8B3B-DB7C8DF1C1A2}" = ActivePerl 5.10.1 Build 1006
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"dcmsvc_is1" = dcmsvc 1.0
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.30
"Guild Wars" = Guild Wars
"kSolo" = kSolo Recorder
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Neverwinter Nights™ Kingmaker" = BioWare Premium Module: Neverwinter Nights™ Kingmaker
"NOOKstudy" = NOOKstudy
"OpenAL" = OpenAL
"PC Wizard 2010_is1" = PC Wizard 2010.1.94
"PCSX2-beta-r1888" = PCSX2 - Playstation 2 Emulator
"SpeedFan" = SpeedFan (remove only)
"Steam App 13260" = Unreal Development Kit
"Steam App 15100" = Assassin's Creed
"Steam App 17460" = Mass Effect
"Steam App 18820" = Zero Gear
"Steam App 24980" = Mass Effect 2
"Steam App 440" = Team Fortress 2
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 630" = Alien Swarm
"Steam App 640" = Alien Swarm - SDK
"Steam App 7670" = BioShock
"Steam App 7760" = X-COM: UFO Defense
"Steam App 8980" = Borderlands
"uTorrent" = µTorrent
"Vtune_is1" = Vtune 7.5
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Dropbox" = Dropbox
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/10/2010 9:31:25 AM | Computer Name = Annihilation | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/10/2010 1:21:57 PM | Computer Name = Annihilation | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/10/2010 10:17:29 PM | Computer Name = Annihilation | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/10/2010 10:17:29 PM | Computer Name = Annihilation | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/11/2010 5:52:22 PM | Computer Name = Annihilation | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/11/2010 5:52:22 PM | Computer Name = Annihilation | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/11/2010 6:11:04 PM | Computer Name = Annihilation | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/11/2010 6:15:04 PM | Computer Name = Annihilation | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: xfire_toucan_43094.dll, version: 1.0.0.43094,
time stamp: 0x4c376f00 Exception code: 0xc0000005 Fault offset: 0x00074d89 Faulting
process id: 0xc88 Faulting application start time: 0x01cb39a2a59258d4 Faulting application
path: C:\Windows\SysWOW64\rundll32.exe Faulting module path: C:\Program Files (x86)\Xfire\xfire_toucan_43094.dll
Report
Id: e39292d6-a595-11df-907a-00241dd79bff

Error - 8/11/2010 8:49:03 PM | Computer Name = Annihilation | Source = Application Hang | ID = 1002
Description = The program nwmain.exe version 1.6.9.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 17b0 Start Time:
01cb39aca6881532 Termination Time: 31 Application Path: C:\NeverwinterNights\NWN\nwmain.exe

Report
Id: 65bd2ec7-a5ab-11df-907a-00241dd79bff

Error - 8/11/2010 11:45:28 PM | Computer Name = Annihilation | Source = Application Error | ID = 1000
Description = Faulting application name: ePSXe.exe, version: 0.0.0.0, time stamp:
0x483816fa Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdb3b Exception code: 0xc0000374 Fault offset: 0x000cdcbb Faulting process id:
0x14b8 Faulting application start time: 0x01cb39c66525df71 Faulting application path:
C:\Users\Cody\Desktop\Playstation 2 Awesomeness\epsxe170\ePSXe.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 0b98e5ae-a5c4-11df-907a-00241dd79bff

[ Media Center Events ]
Error - 12/6/2009 1:39:53 PM | Computer Name = Annihilation | Source = Microsoft-Windows-Media Center Extender | ID = 121
Description =

Error - 12/6/2009 1:41:59 PM | Computer Name = Annihilation | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

[ System Events ]
Error - 5/22/2010 1:40:58 PM | Computer Name = Annihilation | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Stereoscopic 3D Driver Service service failed to start
due to the following error: %%2

Error - 5/22/2010 1:46:53 PM | Computer Name = Annihilation | Source = Service Control Manager | ID = 7000
Description = The TBPanel service failed to start due to the following error: %%2

Error - 5/22/2010 2:12:59 PM | Computer Name = Annihilation | Source = BROWSER | ID = 8032
Description =

Error - 5/23/2010 4:23:02 PM | Computer Name = Annihilation | Source = Service Control Manager | ID = 7000
Description = The TBPanel service failed to start due to the following error: %%2

Error - 5/24/2010 10:05:57 AM | Computer Name = Annihilation | Source = Service Control Manager | ID = 7000
Description = The TBPanel service failed to start due to the following error: %%2

Error - 5/24/2010 11:45:03 PM | Computer Name = Annihilation | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:43:41 PM on ?5/?24/?2010 was unexpected.

Error - 5/24/2010 11:45:08 PM | Computer Name = Annihilation | Source = Service Control Manager | ID = 7000
Description = The TBPanel service failed to start due to the following error: %%2

Error - 5/24/2010 11:54:50 PM | Computer Name = Annihilation | Source = Service Control Manager | ID = 7000
Description = The TBPanel service failed to start due to the following error: %%2

Error - 5/25/2010 9:33:13 AM | Computer Name = Annihilation | Source = Service Control Manager | ID = 7000
Description = The TBPanel service failed to start due to the following error: %%2

Error - 5/26/2010 11:26:46 PM | Computer Name = Annihilation | Source = Service Control Manager | ID = 7000
Description = The TBPanel service failed to start due to the following error: %%2


< End of report >


Any help would be fantastic, thanks a ton.

Edited by strykerofchaos, 14 August 2010 - 08:56 AM.

  • 0

Advertisements

#2
azarl
Posted 28 August 2010 - 10:07 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi

Welcome to Geekstogo. I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

GMER doesn't run on 64bit machines, so we'll try some other things

»Firstly«
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

»Next«
Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#3
strykerofchaos
Posted 28 August 2010 - 10:18 AM

strykerofchaos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Thanks for the reply!
Here is the TDSS Killer log (Note: When it found the malicious file, there was no Cure option, just Skip and Quarantine. :)

2010/08/28 12:13:55.0176 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42
2010/08/28 12:13:55.0177 ================================================================================
2010/08/28 12:13:55.0177 SystemInfo:
2010/08/28 12:13:55.0177
2010/08/28 12:13:55.0177 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/28 12:13:55.0177 Product type: Workstation
2010/08/28 12:13:55.0177 ComputerName: IN-RH-CODMIRAC
2010/08/28 12:13:55.0177 UserName: Cody
2010/08/28 12:13:55.0177 Windows directory: C:\Windows
2010/08/28 12:13:55.0177 System windows directory: C:\Windows
2010/08/28 12:13:55.0177 Running under WOW64
2010/08/28 12:13:55.0177 Processor architecture: Intel x64
2010/08/28 12:13:55.0177 Number of processors: 8
2010/08/28 12:13:55.0177 Page size: 0x1000
2010/08/28 12:13:55.0177 Boot type: Normal boot
2010/08/28 12:13:55.0177 ================================================================================
2010/08/28 12:13:55.0177 Utility is running under WOW64, functionality is limited.
2010/08/28 12:13:55.0481 Initialize success
2010/08/28 12:13:56.0973 ================================================================================
2010/08/28 12:13:56.0973 Scan started
2010/08/28 12:13:56.0973 Mode: Manual;
2010/08/28 12:13:56.0973 ================================================================================
2010/08/28 12:13:57.0230 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/28 12:13:57.0275 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/28 12:13:57.0318 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/28 12:13:57.0352 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/28 12:13:57.0401 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/28 12:13:57.0463 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/28 12:13:57.0555 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/08/28 12:13:57.0614 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/28 12:13:57.0670 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/28 12:13:57.0698 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/28 12:13:57.0728 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/28 12:13:57.0762 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/28 12:13:57.0790 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/28 12:13:57.0821 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/28 12:13:57.0845 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/28 12:13:57.0921 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/08/28 12:13:58.0003 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/08/28 12:13:58.0038 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/28 12:13:58.0116 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/28 12:13:58.0162 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/28 12:13:58.0226 avgntflt (c30b5fc0adcdfba7668e99baf0cbf58e) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/08/28 12:13:58.0278 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/08/28 12:13:58.0322 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/08/28 12:13:58.0382 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/08/28 12:13:58.0447 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/28 12:13:58.0500 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/28 12:13:58.0531 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/28 12:13:58.0558 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/28 12:13:58.0608 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/08/28 12:13:58.0645 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/28 12:13:58.0682 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/28 12:13:58.0710 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/28 12:13:58.0745 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/28 12:13:58.0825 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
2010/08/28 12:13:58.0855 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/28 12:13:58.0909 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/28 12:13:58.0962 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/28 12:13:59.0015 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/08/28 12:13:59.0089 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/28 12:13:59.0141 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/28 12:13:59.0176 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/08/28 12:13:59.0217 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/28 12:13:59.0258 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/28 12:13:59.0352 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
2010/08/28 12:13:59.0397 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/28 12:13:59.0480 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/08/28 12:13:59.0522 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/08/28 12:13:59.0573 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/08/28 12:13:59.0650 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/08/28 12:13:59.0704 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/28 12:13:59.0802 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/08/28 12:13:59.0971 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/28 12:14:00.0050 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
2010/08/28 12:14:00.0076 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/28 12:14:00.0161 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/08/28 12:14:00.0202 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/08/28 12:14:00.0259 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/28 12:14:00.0317 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/08/28 12:14:00.0353 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/08/28 12:14:00.0411 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/28 12:14:00.0449 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/08/28 12:14:00.0500 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/08/28 12:14:00.0530 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/28 12:14:00.0578 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/28 12:14:00.0614 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/28 12:14:00.0694 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/28 12:14:00.0744 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/28 12:14:00.0779 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/08/28 12:14:00.0844 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/28 12:14:00.0880 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/28 12:14:00.0912 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/28 12:14:00.0954 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/28 12:14:01.0011 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/28 12:14:01.0095 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/28 12:14:01.0140 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/08/28 12:14:01.0195 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/28 12:14:01.0238 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/28 12:14:01.0284 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/28 12:14:01.0343 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/28 12:14:01.0431 IntcAzAudAddService (f734f6464e8b28712a9ec9eb447c5b92) C:\Windows\system32\drivers\RTKVHD64.sys
2010/08/28 12:14:01.0492 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/28 12:14:01.0535 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/28 12:14:01.0595 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/28 12:14:01.0652 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/28 12:14:01.0689 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/08/28 12:14:01.0750 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/08/28 12:14:01.0788 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/28 12:14:01.0830 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/28 12:14:01.0865 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/28 12:14:01.0901 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/28 12:14:01.0937 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/28 12:14:01.0976 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/28 12:14:02.0017 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/08/28 12:14:02.0131 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/28 12:14:02.0196 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/28 12:14:02.0236 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/28 12:14:02.0273 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/28 12:14:02.0301 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/28 12:14:02.0365 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/08/28 12:14:02.0435 lvpopf64 (b2085e335f2b57077b0cbadb6f1245cd) C:\Windows\system32\DRIVERS\lvpopf64.sys
2010/08/28 12:14:02.0490 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2010/08/28 12:14:02.0524 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2010/08/28 12:14:02.0562 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
2010/08/28 12:14:02.0686 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
2010/08/28 12:14:02.0845 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2010/08/28 12:14:02.0906 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/28 12:14:02.0956 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/28 12:14:03.0082 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/08/28 12:14:03.0119 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/28 12:14:03.0152 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/28 12:14:03.0180 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/28 12:14:03.0212 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/08/28 12:14:03.0245 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/28 12:14:03.0286 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/28 12:14:03.0337 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/08/28 12:14:03.0394 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/28 12:14:03.0441 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/28 12:14:03.0492 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/28 12:14:03.0524 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/28 12:14:03.0566 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/28 12:14:03.0614 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/08/28 12:14:03.0647 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/28 12:14:03.0676 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/28 12:14:03.0737 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/28 12:14:03.0768 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/28 12:14:03.0801 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/08/28 12:14:03.0844 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/08/28 12:14:03.0885 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/28 12:14:03.0914 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/08/28 12:14:03.0941 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/28 12:14:03.0973 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/08/28 12:14:04.0040 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/28 12:14:04.0097 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/08/28 12:14:04.0146 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/28 12:14:04.0182 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/28 12:14:04.0226 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/28 12:14:04.0260 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/28 12:14:04.0292 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/08/28 12:14:04.0320 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/28 12:14:04.0354 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/28 12:14:04.0464 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/28 12:14:04.0521 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/08/28 12:14:04.0560 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/28 12:14:04.0615 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/08/28 12:14:04.0665 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/08/28 12:14:04.0866 nvlddmkm (325520227cc568052ae1d7ad49d90951) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/28 12:14:05.0181 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/28 12:14:05.0228 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/28 12:14:05.0290 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/28 12:14:05.0324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/28 12:14:05.0438 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/08/28 12:14:05.0480 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/08/28 12:14:05.0537 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/08/28 12:14:05.0569 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/28 12:14:05.0607 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/28 12:14:05.0646 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/08/28 12:14:05.0685 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/08/28 12:14:05.0821 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS
2010/08/28 12:14:06.0148 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/28 12:14:06.0181 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/08/28 12:14:06.0250 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/28 12:14:06.0308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/28 12:14:06.0383 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/28 12:14:06.0431 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/28 12:14:06.0461 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/28 12:14:06.0489 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/28 12:14:06.0528 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/28 12:14:06.0573 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/28 12:14:06.0606 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/28 12:14:06.0651 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/28 12:14:06.0695 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/28 12:14:06.0727 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/28 12:14:06.0765 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/28 12:14:06.0801 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/28 12:14:06.0828 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/08/28 12:14:06.0872 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/08/28 12:14:06.0988 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/28 12:14:07.0038 RTL8023x64 (04c2d5bd8d0776320230978a0aec3bd0) C:\Windows\system32\DRIVERS\Rtnic64.sys
2010/08/28 12:14:07.0093 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/08/28 12:14:07.0143 RTL8192su (b652c69023b9bdfde007f01e2e3f778c) C:\Windows\system32\DRIVERS\RTL8192su.sys
2010/08/28 12:14:07.0217 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/28 12:14:07.0263 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/28 12:14:07.0334 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/08/28 12:14:07.0413 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/28 12:14:07.0442 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/08/28 12:14:07.0485 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/28 12:14:07.0554 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/28 12:14:07.0582 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/28 12:14:07.0608 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/28 12:14:07.0637 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/28 12:14:07.0701 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/28 12:14:07.0732 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/28 12:14:07.0774 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/08/28 12:14:07.0863 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/08/28 12:14:07.0964 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys
2010/08/28 12:14:08.0024 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/28 12:14:08.0079 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/28 12:14:08.0170 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/28 12:14:08.0223 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/28 12:14:08.0429 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/08/28 12:14:08.0501 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/28 12:14:08.0549 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/28 12:14:08.0588 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/08/28 12:14:08.0622 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/08/28 12:14:08.0660 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/28 12:14:08.0707 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/28 12:14:08.0802 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/28 12:14:08.0838 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/28 12:14:08.0871 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/28 12:14:08.0919 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/28 12:14:09.0007 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/28 12:14:09.0039 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/28 12:14:09.0088 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/28 12:14:09.0146 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
2010/08/28 12:14:09.0201 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/08/28 12:14:09.0246 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/28 12:14:09.0288 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/28 12:14:09.0323 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/28 12:14:09.0369 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/28 12:14:09.0419 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/28 12:14:09.0468 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/28 12:14:09.0504 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/28 12:14:09.0537 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/28 12:14:09.0567 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/28 12:14:09.0637 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/28 12:14:09.0731 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
2010/08/28 12:14:09.0774 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/28 12:14:09.0816 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/28 12:14:09.0855 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/08/28 12:14:09.0893 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/28 12:14:09.0938 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/28 12:14:09.0976 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/28 12:14:10.0016 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/08/28 12:14:10.0058 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/28 12:14:10.0096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/28 12:14:10.0155 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/08/28 12:14:10.0232 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/28 12:14:10.0273 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/28 12:14:10.0292 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/28 12:14:10.0406 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/08/28 12:14:10.0452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/28 12:14:10.0571 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/28 12:14:10.0604 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/08/28 12:14:10.0738 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/28 12:14:10.0816 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
2010/08/28 12:14:10.0872 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
2010/08/28 12:14:10.0913 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/28 12:14:10.0990 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
2010/08/28 12:14:11.0019 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
2010/08/28 12:14:11.0087 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/28 12:14:11.0180 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/08/28 12:14:11.0225 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/28 12:14:11.0325 \HardDisk0\MBR - detected Backdoor.Win32.Sinowal.knf (0)
2010/08/28 12:14:11.0328 ================================================================================
2010/08/28 12:14:11.0328 Scan finished
2010/08/28 12:14:11.0328 ================================================================================
2010/08/28 12:14:11.0337 Detected object count: 1
2010/08/28 12:14:44.0805 Backdoor.Win32.Sinowal.knf(\HardDisk0\MBR) - User select action: Skip


Here is my MBR Check

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: P55M-UD2
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 195):
0x02E17000 \SystemRoot\system32\ntoskrnl.exe
0x033F3000 \SystemRoot\system32\hal.dll
0x00BA2000 \SystemRoot\system32\kdcom.dll
0x00CF4000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D38000 \SystemRoot\system32\PSHED.dll
0x00D4C000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E27000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ECB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDA000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F31000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F3A000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F44000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F77000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F84000 \SystemRoot\System32\drivers\partmgr.sys
0x00F99000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x010FB000 \SystemRoot\System32\drivers\volmgrx.sys
0x01157000 \SystemRoot\system32\DRIVERS\pciide.sys
0x0115E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0116E000 \SystemRoot\System32\drivers\mountmgr.sys
0x01188000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01191000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x011BB000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01202000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01060000 \SystemRoot\System32\Drivers\msrpc.sys
0x013A5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0146D000 \SystemRoot\System32\Drivers\cng.sys
0x014E0000 \SystemRoot\System32\drivers\pcw.sys
0x014F1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014FB000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x013BF000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x00FAE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x00DAA000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01460000 \SystemRoot\System32\Drivers\spldr.sys
0x015ED000 \SystemRoot\SysWOW64\speedfan.sys
0x010BE000 \SystemRoot\System32\drivers\rdyboost.sys
0x013EA000 \SystemRoot\System32\Drivers\mup.sys
0x015F4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x011C6000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x00E00000 \SystemRoot\system32\DRIVERS\disk.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02B08000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02B32000 \SystemRoot\System32\Drivers\Null.SYS
0x02B3B000 \SystemRoot\System32\Drivers\Beep.SYS
0x02B42000 \SystemRoot\System32\drivers\vga.sys
0x02B50000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02B75000 \SystemRoot\System32\drivers\watchdog.sys
0x02B85000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02B8E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02B97000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02BA0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02BAB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02BBC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02BDA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02A00000 \SystemRoot\system32\drivers\afd.sys
0x02A8A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02ACF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03EEB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03F11000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03F20000 \SystemRoot\system32\DRIVERS\serial.sys
0x03F3D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03F58000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03F6C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03FBD000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03FC9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03FD4000 \SystemRoot\System32\drivers\discache.sys
0x03E00000 \SystemRoot\System32\Drivers\dfsc.sys
0x03E1E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03E2F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03E55000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0FCAA000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x109B8000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0409E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04192000 \SystemRoot\System32\drivers\dxgmms1.sys
0x041D8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04056000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04067000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x109BA000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0408B000 \SystemRoot\system32\DRIVERS\Rtnic64.sys
0x0FC00000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x041E5000 \SystemRoot\system32\DRIVERS\serenum.sys
0x041F1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0FC3E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0FC4E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0FC64000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0FC88000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03E6B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E9A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03EB5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03FE3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0FC94000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x109EC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x041FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0466E000 \SystemRoot\system32\DRIVERS\ks.sys
0x046B1000 \SystemRoot\system32\drivers\WmBEnum.sys
0x046B6000 \SystemRoot\system32\drivers\WmXlCore.sys
0x046C8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x046DA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04734000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05628000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x057AB000 \SystemRoot\system32\drivers\portcls.sys
0x05600000 \SystemRoot\system32\drivers\drmk.sys
0x05622000 \SystemRoot\system32\drivers\ksthunk.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x057E8000 \SystemRoot\System32\drivers\Dxapi.sys
0x04749000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x04766000 \SystemRoot\System32\Drivers\crashdmp.sys
0x057F4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04774000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0477D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04790000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0479E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x047B7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x047C0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x047C2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x047CF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x006E0000 \SystemRoot\System32\cdd.dll
0x047DD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x00810000 \SystemRoot\System32\ATMFD.DLL
0x04600000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0460E000 \SystemRoot\system32\drivers\luafv.sys
0x04631000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0464C000 \SystemRoot\system32\drivers\WudfPf.sys
0x03ED6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05893000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x058E6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x058F9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05CF8000 \SystemRoot\system32\DRIVERS\LV302V64.SYS
0x05C00000 \SystemRoot\system32\drivers\HTTP.sys
0x05CC8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05F97000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05FAF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05911000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05FDC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05CE6000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x0595F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x066FD000 \SystemRoot\system32\drivers\peauth.sys
0x067A3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x067AE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x067DB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06AB2000 \SystemRoot\System32\DRIVERS\srv.sys
0x06B48000 \SystemRoot\system32\drivers\tdtcp.sys
0x06B53000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x06B62000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x06B9A000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
0x06BA4000 \SystemRoot\system32\drivers\WmVirHid.sys
0x06BA7000 \??\C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
0x06A71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77030000 \Windows\System32\ntdll.dll
0x47F80000 \Windows\System32\smss.exe
0xFF350000 \Windows\System32\apisetschema.dll
0xFF900000 \Windows\System32\autochk.exe
0xFF230000 \Windows\System32\msctf.dll
0xFF0B0000 \Windows\System32\urlmon.dll
0xFEF80000 \Windows\System32\wininet.dll
0xFEEE0000 \Windows\System32\msvcrt.dll
0xFEEB0000 \Windows\System32\imm32.dll
0xFEE60000 \Windows\System32\ws2_32.dll
0xFEE40000 \Windows\System32\sechost.dll
0x76F30000 \Windows\System32\user32.dll
0xFEE30000 \Windows\System32\nsi.dll
0x76E10000 \Windows\System32\kernel32.dll
0xFEC20000 \Windows\System32\ole32.dll
0xFEBD0000 \Windows\System32\Wldap32.dll
0xFEAF0000 \Windows\System32\oleaut32.dll
0xFEAD0000 \Windows\System32\imagehlp.dll
0xFE9A0000 \Windows\System32\rpcrt4.dll
0xFDC10000 \Windows\System32\shell32.dll
0x77200000 \Windows\System32\psapi.dll
0xFDB30000 \Windows\System32\advapi32.dll
0xFDA90000 \Windows\System32\comdlg32.dll
0xFDA10000 \Windows\System32\difxapi.dll
0xFD940000 \Windows\System32\usp10.dll
0xFD760000 \Windows\System32\setupapi.dll
0xFD750000 \Windows\System32\lpk.dll
0xFD6B0000 \Windows\System32\clbcatq.dll
0xFD630000 \Windows\System32\shlwapi.dll
0xFD5C0000 \Windows\System32\gdi32.dll
0xFD360000 \Windows\System32\iertutil.dll
0x771F0000 \Windows\System32\normaliz.dll
0xFD2C0000 \Windows\System32\comctl32.dll
0xFD280000 \Windows\System32\wintrust.dll
0xFD260000 \Windows\System32\devobj.dll
0xFD0F0000 \Windows\System32\crypt32.dll
0xFD080000 \Windows\System32\KernelBase.dll
0xFD040000 \Windows\System32\cfgmgr32.dll
0xFD030000 \Windows\System32\msasn1.dll
0x76160000 \Windows\SysWOW64\normaliz.dll

Processes (total 69):
0 System Idle Process
4 System
308 C:\Windows\System32\smss.exe
444 csrss.exe
520 C:\Windows\System32\wininit.exe
544 csrss.exe
588 C:\Windows\System32\services.exe
600 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\nvvsvc.exe
852 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
332 C:\Windows\System32\winlogon.exe
368 C:\Windows\System32\audiodg.exe
836 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\nvvsvc.exe
1436 C:\Windows\System32\spoolsv.exe
1464 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1496 C:\Windows\System32\svchost.exe
1656 C:\Windows\SysWOW64\svchost.exe
1676 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1700 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1720 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1780 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1852 LVPrS64H.exe
1932 C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
1960 C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
2008 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1380 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2872 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\taskhost.exe
2384 C:\Windows\System32\dwm.exe
1296 C:\Windows\explorer.exe
2972 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2380 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
240 C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
3108 C:\Program Files (x86)\Skype\Phone\Skype.exe
3196 C:\Program Files (x86)\Vtune\TBPANEL.exe
3232 C:\Program Files (x86)\Steam\Steam.exe
3248 C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
3264 C:\Windows\System32\StikyNot.exe
3328 C:\Users\Cody\AppData\Roaming\Dropbox\bin\Dropbox.exe
3356 C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
3628 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3768 C:\Windows\System32\SearchIndexer.exe
3820 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3836 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
3888 C:\Program Files (x86)\dcmsvc\dcmsvc.exe
3904 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
3932 WmiPrvSE.exe
3184 C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
3156 C:\Program Files\iPod\bin\iPodService.exe
1880 C:\Windows\System32\svchost.exe
4168 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
4660 C:\Program Files\Windows Media Player\wmpnetwk.exe
5044 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\taskhost.exe
5140 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1544 C:\Windows\System32\SearchProtocolHost.exe
5948 C:\Windows\System32\SearchFilterHost.exe
4348 C:\Windows\SysWOW64\dllhost.exe
4296 C:\Windows\System32\SearchProtocolHost.exe
5064 C:\Users\Cody\Desktop\MBRCheck.exe
1300 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-00D2B0, Rev: 12.01C02

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 8B620CA42A32A7CCEA767CD81D9B43DAB82BA913


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#4
azarl
Posted 28 August 2010 - 10:30 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Things work a bit differently under 64Bit

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:


Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):


Enter 0 and press Enter

The following dialog will be presented:

Available MBR codes:
[ 0] Default
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive:


Enter 0 and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:


Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit...


Press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#5
strykerofchaos
Posted 28 August 2010 - 10:36 AM

strykerofchaos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: P55M-UD2
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 195):
0x02E17000 \SystemRoot\system32\ntoskrnl.exe
0x033F3000 \SystemRoot\system32\hal.dll
0x00BA2000 \SystemRoot\system32\kdcom.dll
0x00CF4000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D38000 \SystemRoot\system32\PSHED.dll
0x00D4C000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E27000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ECB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDA000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F31000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F3A000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F44000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F77000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F84000 \SystemRoot\System32\drivers\partmgr.sys
0x00F99000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x010FB000 \SystemRoot\System32\drivers\volmgrx.sys
0x01157000 \SystemRoot\system32\DRIVERS\pciide.sys
0x0115E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0116E000 \SystemRoot\System32\drivers\mountmgr.sys
0x01188000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01191000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x011BB000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01202000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01060000 \SystemRoot\System32\Drivers\msrpc.sys
0x013A5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0146D000 \SystemRoot\System32\Drivers\cng.sys
0x014E0000 \SystemRoot\System32\drivers\pcw.sys
0x014F1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014FB000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x013BF000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x00FAE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x00DAA000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01460000 \SystemRoot\System32\Drivers\spldr.sys
0x015ED000 \SystemRoot\SysWOW64\speedfan.sys
0x010BE000 \SystemRoot\System32\drivers\rdyboost.sys
0x013EA000 \SystemRoot\System32\Drivers\mup.sys
0x015F4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x011C6000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x00E00000 \SystemRoot\system32\DRIVERS\disk.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02B08000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02B32000 \SystemRoot\System32\Drivers\Null.SYS
0x02B3B000 \SystemRoot\System32\Drivers\Beep.SYS
0x02B42000 \SystemRoot\System32\drivers\vga.sys
0x02B50000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02B75000 \SystemRoot\System32\drivers\watchdog.sys
0x02B85000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02B8E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02B97000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02BA0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02BAB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02BBC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02BDA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02A00000 \SystemRoot\system32\drivers\afd.sys
0x02A8A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02ACF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03EEB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03F11000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03F20000 \SystemRoot\system32\DRIVERS\serial.sys
0x03F3D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03F58000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03F6C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03FBD000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03FC9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03FD4000 \SystemRoot\System32\drivers\discache.sys
0x03E00000 \SystemRoot\System32\Drivers\dfsc.sys
0x03E1E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03E2F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03E55000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0FCAA000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x109B8000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0409E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04192000 \SystemRoot\System32\drivers\dxgmms1.sys
0x041D8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04056000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04067000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x109BA000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0408B000 \SystemRoot\system32\DRIVERS\Rtnic64.sys
0x0FC00000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x041E5000 \SystemRoot\system32\DRIVERS\serenum.sys
0x041F1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0FC3E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0FC4E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0FC64000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0FC88000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03E6B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E9A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03EB5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03FE3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0FC94000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x109EC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x041FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0466E000 \SystemRoot\system32\DRIVERS\ks.sys
0x046B1000 \SystemRoot\system32\drivers\WmBEnum.sys
0x046B6000 \SystemRoot\system32\drivers\WmXlCore.sys
0x046C8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x046DA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04734000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05628000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x057AB000 \SystemRoot\system32\drivers\portcls.sys
0x05600000 \SystemRoot\system32\drivers\drmk.sys
0x05622000 \SystemRoot\system32\drivers\ksthunk.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x057E8000 \SystemRoot\System32\drivers\Dxapi.sys
0x04749000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x04766000 \SystemRoot\System32\Drivers\crashdmp.sys
0x057F4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04774000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0477D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04790000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0479E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x047B7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x047C0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x047C2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x047CF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x006E0000 \SystemRoot\System32\cdd.dll
0x047DD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x00810000 \SystemRoot\System32\ATMFD.DLL
0x04600000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0460E000 \SystemRoot\system32\drivers\luafv.sys
0x04631000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0464C000 \SystemRoot\system32\drivers\WudfPf.sys
0x03ED6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05893000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x058E6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x058F9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05CF8000 \SystemRoot\system32\DRIVERS\LV302V64.SYS
0x05C00000 \SystemRoot\system32\drivers\HTTP.sys
0x05CC8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05F97000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05FAF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05911000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05FDC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05CE6000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x0595F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x066FD000 \SystemRoot\system32\drivers\peauth.sys
0x067A3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x067AE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x067DB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06AB2000 \SystemRoot\System32\DRIVERS\srv.sys
0x06B48000 \SystemRoot\system32\drivers\tdtcp.sys
0x06B53000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x06B62000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x06B9A000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
0x06BA4000 \SystemRoot\system32\drivers\WmVirHid.sys
0x06BA7000 \??\C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
0x06A71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77030000 \Windows\System32\ntdll.dll
0x47F80000 \Windows\System32\smss.exe
0xFF350000 \Windows\System32\apisetschema.dll
0xFF900000 \Windows\System32\autochk.exe
0xFF230000 \Windows\System32\msctf.dll
0xFF0B0000 \Windows\System32\urlmon.dll
0xFEF80000 \Windows\System32\wininet.dll
0xFEEE0000 \Windows\System32\msvcrt.dll
0xFEEB0000 \Windows\System32\imm32.dll
0xFEE60000 \Windows\System32\ws2_32.dll
0xFEE40000 \Windows\System32\sechost.dll
0x76F30000 \Windows\System32\user32.dll
0xFEE30000 \Windows\System32\nsi.dll
0x76E10000 \Windows\System32\kernel32.dll
0xFEC20000 \Windows\System32\ole32.dll
0xFEBD0000 \Windows\System32\Wldap32.dll
0xFEAF0000 \Windows\System32\oleaut32.dll
0xFEAD0000 \Windows\System32\imagehlp.dll
0xFE9A0000 \Windows\System32\rpcrt4.dll
0xFDC10000 \Windows\System32\shell32.dll
0x77200000 \Windows\System32\psapi.dll
0xFDB30000 \Windows\System32\advapi32.dll
0xFDA90000 \Windows\System32\comdlg32.dll
0xFDA10000 \Windows\System32\difxapi.dll
0xFD940000 \Windows\System32\usp10.dll
0xFD760000 \Windows\System32\setupapi.dll
0xFD750000 \Windows\System32\lpk.dll
0xFD6B0000 \Windows\System32\clbcatq.dll
0xFD630000 \Windows\System32\shlwapi.dll
0xFD5C0000 \Windows\System32\gdi32.dll
0xFD360000 \Windows\System32\iertutil.dll
0x771F0000 \Windows\System32\normaliz.dll
0xFD2C0000 \Windows\System32\comctl32.dll
0xFD280000 \Windows\System32\wintrust.dll
0xFD260000 \Windows\System32\devobj.dll
0xFD0F0000 \Windows\System32\crypt32.dll
0xFD080000 \Windows\System32\KernelBase.dll
0xFD040000 \Windows\System32\cfgmgr32.dll
0xFD030000 \Windows\System32\msasn1.dll
0x76160000 \Windows\SysWOW64\normaliz.dll

Processes (total 68):
0 System Idle Process
4 System
308 C:\Windows\System32\smss.exe
444 csrss.exe
520 C:\Windows\System32\wininit.exe
544 csrss.exe
588 C:\Windows\System32\services.exe
600 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\nvvsvc.exe
852 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
332 C:\Windows\System32\winlogon.exe
836 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\nvvsvc.exe
1436 C:\Windows\System32\spoolsv.exe
1464 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1496 C:\Windows\System32\svchost.exe
1656 C:\Windows\SysWOW64\svchost.exe
1676 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1700 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1720 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1780 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1852 LVPrS64H.exe
1932 C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
1960 C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
2008 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1380 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2872 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\taskhost.exe
2384 C:\Windows\System32\dwm.exe
1296 C:\Windows\explorer.exe
2972 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2380 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
240 C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
3108 C:\Program Files (x86)\Skype\Phone\Skype.exe
3196 C:\Program Files (x86)\Vtune\TBPANEL.exe
3232 C:\Program Files (x86)\Steam\Steam.exe
3248 C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
3264 C:\Windows\System32\StikyNot.exe
3328 C:\Users\Cody\AppData\Roaming\Dropbox\bin\Dropbox.exe
3356 C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
3628 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3768 C:\Windows\System32\SearchIndexer.exe
3820 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3836 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
3888 C:\Program Files (x86)\dcmsvc\dcmsvc.exe
3904 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
3932 WmiPrvSE.exe
3184 C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
3156 C:\Program Files\iPod\bin\iPodService.exe
1880 C:\Windows\System32\svchost.exe
4168 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
4660 C:\Program Files\Windows Media Player\wmpnetwk.exe
5044 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\taskhost.exe
5140 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5848 C:\Windows\System32\audiodg.exe
4564 C:\Windows\System32\SearchProtocolHost.exe
4804 C:\Windows\System32\SearchFilterHost.exe
2036 C:\Users\Cody\Desktop\MBRCheck.exe
5748 C:\Windows\System32\conhost.exe
5416 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-00D2B0, Rev: 12.01C02

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 8B620CA42A32A7CCEA767CD81D9B43DAB82BA913


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 0
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
  • 0

#6
azarl
Posted 28 August 2010 - 10:37 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Can you run TDSSKiller again please and post the log
  • 0

#7
strykerofchaos
Posted 28 August 2010 - 10:42 AM

strykerofchaos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Yep, sure can. Here you go! Again, no 'Cure' option. :)

2010/08/28 12:39:31.0203 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42
2010/08/28 12:39:31.0203 ================================================================================
2010/08/28 12:39:31.0203 SystemInfo:
2010/08/28 12:39:31.0203
2010/08/28 12:39:31.0203 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/28 12:39:31.0203 Product type: Workstation
2010/08/28 12:39:31.0203 ComputerName: IN-RH-CODMIRAC
2010/08/28 12:39:31.0203 UserName: Cody
2010/08/28 12:39:31.0203 Windows directory: C:\Windows
2010/08/28 12:39:31.0203 System windows directory: C:\Windows
2010/08/28 12:39:31.0203 Running under WOW64
2010/08/28 12:39:31.0204 Processor architecture: Intel x64
2010/08/28 12:39:31.0204 Number of processors: 8
2010/08/28 12:39:31.0204 Page size: 0x1000
2010/08/28 12:39:31.0204 Boot type: Normal boot
2010/08/28 12:39:31.0204 ================================================================================
2010/08/28 12:39:31.0204 Utility is running under WOW64, functionality is limited.
2010/08/28 12:39:35.0880 Initialize success
2010/08/28 12:39:38.0192 ================================================================================
2010/08/28 12:39:38.0192 Scan started
2010/08/28 12:39:38.0192 Mode: Manual;
2010/08/28 12:39:38.0192 ================================================================================
2010/08/28 12:40:02.0118 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/28 12:40:03.0105 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/28 12:40:03.0881 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/28 12:40:04.0157 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/28 12:40:04.0489 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/28 12:40:04.0959 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/28 12:40:05.0176 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/08/28 12:40:05.0226 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/28 12:40:05.0275 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/28 12:40:05.0302 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/28 12:40:05.0332 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/28 12:40:05.0375 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/28 12:40:05.0411 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/28 12:40:05.0450 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/28 12:40:05.0471 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/28 12:40:05.0533 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/08/28 12:40:05.0608 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/08/28 12:40:05.0634 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/28 12:40:05.0704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/28 12:40:05.0733 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/28 12:40:05.0780 avgntflt (c30b5fc0adcdfba7668e99baf0cbf58e) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/08/28 12:40:05.0883 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/08/28 12:40:06.0002 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/08/28 12:40:06.0311 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/08/28 12:40:06.0564 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/28 12:40:06.0763 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/28 12:40:07.0177 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/28 12:40:07.0395 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/28 12:40:07.0512 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/08/28 12:40:07.0558 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/28 12:40:07.0603 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/28 12:40:07.0631 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/28 12:40:07.0666 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/28 12:40:07.0738 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
2010/08/28 12:40:07.0776 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/28 12:40:07.0830 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/28 12:40:07.0883 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/28 12:40:07.0936 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/08/28 12:40:08.0060 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/28 12:40:08.0121 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/28 12:40:08.0180 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/08/28 12:40:08.0238 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/28 12:40:08.0279 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/28 12:40:08.0381 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
2010/08/28 12:40:08.0409 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/28 12:40:08.0493 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/08/28 12:40:08.0543 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/08/28 12:40:08.0602 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/08/28 12:40:08.0671 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/08/28 12:40:08.0734 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/28 12:40:08.0815 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/08/28 12:40:08.0950 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/28 12:40:09.0030 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
2010/08/28 12:40:09.0081 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/28 12:40:09.0141 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/08/28 12:40:09.0181 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/08/28 12:40:09.0221 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/28 12:40:09.0297 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/08/28 12:40:09.0332 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/08/28 12:40:09.0390 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/28 12:40:09.0428 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/08/28 12:40:09.0513 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/08/28 12:40:09.0551 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/28 12:40:09.0599 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/28 12:40:09.0660 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/28 12:40:09.0749 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/28 12:40:09.0791 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/28 12:40:09.0826 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/08/28 12:40:09.0874 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/28 12:40:09.0918 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/28 12:40:09.0951 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/28 12:40:10.0026 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/28 12:40:10.0124 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/28 12:40:10.0200 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/28 12:40:10.0245 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/08/28 12:40:10.0300 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/28 12:40:10.0343 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/28 12:40:10.0381 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/28 12:40:10.0457 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/28 12:40:10.0545 IntcAzAudAddService (f734f6464e8b28712a9ec9eb447c5b92) C:\Windows\system32\drivers\RTKVHD64.sys
2010/08/28 12:40:10.0581 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/28 12:40:10.0616 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/28 12:40:10.0684 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/28 12:40:10.0749 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/28 12:40:10.0778 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/08/28 12:40:10.0829 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/08/28 12:40:10.0884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/28 12:40:10.0926 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/28 12:40:10.0970 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/28 12:40:10.0997 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/28 12:40:11.0042 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/28 12:40:11.0088 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/28 12:40:11.0121 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/08/28 12:40:11.0202 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/28 12:40:11.0267 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/28 12:40:11.0307 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/28 12:40:11.0344 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/28 12:40:11.0388 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/28 12:40:11.0420 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/08/28 12:40:11.0498 lvpopf64 (b2085e335f2b57077b0cbadb6f1245cd) C:\Windows\system32\DRIVERS\lvpopf64.sys
2010/08/28 12:40:11.0544 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2010/08/28 12:40:11.0585 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2010/08/28 12:40:11.0641 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
2010/08/28 12:40:11.0875 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
2010/08/28 12:40:12.0049 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2010/08/28 12:40:12.0168 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/28 12:40:12.0244 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/28 12:40:12.0461 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/08/28 12:40:12.0524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/28 12:40:12.0582 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/28 12:40:12.0618 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/28 12:40:12.0667 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/08/28 12:40:12.0726 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/28 12:40:12.0774 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/28 12:40:12.0858 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/08/28 12:40:12.0932 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/28 12:40:13.0029 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/28 12:40:13.0113 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/28 12:40:13.0154 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/28 12:40:13.0212 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/28 12:40:13.0260 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/08/28 12:40:13.0293 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/28 12:40:13.0322 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/28 12:40:13.0383 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/28 12:40:13.0414 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/28 12:40:13.0438 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/08/28 12:40:13.0473 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/08/28 12:40:13.0531 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/28 12:40:13.0569 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/08/28 12:40:13.0612 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/28 12:40:13.0653 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/08/28 12:40:13.0712 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/28 12:40:13.0777 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/08/28 12:40:13.0825 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/28 12:40:13.0870 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/28 12:40:13.0922 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/28 12:40:13.0956 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/28 12:40:14.0005 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/08/28 12:40:14.0033 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/28 12:40:14.0100 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/28 12:40:14.0201 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/28 12:40:14.0259 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/08/28 12:40:14.0372 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/28 12:40:14.0536 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/08/28 12:40:14.0636 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/08/28 12:40:14.0849 nvlddmkm (325520227cc568052ae1d7ad49d90951) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/28 12:40:14.0944 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/28 12:40:14.0991 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/28 12:40:15.0053 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/28 12:40:15.0078 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/28 12:40:15.0175 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/08/28 12:40:15.0218 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/08/28 12:40:15.0258 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/08/28 12:40:15.0290 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/28 12:40:15.0328 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/28 12:40:15.0367 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/08/28 12:40:15.0406 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/08/28 12:40:15.0534 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS
2010/08/28 12:40:15.0652 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/28 12:40:15.0686 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/08/28 12:40:15.0738 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/28 12:40:15.0796 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/28 12:40:15.0888 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/28 12:40:15.0927 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/28 12:40:15.0957 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/28 12:40:15.0993 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/28 12:40:16.0032 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/28 12:40:16.0078 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/28 12:40:16.0110 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/28 12:40:16.0155 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/28 12:40:16.0199 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/28 12:40:16.0231 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/28 12:40:16.0261 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/28 12:40:16.0306 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/28 12:40:16.0333 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/08/28 12:40:16.0377 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/08/28 12:40:16.0475 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/28 12:40:16.0525 RTL8023x64 (04c2d5bd8d0776320230978a0aec3bd0) C:\Windows\system32\DRIVERS\Rtnic64.sys
2010/08/28 12:40:16.0572 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/08/28 12:40:16.0631 RTL8192su (b652c69023b9bdfde007f01e2e3f778c) C:\Windows\system32\DRIVERS\RTL8192su.sys
2010/08/28 12:40:16.0688 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/28 12:40:16.0734 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/28 12:40:16.0797 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/08/28 12:40:16.0867 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/28 12:40:16.0913 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/08/28 12:40:16.0956 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/28 12:40:17.0025 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/28 12:40:17.0053 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/28 12:40:17.0138 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/28 12:40:17.0166 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/28 12:40:17.0231 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/28 12:40:17.0262 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/28 12:40:17.0303 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/08/28 12:40:17.0409 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/08/28 12:40:17.0493 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys
2010/08/28 12:40:17.0562 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/28 12:40:17.0633 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/28 12:40:17.0700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/28 12:40:17.0744 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/28 12:40:17.0942 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/08/28 12:40:18.0021 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/28 12:40:18.0070 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/28 12:40:18.0109 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/08/28 12:40:18.0135 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/08/28 12:40:18.0165 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/28 12:40:18.0211 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/28 12:40:18.0314 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/28 12:40:18.0351 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/28 12:40:18.0392 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/28 12:40:18.0431 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/28 12:40:18.0494 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/28 12:40:18.0527 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/28 12:40:18.0576 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/28 12:40:18.0634 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
2010/08/28 12:40:18.0689 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/08/28 12:40:18.0725 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/28 12:40:18.0759 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/28 12:40:18.0794 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/28 12:40:18.0841 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/28 12:40:18.0898 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/28 12:40:18.0940 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/28 12:40:18.0967 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/28 12:40:18.0991 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/28 12:40:19.0029 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/28 12:40:19.0099 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/28 12:40:19.0193 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
2010/08/28 12:40:19.0236 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/28 12:40:19.0279 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/28 12:40:19.0310 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/08/28 12:40:19.0348 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/28 12:40:19.0401 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/28 12:40:19.0439 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/28 12:40:19.0479 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/08/28 12:40:19.0521 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/28 12:40:19.0567 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/28 12:40:19.0617 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/08/28 12:40:19.0687 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/28 12:40:19.0727 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/28 12:40:19.0745 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/28 12:40:19.0844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/08/28 12:40:19.0965 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/28 12:40:20.0075 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/28 12:40:20.0108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/08/28 12:40:20.0225 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/28 12:40:20.0295 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
2010/08/28 12:40:20.0351 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
2010/08/28 12:40:20.0409 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/28 12:40:20.0478 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
2010/08/28 12:40:20.0507 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
2010/08/28 12:40:20.0558 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/28 12:40:20.0626 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/08/28 12:40:20.0679 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/28 12:40:20.0771 \HardDisk0\MBR - detected Backdoor.Win32.Sinowal.knf (0)
2010/08/28 12:40:20.0774 ================================================================================
2010/08/28 12:40:20.0774 Scan finished
2010/08/28 12:40:20.0774 ================================================================================
2010/08/28 12:40:20.0784 Detected object count: 1
2010/08/28 12:40:27.0982 Backdoor.Win32.Sinowal.knf(\HardDisk0\MBR) - User select action: Skip
  • 0

#8
azarl
Posted 28 August 2010 - 10:53 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Come back to you on this shortly - I need to check something
  • 0

#9
azarl
Posted 28 August 2010 - 10:57 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts


************************************************************
IMPORTANT
************************************************************

This infection is of a backdoor type could allow hackers to remotely control your computer and steal critical system information including passwords.
I recommend you take the following steps immediately:
  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. Alos change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
More Information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let me know in your next response, otherwise I'll continue with instructions for cleaning.
  • 0

#10
strykerofchaos
Posted 28 August 2010 - 11:01 AM

strykerofchaos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I think it best I reformat my computer, which requires me to backup any necessary files etc correct?

If so,are there any file types I should avoid because they could potentially carry the Backdoor infection?
  • 0

#11
azarl
Posted 28 August 2010 - 11:15 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
You need to do a full destructive reformat as the MBR can be can carried over on to a new machine. Probably a good decision. Run TDSSKiller after you've reinstalled just o confirm that you've wiped the MBR

Cheers
  • 0

#12
azarl
Posted 06 September 2010 - 10:56 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP