[periwinkle]

I asked for assistance 7 days ago and was never answered. I posted a link as directed in the Waiting Room and was never answered there either. Both of my posts have been removed and I was not helped. What's going on??

I have been having issues with my Yahoo email account. Every few months it suddenly starts sending out spam. I have to change the password, then it's usually fine until a few more months go by. I don't know how this account keeps getting infected or what is happening. I also have a Hotmail account and this one has never been compromised. About 3 months ago, I kept changing the Yahoo password, but it kept sending out spam. Finally it stopped after changing the password three times. I never knew if it stopped because I changed the password or because that is how the malware works (if I do have malware). It's frustrating because I never know how it starts. I always make sure that Yahoo has the seal showing and the http reads https. I've tried contacting Yahoo, but that was a joke. I received no help at all. I might've received an autoreply, but nothing else. Recently, I found out my Yahoo account was sending out spam because I got autoreplies from some of my business contacts. Then I checked the sent box, and found several eamils I had not sent.

I will attach the OTL log again. I really don't understand why my post was removed without an explanation and no help whatsoever.

Attached Files

•  OTL 8-10-11.Txt   924.5KB   123 downloads

[Advertisements]

Hello periwinkle and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Sorry for delay. Please be adviced that we can only make sure that your PC is clean. If there is anything hiding we'll take care of it but beyond that we can't do much.

Step 1

You have more than one antivirus programs on your PC.

Avira and AVG

Please leave only one antivirus protection on your system and remove all other.

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Step 2

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A5 F7 A7 00 82 EA 48 41 98 D0 CE 22 8A 17 00 59 [binary data]
  [2011/08/08 18:12:59 | 000,000,000 | ---D | C] -- C:\230346b6b3760fbea0ecaee9
  
  :Reg
  [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
  "XMLHTTP_UUID_Default"=-
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 4

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

• Extract the zip file to its own folder.
• Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
• Click Start scan to start scanning.
• If infection is detected, the default setting for "action" should be Cure
  
  • (If suspicious file is detected please click on it and change it to Skip).
• Click Continue button
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 5

Please don't forget to include these items in your reply:

• OTL fix log
• GMER log
• TDSSKiller log

It would be helpful if you could post each log in separate post

[maliprog]

Hello periwinkle and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Sorry for delay. Please be adviced that we can only make sure that your PC is clean. If there is anything hiding we'll take care of it but beyond that we can't do much.

Step 1

You have more than one antivirus programs on your PC.

Avira and AVG

Please leave only one antivirus protection on your system and remove all other.

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Step 2

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A5 F7 A7 00 82 EA 48 41 98 D0 CE 22 8A 17 00 59 [binary data]
  [2011/08/08 18:12:59 | 000,000,000 | ---D | C] -- C:\230346b6b3760fbea0ecaee9
  
  :Reg
  [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
  "XMLHTTP_UUID_Default"=-
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 4

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

• Extract the zip file to its own folder.
• Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
• Click Start scan to start scanning.
• If infection is detected, the default setting for "action" should be Cure
  
  • (If suspicious file is detected please click on it and change it to Skip).
• Click Continue button
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 5

Please don't forget to include these items in your reply:

• OTL fix log
• GMER log
• TDSSKiller log

It would be helpful if you could post each log in separate post

[periwinkle]

Thank you Maliprog for your help. I appreciate your very organized and systematic way of instructing me how to deal with this issue . Here is the OTL log.



All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
C:\230346b6b3760fbea0ecaee9 folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\Users\Veronica\Downloads\cmd.bat deleted successfully.
c:\Users\Veronica\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Veronica
->Temp folder emptied: 17689529 bytes
->Temporary Internet Files folder emptied: 2750489 bytes
->Java cache emptied: 604402733 bytes
->FireFox cache emptied: 53310521 bytes
->Google Chrome cache emptied: 357826359 bytes
->Flash cache emptied: 16398 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36068 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 724618 bytes

Total Files Cleaned = 989.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Veronica
->Flash cache emptied: 40 bytes

Total Flash Files Cleaned = 0.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 08182011_050327

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[periwinkle]

I did the GMER scan, but the results file is empty. There is not a character in it. I even saved it twice, but there is nothing in either file.

[maliprog]

OK. That's fine. Please continue.

[periwinkle]

I performed the TDSKiller scan which took 19 seconds. Here is the report:

2011/08/18 06:20:28.0983 1200 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/18 06:20:29.0898 1200 ================================================================================
2011/08/18 06:20:29.0898 1200 SystemInfo:
2011/08/18 06:20:29.0898 1200
2011/08/18 06:20:29.0899 1200 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/18 06:20:29.0899 1200 Product type: Workstation
2011/08/18 06:20:29.0899 1200 ComputerName: VERONICA-PC
2011/08/18 06:20:29.0900 1200 UserName: Veronica
2011/08/18 06:20:29.0900 1200 Windows directory: C:\Windows
2011/08/18 06:20:29.0900 1200 System windows directory: C:\Windows
2011/08/18 06:20:29.0900 1200 Running under WOW64
2011/08/18 06:20:29.0900 1200 Processor architecture: Intel x64
2011/08/18 06:20:29.0900 1200 Number of processors: 4
2011/08/18 06:20:29.0900 1200 Page size: 0x1000
2011/08/18 06:20:29.0900 1200 Boot type: Normal boot
2011/08/18 06:20:29.0900 1200 ================================================================================
2011/08/18 06:20:31.0911 1200 Initialize success
2011/08/18 06:21:01.0125 3532 ================================================================================
2011/08/18 06:21:01.0125 3532 Scan started
2011/08/18 06:21:01.0125 3532 Mode: Manual;
2011/08/18 06:21:01.0125 3532 ================================================================================
2011/08/18 06:21:03.0630 3532 74385989 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\74385989.sys
2011/08/18 06:21:03.0720 3532 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/08/18 06:21:03.0832 3532 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/08/18 06:21:03.0905 3532 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/08/18 06:21:03.0960 3532 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/08/18 06:21:04.0003 3532 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/08/18 06:21:04.0098 3532 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/08/18 06:21:04.0187 3532 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/08/18 06:21:04.0255 3532 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/08/18 06:21:04.0303 3532 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/08/18 06:21:04.0339 3532 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/08/18 06:21:04.0372 3532 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/18 06:21:04.0501 3532 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/08/18 06:21:04.0541 3532 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/08/18 06:21:04.0597 3532 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/18 06:21:04.0655 3532 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/08/18 06:21:04.0835 3532 atikmdag (3471469d4a85564cdd72e4459d106f0b) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/18 06:21:05.0076 3532 AtiPcie (69eebb256503cded9bd0e9e43128c626) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/08/18 06:21:05.0202 3532 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/18 06:21:05.0292 3532 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/18 06:21:05.0384 3532 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/18 06:21:05.0464 3532 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/08/18 06:21:05.0544 3532 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/08/18 06:21:05.0593 3532 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/18 06:21:05.0639 3532 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/18 06:21:05.0679 3532 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/08/18 06:21:05.0769 3532 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/08/18 06:21:05.0817 3532 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/08/18 06:21:05.0854 3532 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/18 06:21:05.0894 3532 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/08/18 06:21:05.0943 3532 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/08/18 06:21:06.0021 3532 CAXHWBS2 (797c36e597f9fc4efd88e6e0e98abe37) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
2011/08/18 06:21:06.0081 3532 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/18 06:21:06.0130 3532 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/18 06:21:06.0194 3532 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/08/18 06:21:06.0247 3532 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/08/18 06:21:06.0360 3532 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/18 06:21:06.0395 3532 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/08/18 06:21:06.0433 3532 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/18 06:21:06.0539 3532 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/18 06:21:06.0634 3532 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/08/18 06:21:06.0703 3532 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/08/18 06:21:06.0785 3532 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/08/18 06:21:06.0847 3532 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/18 06:21:06.0952 3532 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/08/18 06:21:07.0128 3532 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/08/18 06:21:07.0233 3532 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/08/18 06:21:07.0310 3532 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/08/18 06:21:07.0474 3532 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/08/18 06:21:07.0575 3532 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/08/18 06:21:07.0634 3532 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/18 06:21:07.0701 3532 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/08/18 06:21:07.0748 3532 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/08/18 06:21:07.0779 3532 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/18 06:21:07.0836 3532 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/08/18 06:21:07.0938 3532 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/18 06:21:07.0992 3532 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/18 06:21:08.0080 3532 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/08/18 06:21:08.0201 3532 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/08/18 06:21:08.0280 3532 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/18 06:21:08.0405 3532 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/08/18 06:21:08.0435 3532 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/08/18 06:21:08.0506 3532 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/18 06:21:08.0578 3532 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/08/18 06:21:08.0651 3532 HSF_DPV (1e260b33f6555146a0b826f047238c00) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/08/18 06:21:08.0759 3532 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/08/18 06:21:08.0826 3532 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/08/18 06:21:08.0892 3532 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/18 06:21:08.0939 3532 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/08/18 06:21:09.0058 3532 IDSvia64 (5bff303b2edce7ebc133fb802be6cb13) C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20081023.002\IDSvia64.sys
2011/08/18 06:21:09.0116 3532 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/08/18 06:21:09.0223 3532 IntcAzAudAddService (e28d6b50a12bfa3df0bd7c31e19599f3) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/18 06:21:09.0313 3532 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/08/18 06:21:09.0348 3532 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/18 06:21:09.0420 3532 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/18 06:21:09.0508 3532 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/18 06:21:09.0562 3532 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/18 06:21:09.0619 3532 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/08/18 06:21:09.0655 3532 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/08/18 06:21:09.0719 3532 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/18 06:21:09.0770 3532 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/08/18 06:21:09.0819 3532 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/08/18 06:21:09.0893 3532 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/18 06:21:09.0928 3532 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/18 06:21:10.0001 3532 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/18 06:21:10.0069 3532 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/08/18 06:21:10.0179 3532 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
2011/08/18 06:21:10.0222 3532 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
2011/08/18 06:21:10.0281 3532 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/18 06:21:10.0366 3532 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/18 06:21:10.0402 3532 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/18 06:21:10.0471 3532 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/18 06:21:10.0520 3532 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/08/18 06:21:10.0602 3532 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/18 06:21:10.0652 3532 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/08/18 06:21:10.0730 3532 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/08/18 06:21:10.0817 3532 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/08/18 06:21:10.0867 3532 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/18 06:21:10.0901 3532 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/18 06:21:10.0951 3532 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/18 06:21:10.0992 3532 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/18 06:21:11.0053 3532 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/08/18 06:21:11.0104 3532 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/18 06:21:11.0150 3532 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/18 06:21:11.0207 3532 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/18 06:21:11.0259 3532 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/18 06:21:11.0308 3532 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/18 06:21:11.0361 3532 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/18 06:21:11.0404 3532 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/08/18 06:21:11.0438 3532 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/08/18 06:21:11.0518 3532 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/08/18 06:21:11.0564 3532 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/08/18 06:21:11.0675 3532 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/18 06:21:11.0730 3532 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/18 06:21:11.0777 3532 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/08/18 06:21:11.0826 3532 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/08/18 06:21:11.0900 3532 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/18 06:21:11.0945 3532 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/08/18 06:21:12.0074 3532 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/08/18 06:21:12.0164 3532 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/18 06:21:12.0251 3532 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/08/18 06:21:12.0352 3532 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/18 06:21:12.0387 3532 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/18 06:21:12.0435 3532 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/18 06:21:12.0486 3532 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/08/18 06:21:12.0553 3532 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/18 06:21:12.0616 3532 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/18 06:21:12.0769 3532 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/08/18 06:21:12.0827 3532 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/08/18 06:21:12.0883 3532 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/18 06:21:12.0970 3532 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/08/18 06:21:13.0066 3532 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/08/18 06:21:13.0127 3532 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/08/18 06:21:13.0166 3532 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/08/18 06:21:13.0224 3532 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/08/18 06:21:13.0379 3532 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/18 06:21:13.0496 3532 PAC7302 (d61b764b27bf05cccadcc5e1e7b73a21) C:\Windows\system32\DRIVERS\PAC7302.SYS
2011/08/18 06:21:13.0581 3532 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
2011/08/18 06:21:13.0641 3532 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/08/18 06:21:13.0694 3532 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/08/18 06:21:13.0757 3532 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2011/08/18 06:21:13.0814 3532 pcmcia (a2d6b9c3f532baa27cb0c158d8ef4da6) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/18 06:21:13.0900 3532 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/08/18 06:21:14.0056 3532 Pnp680 (608a144310828c21ddf745124b10f833) C:\Windows\system32\DRIVERS\pnp680.sys
2011/08/18 06:21:14.0147 3532 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/18 06:21:14.0216 3532 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
2011/08/18 06:21:14.0302 3532 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/18 06:21:14.0345 3532 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/08/18 06:21:14.0419 3532 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/08/18 06:21:14.0539 3532 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/08/18 06:21:14.0637 3532 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/18 06:21:14.0800 3532 R300 (3471469d4a85564cdd72e4459d106f0b) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/18 06:21:14.0896 3532 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/18 06:21:14.0971 3532 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/18 06:21:15.0037 3532 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/18 06:21:15.0080 3532 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/18 06:21:15.0142 3532 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/18 06:21:15.0216 3532 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/18 06:21:15.0277 3532 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/08/18 06:21:15.0347 3532 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/18 06:21:15.0409 3532 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/08/18 06:21:15.0524 3532 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/18 06:21:15.0579 3532 RTHDMIAzAudService (0328ffdf9d805723d0e420018136fa7b) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/08/18 06:21:15.0662 3532 RTL8187B (35f31f1aab9e16ae4b2d1d0f879f47ef) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/08/18 06:21:15.0732 3532 RTSTOR (15c2f0082d5e1ce5124eda4050e77986) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/08/18 06:21:15.0791 3532 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/18 06:21:15.0897 3532 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/18 06:21:15.0973 3532 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/18 06:21:16.0034 3532 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/18 06:21:16.0106 3532 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2011/08/18 06:21:16.0153 3532 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/08/18 06:21:16.0226 3532 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/08/18 06:21:16.0260 3532 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/18 06:21:16.0293 3532 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/18 06:21:16.0325 3532 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/08/18 06:21:16.0388 3532 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/08/18 06:21:16.0441 3532 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/08/18 06:21:16.0516 3532 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/08/18 06:21:16.0597 3532 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/08/18 06:21:16.0685 3532 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/08/18 06:21:16.0770 3532 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/18 06:21:16.0827 3532 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/18 06:21:16.0919 3532 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/18 06:21:16.0972 3532 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/08/18 06:21:17.0008 3532 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/08/18 06:21:17.0044 3532 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/08/18 06:21:17.0169 3532 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/08/18 06:21:17.0282 3532 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/18 06:21:17.0334 3532 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/18 06:21:17.0384 3532 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/08/18 06:21:17.0416 3532 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/08/18 06:21:17.0476 3532 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/18 06:21:17.0534 3532 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/18 06:21:17.0736 3532 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/18 06:21:17.0775 3532 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/18 06:21:17.0818 3532 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/18 06:21:17.0866 3532 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/08/18 06:21:17.0933 3532 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/18 06:21:18.0048 3532 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/18 06:21:18.0098 3532 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/08/18 06:21:18.0147 3532 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/08/18 06:21:18.0198 3532 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/08/18 06:21:18.0255 3532 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/18 06:21:18.0337 3532 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/18 06:21:18.0377 3532 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/08/18 06:21:18.0449 3532 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/18 06:21:18.0501 3532 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/18 06:21:18.0561 3532 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/18 06:21:18.0598 3532 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/18 06:21:18.0646 3532 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/18 06:21:18.0707 3532 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/18 06:21:18.0751 3532 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/18 06:21:18.0808 3532 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/18 06:21:18.0862 3532 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/08/18 06:21:18.0894 3532 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/08/18 06:21:18.0952 3532 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/08/18 06:21:19.0015 3532 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/08/18 06:21:19.0097 3532 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/08/18 06:21:19.0169 3532 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/08/18 06:21:19.0250 3532 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/08/18 06:21:19.0305 3532 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/18 06:21:19.0340 3532 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/18 06:21:19.0400 3532 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/08/18 06:21:19.0455 3532 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/18 06:21:19.0659 3532 winachsf (cbdeb4b3b5cf8c49acc221d45f1c50c1) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/08/18 06:21:19.0829 3532 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/18 06:21:19.0941 3532 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/18 06:21:19.0989 3532 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/18 06:21:20.0075 3532 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/18 06:21:20.0130 3532 XAudio (2f2ce5e47b014f52bc722ae28b19cbf3) C:\Windows\system32\DRIVERS\xaudio64.sys
2011/08/18 06:21:20.0202 3532 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/08/18 06:21:20.0290 3532 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
2011/08/18 06:21:20.0330 3532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/18 06:21:20.0525 3532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/08/18 06:21:20.0711 3532 Boot (0x1200) (b32e66cf87afc60cab6a39f009d9b0df) \Device\Harddisk2\DR2\Partition0
2011/08/18 06:21:20.0756 3532 Boot (0x1200) (bb2d808fbc904892d2321dffff16dc7d) \Device\Harddisk2\DR2\Partition1
2011/08/18 06:21:20.0783 3532 Boot (0x1200) (aa14911dadfa9d7a4931ecfa0abf15ae) \Device\Harddisk0\DR0\Partition0
2011/08/18 06:21:20.0822 3532 Boot (0x1200) (34b18263ba3bf227a94d5e18c7c6bd41) \Device\Harddisk1\DR1\Partition0
2011/08/18 06:21:20.0851 3532 ================================================================================
2011/08/18 06:21:20.0851 3532 Scan finished
2011/08/18 06:21:20.0851 3532 ================================================================================
2011/08/18 06:21:20.0896 0920 Detected object count: 0
2011/08/18 06:21:20.0897 0920 Actual detected object count: 0
2011/08/18 06:21:47.0907 2096 ================================================================================
2011/08/18 06:21:47.0908 2096 Scan started
2011/08/18 06:21:47.0908 2096 Mode: Manual;
2011/08/18 06:21:47.0908 2096 ================================================================================
2011/08/18 06:21:48.0348 2096 74385989 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\74385989.sys
2011/08/18 06:21:48.0397 2096 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/08/18 06:21:48.0475 2096 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/08/18 06:21:48.0525 2096 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/08/18 06:21:48.0557 2096 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/08/18 06:21:48.0616 2096 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/08/18 06:21:48.0683 2096 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/08/18 06:21:48.0732 2096 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/08/18 06:21:48.0784 2096 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/08/18 06:21:48.0818 2096 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/08/18 06:21:48.0857 2096 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/08/18 06:21:48.0893 2096 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/18 06:21:48.0963 2096 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/08/18 06:21:48.0992 2096 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/08/18 06:21:49.0042 2096 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/18 06:21:49.0093 2096 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/08/18 06:21:49.0260 2096 atikmdag (3471469d4a85564cdd72e4459d106f0b) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/18 06:21:49.0328 2096 AtiPcie (69eebb256503cded9bd0e9e43128c626) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/08/18 06:21:49.0406 2096 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/18 06:21:49.0453 2096 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/18 06:21:49.0496 2096 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/18 06:21:49.0552 2096 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/08/18 06:21:49.0601 2096 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/08/18 06:21:49.0648 2096 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/18 06:21:49.0677 2096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/18 06:21:49.0733 2096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/08/18 06:21:49.0782 2096 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/08/18 06:21:49.0807 2096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/08/18 06:21:49.0841 2096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/18 06:21:49.0907 2096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/08/18 06:21:49.0941 2096 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/08/18 06:21:50.0000 2096 CAXHWBS2 (797c36e597f9fc4efd88e6e0e98abe37) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
2011/08/18 06:21:50.0035 2096 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/18 06:21:50.0076 2096 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/18 06:21:50.0123 2096 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/08/18 06:21:50.0169 2096 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/08/18 06:21:50.0231 2096 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/18 06:21:50.0272 2096 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/08/18 06:21:50.0318 2096 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/18 06:21:50.0410 2096 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/18 06:21:50.0496 2096 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/08/18 06:21:50.0552 2096 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/08/18 06:21:50.0622 2096 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/08/18 06:21:50.0684 2096 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/18 06:21:50.0731 2096 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/08/18 06:21:50.0782 2096 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/08/18 06:21:50.0864 2096 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/08/18 06:21:50.0914 2096 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/08/18 06:21:51.0027 2096 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/08/18 06:21:51.0087 2096 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/08/18 06:21:51.0217 2096 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/18 06:21:51.0289 2096 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/08/18 06:21:51.0328 2096 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/08/18 06:21:51.0354 2096 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/18 06:21:51.0416 2096 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/08/18 06:21:51.0476 2096 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/18 06:21:51.0522 2096 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/18 06:21:51.0568 2096 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/08/18 06:21:51.0656 2096 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/08/18 06:21:51.0770 2096 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/18 06:21:51.0809 2096 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/08/18 06:21:51.0850 2096 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/08/18 06:21:51.0918 2096 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/18 06:21:51.0966 2096 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/08/18 06:21:52.0104 2096 HSF_DPV (1e260b33f6555146a0b826f047238c00) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/08/18 06:21:52.0196 2096 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/08/18 06:21:52.0264 2096 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/08/18 06:21:52.0304 2096 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/18 06:21:52.0345 2096 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/08/18 06:21:52.0456 2096 IDSvia64 (5bff303b2edce7ebc133fb802be6cb13) C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20081023.002\IDSvia64.sys
2011/08/18 06:21:52.0488 2096 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/08/18 06:21:52.0577 2096 IntcAzAudAddService (e28d6b50a12bfa3df0bd7c31e19599f3) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/18 06:21:52.0612 2096 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/08/18 06:21:52.0653 2096 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/18 06:21:52.0749 2096 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/18 06:21:52.0826 2096 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/18 06:21:52.0862 2096 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/18 06:21:52.0915 2096 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/08/18 06:21:52.0941 2096 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/08/18 06:21:52.0991 2096 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/18 06:21:53.0039 2096 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/08/18 06:21:53.0072 2096 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/08/18 06:21:53.0122 2096 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/18 06:21:53.0182 2096 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/18 06:21:53.0256 2096 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/18 06:21:53.0298 2096 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/08/18 06:21:53.0408 2096 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
2011/08/18 06:21:53.0442 2096 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
2011/08/18 06:21:53.0485 2096 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/18 06:21:53.0562 2096 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/18 06:21:53.0588 2096 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/18 06:21:53.0634 2096 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/18 06:21:53.0674 2096 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/08/18 06:21:53.0731 2096 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/18 06:21:53.0763 2096 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/08/18 06:21:53.0818 2096 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/08/18 06:21:53.0913 2096 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/08/18 06:21:53.0955 2096 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/18 06:21:53.0987 2096 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/18 06:21:54.0019 2096 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/18 06:21:54.0057 2096 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/18 06:21:54.0107 2096 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/08/18 06:21:54.0150 2096 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/18 06:21:54.0195 2096 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/18 06:21:54.0253 2096 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/18 06:21:54.0313 2096 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/18 06:21:54.0354 2096 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/18 06:21:54.0390 2096 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/18 06:21:54.0424 2096 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/08/18 06:21:54.0452 2096 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/08/18 06:21:54.0522 2096 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/08/18 06:21:54.0551 2096 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/08/18 06:21:54.0613 2096 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/18 06:21:54.0651 2096 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/18 06:21:54.0681 2096 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/08/18 06:21:54.0730 2096 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/08/18 06:21:54.0771 2096 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/18 06:21:54.0816 2096 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/08/18 06:21:54.0854 2096 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/08/18 06:21:54.0918 2096 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/18 06:21:54.0981 2096 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/08/18 06:21:55.0014 2096 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/18 06:21:55.0045 2096 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/18 06:21:55.0080 2096 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/18 06:21:55.0115 2096 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/08/18 06:21:55.0157 2096 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/18 06:21:55.0203 2096 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/18 06:21:55.0281 2096 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/08/18 06:21:55.0323 2096 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/08/18 06:21:55.0358 2096 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/18 06:21:55.0441 2096 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/08/18 06:21:55.0487 2096 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/08/18 06:21:55.0523 2096 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/08/18 06:21:55.0552 2096 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/08/18 06:21:55.0602 2096 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/08/18 06:21:55.0717 2096 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/18 06:21:55.0834 2096 PAC7302 (d61b764b27bf05cccadcc5e1e7b73a21) C:\Windows\system32\DRIVERS\PAC7302.SYS
2011/08/18 06:21:55.0918 2096 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
2011/08/18 06:21:55.0953 2096 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/08/18 06:21:55.0998 2096 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/08/18 06:21:56.0028 2096 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2011/08/18 06:21:56.0076 2096 pcmcia (a2d6b9c3f532baa27cb0c158d8ef4da6) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/18 06:21:56.0129 2096 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/08/18 06:21:56.0277 2096 Pnp680 (608a144310828c21ddf745124b10f833) C:\Windows\system32\DRIVERS\pnp680.sys
2011/08/18 06:21:56.0359 2096 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/18 06:21:56.0386 2096 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
2011/08/18 06:21:56.0455 2096 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/18 06:21:56.0499 2096 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/08/18 06:21:56.0563 2096 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/08/18 06:21:56.0603 2096 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/08/18 06:21:56.0725 2096 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/18 06:21:56.0918 2096 R300 (3471469d4a85564cdd72e4459d106f0b) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/18 06:21:57.0017 2096 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/18 06:21:57.0067 2096 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/18 06:21:57.0115 2096 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/18 06:21:57.0154 2096 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/18 06:21:57.0220 2096 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/18 06:21:57.0253 2096 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/18 06:21:57.0306 2096 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/08/18 06:21:57.0331 2096 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/18 06:21:57.0397 2096 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/08/18 06:21:57.0486 2096 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/18 06:21:57.0517 2096 RTHDMIAzAudService (0328ffdf9d805723d0e420018136fa7b) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/08/18 06:21:57.0575 2096 RTL8187B (35f31f1aab9e16ae4b2d1d0f879f47ef) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/08/18 06:21:57.0628 2096 RTSTOR (15c2f0082d5e1ce5124eda4050e77986) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/08/18 06:21:57.0678 2096 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/18 06:21:57.0793 2096 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/18 06:21:57.0852 2096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/18 06:21:57.0913 2096 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/18 06:21:57.0943 2096 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2011/08/18 06:21:57.0982 2096 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/08/18 06:21:58.0045 2096 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/08/18 06:21:58.0088 2096 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/18 06:21:58.0120 2096 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/18 06:21:58.0154 2096 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/08/18 06:21:58.0225 2096 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/08/18 06:21:58.0262 2096 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/08/18 06:21:58.0329 2096 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/08/18 06:21:58.0409 2096 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/08/18 06:21:58.0464 2096 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/08/18 06:21:58.0526 2096 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/18 06:21:58.0572 2096 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/18 06:21:58.0640 2096 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/18 06:21:58.0701 2096 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/08/18 06:21:58.0728 2096 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/08/18 06:21:58.0797 2096 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/08/18 06:21:59.0027 2096 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/08/18 06:21:59.0195 2096 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/18 06:21:59.0280 2096 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/18 06:21:59.0379 2096 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/08/18 06:21:59.0422 2096 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/08/18 06:21:59.0789 2096 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/18 06:21:59.0838 2096 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/18 06:21:59.0991 2096 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/18 06:22:00.0045 2096 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/18 06:22:00.0122 2096 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/18 06:22:00.0190 2096 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/08/18 06:22:00.0270 2096 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/18 06:22:00.0369 2096 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/18 06:22:00.0460 2096 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/08/18 06:22:00.0505 2096 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/08/18 06:22:00.0533 2096 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/08/18 06:22:00.0576 2096 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/18 06:22:00.0675 2096 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/18 06:22:00.0707 2096 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/08/18 06:22:00.0778 2096 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/18 06:22:00.0822 2096 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/18 06:22:00.0857 2096 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/18 06:22:00.0894 2096 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/18 06:22:00.0950 2096 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/18 06:22:00.0994 2096 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/18 06:22:01.0030 2096 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/18 06:22:01.0083 2096 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/18 06:22:01.0124 2096 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/08/18 06:22:01.0182 2096 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/08/18 06:22:01.0273 2096 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/08/18 06:22:01.0416 2096 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/08/18 06:22:01.0649 2096 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/08/18 06:22:01.0776 2096 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/08/18 06:22:02.0113 2096 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/08/18 06:22:02.0159 2096 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/18 06:22:02.0218 2096 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/18 06:22:02.0311 2096 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/08/18 06:22:02.0376 2096 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/18 06:22:02.0584 2096 winachsf (cbdeb4b3b5cf8c49acc221d45f1c50c1) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/08/18 06:22:02.0750 2096 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/18 06:22:02.0878 2096 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/18 06:22:02.0970 2096 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/18 06:22:03.0179 2096 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/18 06:22:03.0576 2096 XAudio (2f2ce5e47b014f52bc722ae28b19cbf3) C:\Windows\system32\DRIVERS\xaudio64.sys
2011/08/18 06:22:03.0799 2096 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/08/18 06:22:03.0869 2096 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
2011/08/18 06:22:03.0935 2096 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/18 06:22:04.0137 2096 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/08/18 06:22:04.0336 2096 Boot (0x1200) (b32e66cf87afc60cab6a39f009d9b0df) \Device\Harddisk2\DR2\Partition0
2011/08/18 06:22:04.0435 2096 Boot (0x1200) (bb2d808fbc904892d2321dffff16dc7d) \Device\Harddisk2\DR2\Partition1
2011/08/18 06:22:04.0552 2096 Boot (0x1200) (aa14911dadfa9d7a4931ecfa0abf15ae) \Device\Harddisk0\DR0\Partition0
2011/08/18 06:22:04.0599 2096 Boot (0x1200) (34b18263ba3bf227a94d5e18c7c6bd41) \Device\Harddisk1\DR1\Partition0
2011/08/18 06:22:04.0627 2096 ================================================================================
2011/08/18 06:22:04.0627 2096 Scan finished
2011/08/18 06:22:04.0627 2096 ================================================================================
2011/08/18 06:22:04.0678 6136 Detected object count: 0
2011/08/18 06:22:04.0678 6136 Actual detected object count: 0

[maliprog]

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan


Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information



On completion click the link to locate the zip file to upload and attach to your next post

[periwinkle]

I'm running the first Kaspersky scan - the automatic removal tool scan - and it's showing that it will take 1 day for this to complete!!! Maybe I should close my browser for a while?

There are several items that have come up as password protected.

Edited by periwinkle, 18 August 2011 - 02:00 PM.

[periwinkle]

Okay the first scan is finally finished! It's strange, as I selected all the boxes down to the C: drive, but for some reason the scan did all three hard drives I have on my computer. I had originally started the scan with all the drives selected, but then realized this might take too long. I may not have unchecked the boxes, but I really thought I did.

Here is the report for this first automatic scan:

Status: Deleted (events: 4)
8/19/2011 12:10:44 AM Deleted malware Packed.Multi.MultiPacked.gen K:\Documents and Settings\Shared\Games\mummy.maze.deluxe.1.1.keygen-tsrh.exe Medium
8/19/2011 12:15:07 AM Deleted virus HEUR:Trojan.Win32.Generic K:\Documents and Settings\Vero\Desktop\Norton setup.exe High
8/19/2011 12:54:41 AM Deleted malware Packed.Multi.MultiPacked.gen K:\Program Files\Mummy Maze\mummy.maze.deluxe.1.1.keygen-tsrh.exe Medium
8/19/2011 1:27:47 AM Deleted virus HEUR:Trojan.Win32.Generic K:\Program Files\Norton Internet\setup.exe High
Status: Disinfected (events: 4)
8/19/2011 12:12:06 AM Disinfected virus HEUR:Trojan.Win32.Generic K:\Documents and Settings\Vero\Desktop.zip/Desktop/Norton setup.exe High
8/19/2011 12:12:06 AM Disinfected virus HEUR:Trojan.Win32.Generic K:\Documents and Settings\Vero\Desktop.zip High
8/19/2011 12:51:11 AM Disinfected malware Packed.Multi.MultiPacked.gen K:\Program Files\Mummy Maze\Keygens\mummy.maze.deluxe.1.1.keygen-tsrh.zip/mummy.maze.deluxe.1.1.keygen-tsrh.exe Medium
8/19/2011 12:51:11 AM Disinfected malware Packed.Multi.MultiPacked.gen K:\Program Files\Mummy Maze\Keygens\mummy.maze.deluxe.1.1.keygen-tsrh.zip Medium

[periwinkle]

Here is the manual scan results. I also often get a strange notice from Avira saying: "Access to the file 'D:\Autorun.inf' was blocked for your security".


Results of system analysis

Kaspersky Virus Removal Tool 11.0.0.1245 (database released 18/08/2011; 14:20)
List of processes
File name PID Description Copyright MD5 Information
c:\program files (x86)\agi\core\4.2.0.10752\agcoreservice.exe
Script: Quarantine, Delete, BC delete, Terminate 1956 AGCoreService Copyright © AG Interactive 2008 ?? 20.00 kb, rsAh,
created: 15.02.2010 15:25:10,
modified: 26.01.2010 15:48:24
Command line:
"C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe"
c:\program files (x86)\avira\antivir desktop\avgnt.exe
Script: Quarantine, Delete, BC delete, Terminate 2996 Antivirus System Tray Tool Copyright © 2000 - 2010 Avira GmbH. All rights reserved. ?? 275.16 kb, rsAh,
created: 15.07.2010 02:12:04,
modified: 02.11.2010 16:57:21
Command line:
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
c:\program files (x86)\avira\antivir desktop\avguard.exe
Script: Quarantine, Delete, BC delete, Terminate 1128 Antivirus On-Access Service Copyright © 2000 - 2010 Avira GmbH. All rights reserved. ?? 263.16 kb, rsAh,
created: 15.07.2010 02:12:04,
modified: 28.06.2011 09:01:58
Command line:
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
avshadow.exe
Script: Quarantine, Delete, BC delete, Terminate 2160 ?? error getting file info
Command line:
HydraDM64.exe
Script: Quarantine, Delete, BC delete, Terminate 4844 ?? error getting file info
Command line:
wmpenc.exe
Script: Quarantine, Delete, BC delete, Terminate 5432 ?? error getting file info
Command line:
wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate 1572 ?? error getting file info
Command line:
wmpnscfg.exe
Script: Quarantine, Delete, BC delete, Terminate 3508 ?? error getting file info
Command line:
Detected:119, recognized as trusted 114
Module name Handle Description Copyright MD5 Used by processes
C:\Program Files (x86)\AGI\core\4.2.0.10752\agicore.dll
Script: Quarantine, Delete, BC delete 1942814720 agicore Copyright © AG Interactive 2008 -- 1956
C:\Program Files (x86)\AGI\core\4.2.0.10752\AutoUpdateServicePlugin.dll
Script: Quarantine, Delete, BC delete 1944256512 AutoUpdateServicePlugin Copyright © AG Interactive 2009 -- 1956
C:\Program Files (x86)\AGI\core\4.2.0.10752\FlashTrustServicePlugin.dll
Script: Quarantine, Delete, BC delete 1942749184 FlashTrustServicePlugin Copyright © AG Interactive 2009 -- 1956
C:\Program Files (x86)\AGI\core\4.2.0.10752\InstallLibrary.dll
Script: Quarantine, Delete, BC delete 1939865600 InstallLibrary Copyright © AG Interactive 2009 -- 1956
C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll
Script: Quarantine, Delete, BC delete 40173568 AntiVir Engine Module for Windows Copyright © 2011 Avira GmbH. All rights reserved. -- 1128
C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll
Script: Quarantine, Delete, BC delete 48365568 Avira AntiVir PersonalEdition Classic Master Resource File (English) Copyright © 2000 - 2010 Avira GmbH. All rights reserved. -- 2996
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\eb5ed48265c5035b75b76a847213c0bc\System.Xml.ni.dll
Script: Quarantine, Delete, BC delete 1918500864 .NET Framework © Microsoft Corporation. All rights reserved. -- 1956
Modules detected:438, recognized as trusted 431
Kernel Space Modules Viewer
Module Base address Size in memory Description Manufacturer
C:\Windows\System32\Drivers\dump_atapi.sys
Script: Quarantine, Delete, BC delete 6BD9000 008000 (32768)
C:\Windows\System32\Drivers\dump_dumpata.sys
Script: Quarantine, Delete, BC delete 6BCD000 00C000 (49152)
Modules detected - 153, recognized as trusted - 151
Services
Service Description Status File Group Dependencies
AGWinService
Service: Stop, Delete, Disable, BC delete AG Windows Service Not started C:\Program Files (x86)\AGI\common\win32\PythonService.exe
Script: Quarantine, Delete, BC delete
getPlusHelper
Service: Stop, Delete, Disable, BC delete getPlusHelper Not started getPlusHelper.sys
Script: Quarantine, Delete, BC delete
msiserver
Service: Stop, Delete, Disable, BC delete Windows Installer Not started C:\Windows\system32\msiexec
Script: Quarantine, Delete, BC delete rpcss
Detected - 147, recognized as trusted - 144
Drivers
Service Description Status File Group Dependencies
cpuz132
Driver: Unload, Delete, Disable, BC delete cpuz132 Not started C:\Users\Veronica\AppData\Local\Temp\cpuz132\cpuz132_x64.sys
Script: Quarantine, Delete, BC delete
EuMusDesignVirtualAudioCableWdm_lcs
Driver: Unload, Delete, Disable, BC delete Breakaway Pipeline (WDM) Not started C:\Windows\system32\DRIVERS\vaclcskd.sys
Script: Quarantine, Delete, BC delete
IpInIp
Driver: Unload, Delete, Disable, BC delete IP in IP Tunnel Driver Not started C:\Windows\system32\DRIVERS\ipinip.sys
Script: Quarantine, Delete, BC delete Tcpip
NwlnkFlt
Driver: Unload, Delete, Disable, BC delete IPX Traffic Filter Driver Not started C:\Windows\system32\DRIVERS\nwlnkflt.sys
Script: Quarantine, Delete, BC delete NwlnkFwd
NwlnkFwd
Driver: Unload, Delete, Disable, BC delete IPX Traffic Forwarder Driver Not started C:\Windows\system32\DRIVERS\nwlnkfwd.sys
Script: Quarantine, Delete, BC delete
Detected - 235, recognized as trusted - 230
Autoruns
File name Status Startup method Description
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Bonjour Service, EventMessageFile
C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\getPlusHelper\Parameters, ServiceDll
Delete
C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_USERS, S-1-5-21-2932777127-504153465-3726424614-1000\Software\Microsoft\Windows\CurrentVersion\Run, WMPNSCFG
Delete
C:\Users\Veronica\AppData\Local\Temp\_uninst_74385989.bat
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Users\Veronica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Veronica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_74385989.lnk,
C:\Users\Veronica\AppData\Local\Temp\_uninst_83594569.bat
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Users\Veronica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Veronica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_83594569.lnk,
C:\Users\Veronica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
Script: Quarantine, Delete, BC delete Active File in Autoruns folder C:\Users\Veronica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Veronica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk,
C:\WindowsSystem32\IoLogMsg.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vsmraid, EventMessageFile
C:\Windows\SysWOW64\ShellvRTF64.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {7F67036B-66F1-411A-AD85-759FB9C5B0DB}
Delete
C:\Windows\System32\igmpv2.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile
C:\Windows\System32\ipbootp.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile
C:\Windows\System32\iprip2.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile
C:\Windows\System32\ws03res.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP, EventMessageFile
C:\Windows\system32\psxss.exe
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
SDEvents.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2, EventMessageFile
rdpclip
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms
Delete
Autoruns items detected - 664, recognized as trusted - 649
Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)
File name Type Description Manufacturer CLSID
C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
Script: Quarantine, Delete, BC delete BHO {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Delete
URLSearchHook {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Delete
Elements detected - 4, recognized as trusted - 2
Windows Explorer extension modules
File name Destination Description Manufacturer CLSID
IE User Assist {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}
Delete
lnkfile {00020d75-0000-0000-c000-000000000046}
Delete
Color Control Panel Applet {b2c761c6-29bc-4f19-9251-e6195265baf1}
Delete
Add New Hardware {7A979262-40CE-46ff-AEEE-7884AC3B6136}
Delete
Get Programs Online {3e7efb4c-faf1-453d-89eb-56026875ef90}
Delete
Taskbar and Start Menu {0DF44EAA-FF21-4412-828E-260A8728E7F1}
Delete
ActiveDirectory Folder {1b24a030-9b20-49bc-97ac-1be4426f9e59}
Delete
ActiveDirectory Folder {34449847-FD14-4fc8-A75A-7432F5181EFB}
Delete
Sam Account Folder {C8494E42-ACDD-4739-B0FB-217361E4894F}
Delete
Sam Account Folder {E29F9716-5C08-4FCD-955A-119FDB5A522D}
Delete
Control Panel command object for Start menu {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
Delete
Default Programs command object for Start menu {E44E5D18-0652-4508-A4E2-8A090067BCB0}
Delete
Folder Options {6dfd7c5c-2451-11d3-a299-00c04f8ef6af}
Delete
Explorer Query Band {2C2577C2-63A7-40e3-9B7F-586602617ECB}
Delete
View Available Networks {38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b}
Delete
Contacts folder {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}
Delete
Problem Reports and Solutions {fcfeecae-ee1b-4849-ae50-685dcf7717ec}
Delete
Windows Firewall {4026492f-2f69-46b8-b9bf-5654fc07e423}
Delete
iSCSI Initiator {a304259d-52b8-4526-8b1a-a1d6cecc8243}
Delete
.cab or .zip files {911051fa-c21c-4246-b470-070cd8df6dc4}
Delete
Windows Search Shell Service {da67b8ad-e81b-4c70-9b91b417b5e33527}
Delete
Microsoft.ScannersAndCameras {00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}
Delete
emdmgmt.dll
Script: Quarantine, Delete, BC delete EMDFileProperties {BB6B2374-3D79-41DB-87F4-896C91846510}
Delete
Windows Sidebar Properties {37efd44d-ef8d-41b1-940d-96973a50e9e0}
Delete
Windows Features {67718415-c450-4f3c-bf8a-b487642dc39b}
Delete
Windows Defender {d8559eb9-20c0-410e-beda-7ed416aecc2a}
Delete
Mobility Center Control Panel {5ea4f148-308c-46d7-98a9-49041b1dd468}
Delete
C:\Program Files (x86)\Common Files\microsoft shared\ink\TipBand.dll
Script: Quarantine, Delete, BC delete Tablet PC Input Panel {15D633E2-AD00-465b-9EC7-F56B7CDF8E27}
Delete
User Accounts {7A9D77BD-5403-11d2-8785-2E0420524153}
Delete
C:\Windows\SysWOW64\ShellvRTF64.dll
Script: Quarantine, Delete, BC delete ShellViewRTF ShellvRTF Copyright © 2002-2005 {7F67036B-66F1-411A-AD85-759FB9C5B0DB}
Delete
ColumnHandler {0561EC90-CE54-4f0c-9C55-E226110A740C}
Delete
ColumnHandler {F9DB5320-233E-11D1-9F84-707F02C10627}
Delete
Elements detected - 283, recognized as trusted - 251
Printing system extensions (print monitors, providers)
File name Type Name Description Manufacturer
CNBLM3_2.DLL
Script: Quarantine, Delete, BC delete Monitor BJ Language Monitor3_2
E_ILMALA.DLL
Script: Quarantine, Delete, BC delete Monitor EPSON Stylus CX5800F Series 64MonitorBA
hpzlllhn.dll
Script: Quarantine, Delete, BC delete Monitor LIDIL hpzlllhn
inetpp.dll
Script: Quarantine, Delete, BC delete Provider HTTP Print Services
Elements detected - 9, recognized as trusted - 5
Task Scheduler jobs
File name Job name Job status Description Manufacturer
C:\Program Files (x86)\Driver Robot\1.2.0.5\DriverRobot.exe
Script: Quarantine, Delete, BC delete Driver Robot.job The task is ready to run at its next scheduled time.
Elements detected - 3, recognized as trusted - 2
SPI/LSP settings
Namespace providers (NSP)
Provider Status EXE file Description GUID
Detected - 6, recognized as trusted - 6
Transport protocol providers (TSP, LSP)
Provider EXE file Description
Detected - 10, recognized as trusted - 10
Results of automatic SPI settings check

LSP settings checked. No errors detected

TCP/UDP ports
Port Status Remote Host Remote Port Application Notes
TCP ports
UDP ports
Downloaded Program Files (DPF)
File name Description Manufacturer CLSID Source URL
Elements detected - 0, recognized as trusted - 0
Control Panel Applets (CPL)
File name Description Manufacturer
C:\Windows\system32\DivXControlPanelApplet.cpl
Script: Quarantine, Delete, BC delete DivX Control Panel © Copyright 2000 - 2009 DivX, Inc.
C:\Windows\system32\FlashPlayerCPLApp.cpl
Script: Quarantine, Delete, BC delete Adobe Flash Player Control Panel Applet Copyright © 1996-2010 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
Elements detected - 20, recognized as trusted - 18
Active Setup
File name Description Manufacturer CLSID
Elements detected - 9, recognized as trusted - 9
HOSTS file
Hosts file record

яю1

Clear Hosts file
Protocols and handlers
File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 14, recognized as trusted - 11
Suspicious objects
File Description Type
D:\autorun.inf
Script: Quarantine, Delete, BC delete Suspicion by Heuristic analysis HSC: suspicion for hidden autorun (high degree of probability)

Main script of analysis
Windows version: Windows Vista ™ Home Premium, Build=6002, SP="Service Pack 2"
System Restore: enabled
>>> D:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability)
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Disable HDD autorun
>> Disable autorun from network drives
>> Disable CD/DVD autorun
>> Disable removable media autorun
>> Windows Explorer - show extensions of known file types
System Analysis in progress

System Analysis - complete


Script commands

Add commands to script:

Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Registry cleanup after deleting files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry

Additional operations:

Performance tweaking: disable service TermService (@%SystemRoot%\System32\termsrv.dll,-268)
Performance tweaking: disable service SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
Performance tweaking: disable service Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries


File list

[maliprog]

So far I don't see any high level malware. Let's do one more scan to be sure.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[periwinkle]

Here is the Malware Bytes log:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7506

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/19/2011 5:24:16 AM
mbam-log-2011-08-19 (05-24-16).txt

Scan type: Quick scan
Objects scanned: 188762
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[maliprog]

Hi periwinkle,

Let's do deeper scan.

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
• Click the Report tab, then click Scan.
• Check Drivers, Stealth, and uncheck the rest.
• Click OK.
• Wait until it's finished and then go to File > Save Report.
• Save the report to your Desktop.
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

[periwinkle]

I was able to extract the file from the last 2 links, but when I tried to execute the file (open it), it would not run. I noticed that the information file said it is for 32 bit systems. I have Vista and run a 64 bit system. Perhaps there is another link for my system? I did a search, but I thought I'd ask before I install anything.

[maliprog]

It was my bad. I forget about your 64bit operating system. It's OK then. Don't run Rootkit UnHooker.

On the bottom of this I must say that your system appear clean. There is nothing hidden to remove. If you want to be sure nothing is "watching" your keyboard then check KeyScrambler. It will "encript" your keys while you are typing in Internet Explorer of Firefox.

We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

• Click Start, click Run, type sysdm.cpl, and then press ENTER.
• Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
• Click OK button

2. Delete Temp files

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.